Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-11787

_action=createFullConfig throws 500 Unable to find encryption key

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0
    • Fix Version/s: 6.5.0
    • Component/s: Module - Cryptography
    • Labels:
    • Environment:

      OpenIDM 6.5.0-SNAPSHOT (5c1add2)
      OpenDJ 6.5.0-SNAPSHOT (4ce3bdbd7c1)
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      1
    • Sprint:
      OpenIDM Sprint 6.5-9

      Description

      After OPENIDM-11433 was merged, we started to have issues with `_action=createFullConfig`

      To reproduce

      1. try to create full config for e.g. scriptedrest
        curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --data '{"connectorRef": {"displayName": "Scripted REST Connector", "bundleVersion": "1.5.1.0-SNAPSHOT", "systemType": "provisioner.openicf", "bundleName": "org.forgerock.openicf.connectors.scriptedrest-connector", "connectorName": "org.forgerock.openicf.connectors.scriptedrest.ScriptedRESTConnector", "ConnectorHostRef": "#LOCAL"}, "poolConfigOption": {"maxObjects": 10, "maxIdle": 10, "maxWait": 150000, "minEvictableIdleTimeMillis": 120000, "minIdle": 1}, "resultsHandlerConfig": {"enableNormalizingResultsHandler": false, "enableFilteredResultsHandler": false, "enableCaseInsensitiveFilter": false, "enableAttributesToGetSearchResultsHandler": true}, "operationTimeout": {"CREATE": -1, "UPDATE": -1, "DELETE": -1, "TEST": -1, "SCRIPT_ON_CONNECTOR": -1, "SCRIPT_ON_RESOURCE": -1, "GET": -1, "RESOLVEUSERNAME": -1, "AUTHENTICATE": -1, "SEARCH": -1, "VALIDATE": -1, "SYNC": -1, "SCHEMA": -1}, "configurationProperties": {"customSensitiveConfiguration": null, "createScriptFileName": "CreateScript.groovy", "targetDirectory": null, "customizerScriptFileName": "CustomizerScript.groovy", "warningLevel": 1, "authenticateScriptFileName": "AuthenticateScript.groovy", "scriptExtensions": ["groovy"], "scriptOnResourceScriptFileName": "ScriptOnResourceScript.groovy", "minimumRecompilationInterval": 100, "deleteScriptFileName": "DeleteScript.groovy", "scriptBaseClass": null, "scriptRoots": ["samples/scripted-rest-with-dj/tools"], "customConfiguration": null, "resolveUsernameScriptFileName": "ResolveUsernameScript.groovy", "searchScriptFileName": "SearchScript.groovy", "tolerance": 10, "updateScriptFileName": "UpdateScript.groovy", "debug": false, "classpath": [], "disabledGlobalASTTransformations": null, "schemaScriptFileName": "SchemaScript.groovy", "verbose": false, "testScriptFileName": "TestScript.groovy", "sourceEncoding": "UTF-8", "syncScriptFileName": "SyncScript.groovy", "recompileGroovySource": false, "username": "idm", "password": "password", "serviceAddress": "http://localhost:8090", "proxyAddress": null, "defaultAuthMethod": "BASIC_PREEMPTIVE", "defaultContentType": "application/json", "defaultRequestHeaders": null}}' --request POST "http://localhost:8080/openidm/system?_action=createFullConfig"
        {"code":500,"reason":"Internal Server Error","message":"Unable to find encryption key"}
        

