[OPENIDM-14205] Exception caught marshalling a SynchronizationEvent for requests made with CLIENT_CERT authentication Created: 13/Dec/19  Updated: 13/Oct/20  Resolved: 14/Sep/20

Status: Closed
Project: OpenIDM
Component/s: Module - Authentication, Module - Core mapping, synchronization, reconciliation
Affects Version/s: 7.0.0, 6.5.0.2
Fix Version/s: 7.0.0, 6.5.1.0

Type: Bug Priority: Major
Reporter: Yinyan Cao Assignee: Chris Drake
Resolution: Fixed Votes: 0
Labels: CLARK, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File log0.gz    
Issue Links:
Depends
Regression
is caused by CHF-210 Serialized ClientContext generates in... Resolved
Target Version/s:
Verified Version/s:
Story Points: 2
Sprint: 2019.17 - IDM
Support Ticket IDs:
Zendesk ID: 45514

 Description   

To reproduce this issue:

1.  Set up CLIENT_CERT authentication for a user such as jdoe@example.com, https://backstage.forgerock.com/docs/idm/6.5/integrators-guide/#auth-client-cert. Add openidm-admin role to the user.

2. Set up a mapping from managed/user to csv connector. Enable queued sync on the mapping.

3. Create a new user using CLIENT_CERT authentication

curl --insecure --cert-type PEM --cert /opt/fg/cc/jdoecert.pem --key /opt/fg/cc/jdoekey.pem --key-type PEM  \
 --header "Content-Type: application/json" \
 --header "X-Requested-With: curl" \
 --request POST \
 --data '{
    "userName":"test4",
    "sn":"user",
    "givenName":"test4",
    "mail": "test4@example.com"
  }' \
"https://localhost:18244/openidm/managed/user?_action=create"

4. Queued sync fails with

[172] Dec 13, 2019 11:23:40.889 AM org.forgerock.openidm.sync.impl.queue.SynchronizationQueueConsumer handleResource
SEVERE: Exception caught marshalling a SynchronizationEvent from the repo. ...
java.lang.IllegalArgumentException: Cannot construct instance of `org.forgerock.openidm.sync.SynchronizationEvent`, problem: Failed to instantiate class: org.forgerock.http.routing.UriRouterContext
 at [Source: UNKNOWN; line: -1, column: -1]
	at com.fasterxml.jackson.databind.ObjectMapper._convert(ObjectMapper.java:3751)
	at com.fasterxml.jackson.databind.ObjectMapper.convertValue(ObjectMapper.java:3669)
	at org.forgerock.openidm.sync.SynchronizationEvent.newSynchronizationEvent(SynchronizationEvent.java:466)
	at org.forgerock.openidm.sync.impl.queue.SynchronizationQueueConsumer.handleResource(SynchronizationQueueConsumer.java:156)
    ...
Caused by: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of `org.forgerock.openidm.sync.SynchronizationEvent`, problem: Failed to instantiate class: org.forgerock.http.routing.UriRouterContext
 at [Source: UNKNOWN; line: -1, column: -1]
	at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67)
	at com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:1608)
	at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.wrapAsJsonMappingException(StdValueInstantiator.java:484)
	at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.rewrapCtorProblem(StdValueInstantiator.java:503)
	at com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.createFromObjectWith(StdValueInstantiator.java:285)
	at com.fasterxml.jackson.databind.deser.ValueInstantiator.createFromObjectWith(ValueInstantiator.java:229)
	at com.fasterxml.jackson.databind.deser.impl.PropertyBasedCreator.build(PropertyBasedCreator.java:195)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:422)
	at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1287)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:326)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159)
	at com.fasterxml.jackson.databind.ObjectMapper._convert(ObjectMapper.java:3746)
	... 164 more
...
Caused by: java.lang.IllegalArgumentException: Unable to instantiate Context implementation class 'org.forgerock.services.context.TransactionIdContext'
	at org.forgerock.services.context.AbstractContext.load0(AbstractContext.java:135)
	at org.forgerock.services.context.AbstractContext.<init>(AbstractContext.java:122)
	at org.forgerock.caf.authentication.framework.MessageContextImpl.<init>(MessageContextImpl.java:55)
	... 239 more
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.forgerock.services.context.AbstractContext.load0(AbstractContext.java:133)
	... 241 more
Caused by: java.lang.IllegalArgumentException: Unable to instantiate Context implementation class 'org.forgerock.services.context.ClientContext'
	at org.forgerock.services.context.AbstractContext.load0(AbstractContext.java:135)
	at org.forgerock.services.context.AbstractContext.<init>(AbstractContext.java:122)
	at org.forgerock.services.context.TransactionIdContext.<init>(TransactionIdContext.java:39)
	... 246 more
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.GeneratedConstructorAccessor72.newInstance(Unknown Source)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.forgerock.services.context.AbstractContext.load0(AbstractContext.java:133)
	... 248 more
Caused by: java.lang.IllegalStateException: Unable to deserialize certificates
	at org.forgerock.services.context.ClientContext.<init>(ClientContext.java:236)
	... 252 more
Caused by: java.security.cert.CertificateException: java.io.IOException: Incomplete data
	at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:358)
	at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462)
	at org.forgerock.services.context.ClientContext.<init>(ClientContext.java:233)
	... 252 more
Caused by: java.io.IOException: Incomplete data
	at sun.security.provider.X509Factory.readOneBlock(X509Factory.java:586)
	at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:449)
	at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:356)
	... 254 more	   


 Comments   
Comment by Chris Drake [ 08/Jan/20 ]

IDM has been updated to use Commons 26.0.0-20200107124020-cff6dea which includes the fix for CHF-210.

Comment by Travis Haagen [ 17/Jul/20 ]

Verified OK for 7.0.x

Naren Koganti/Yinyan Cao: This was never backported to forgerock-commons 24.x branch for 6.5.x. Please see if still needed.

Comment by Lana Frost [ 23/Jul/20 ]

Reopening to add to release notes

Comment by Michal Orlik [ 13/Oct/20 ]

 Reproduced on 6.5.0.4, verified OK 6.5.1.0-68794df0c9

Generated at Sat Mar 06 01:33:08 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.