      OpenIDM logs

      WARNING: Resource exception: 500 Internal Server Error: "Unable to find encryption key"
      org.forgerock.json.resource.InternalServerErrorException: Unable to find encryption key
      	at org.forgerock.openidm.provisioner.openicf.impl.ConnectorInfoProviderService.createSystemConfiguration(ConnectorInfoProviderService.java:668)
      	at org.forgerock.openidm.provisioner.openicf.impl.ConnectorInfoProviderService.generateConnectorFullConfig(ConnectorInfoProviderService.java:417)
      	at org.forgerock.openidm.provisioner.api.SystemObjectSetService.actionInstance(SystemObjectSetService.java:392)
      	at org.forgerock.json.resource.InterfaceSingletonHandler.handleAction(InterfaceSingletonHandler.java:26)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:251)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:251)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.lambda$filterAction$0(DelegatedAdminFilter.java:177)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:258)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:222)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.filterRequest(DelegatedAdminFilter.java:252)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.filterAction(DelegatedAdminFilter.java:177)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.audit.filter.AuditFilter.lambda$filterAction$0(AuditFilter.java:113)
      	at org.forgerock.openidm.audit.filter.AuditFilter.logAuditAccessEntry(AuditFilter.java:169)
      	at org.forgerock.openidm.audit.filter.AuditFilter.filterAction(AuditFilter.java:113)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.lambda$filterAction$0(ServletConnectionFactory.java:379)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.handleRequestWithLogging(ServletConnectionFactory.java:436)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.filterAction(ServletConnectionFactory.java:379)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.router.filter.PassthroughFilter.filterAction(PassthroughFilter.java:42)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.router.filter.PassthroughFilter.filterAction(PassthroughFilter.java:42)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:226)
      	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:29)
      	at org.forgerock.json.resource.AbstractConnectionWrapper.actionAsync(AbstractConnectionWrapper.java:74)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.lambda$actionAsync$11(ServletConnectionFactory.java:357)
      	at org.forgerock.openidm.metrics.MetricsCollector.time(MetricsCollector.java:112)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.time(ServletConnectionFactory.java:292)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.actionAsync(ServletConnectionFactory.java:357)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:136)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:82)
      	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:177)
      	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:128)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:258)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:247)
      	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:713)
      	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:619)
      	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:281)
      	at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:146)
      	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.routing.Router.handle(Router.java:100)
      	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openidm.auth.ProfileEnhancementCheckFilter.filter(ProfileEnhancementCheckFilter.java:149)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openidm.auth.LoginCountFilter.filter(LoginCountFilter.java:63)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:258)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:247)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
      	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
      	at org.forgerock.openidm.auth.AuthFilterWrapper.filter(AuthFilterWrapper.java:87)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:252)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
      	at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:83)
      	at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:301)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:309)
      	at com.sun.proxy.$Proxy70.doFilter(Unknown Source)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      	at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:257)
      	at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:220)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:309)
      	at com.sun.proxy.$Proxy70.doFilter(Unknown Source)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:276)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      	at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
      	at org.eclipse.jetty.server.Server.handle(Server.java:499)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
      	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: org.forgerock.json.crypto.JsonCryptoException: Unable to find encryption key
      	at org.forgerock.openidm.crypto.impl.CryptoServiceImpl.lambda$selectEncryptionKeyByAlias$2(CryptoServiceImpl.java:347)
      	at java.util.Optional.orElseThrow(Optional.java:290)
      	at org.forgerock.openidm.crypto.impl.CryptoServiceImpl.selectEncryptionKeyByAlias(CryptoServiceImpl.java:347)
      	at org.forgerock.openidm.crypto.impl.CryptoServiceImpl.getEncryptor(CryptoServiceImpl.java:143)
      	at org.forgerock.openidm.crypto.impl.CryptoServiceImpl.encrypt(CryptoServiceImpl.java:174)
      	at org.forgerock.openidm.provisioner.openicf.commons.ConnectorUtil.convertFromConfigurationProperty(ConnectorUtil.java:540)
      	at org.forgerock.openidm.provisioner.openicf.commons.ConnectorUtil.setConfigurationProperties(ConnectorUtil.java:494)
      	at org.forgerock.openidm.provisioner.openicf.commons.ConnectorUtil.createSystemConfigurationFromAPIConfiguration(ConnectorUtil.java:640)
      	at org.forgerock.openidm.provisioner.openicf.impl.ConnectorInfoProviderService.createSystemConfiguration(ConnectorInfoProviderService.java:664)
      	... 112 more
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                whitney.hunter Whitney Hunter [X] (Inactive)
                Reporter:
                michal.orlik@profiq.cz Michal Orlik
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: