Reg-client error Certificate path trust validation failed

kamiri · January 9, 2023, 10:07am

Hi @All

I run reg-client and I follow the tutorial to integrate Mock-MDS with reg-client

but when I start reg-client I get this error:

2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of ROOT Trust Found: 0
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of INTERMEDIATE Trust Found: 0
2023-01-05 18:08:49,706 ERROR [pool-5-thread-1] i.m.r.m.s.i.MosipDeviceSpecificationHelper : REG - REGISTRATION - Failed to decode device info - io.mosip.registration.exception.DeviceException: REG-MDM-108 --> Certificate path trust validation failed
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationHelper.validateJWTResponse(MosipDeviceSpecificationHelper.java:133)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationHelper.getDeviceInfoDecoded(MosipDeviceSpecificationHelper.java:107)
at io.mosip.registration.mdm.sbi.spec_1_0.service.impl.MosipDeviceSpecification_SBI_1_0_ProviderImpl.getMdmDevices(MosipDeviceSpecification_SBI_1_0_ProviderImpl.java:113)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy211.getMdmDevices(Unknown Source)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory.initByPort(MosipDeviceSpecificationFactory.java:206)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory$1.run(MosipDeviceSpecificationFactory.java:124)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source) 2023-01-05 18:08:49,706 ERROR [pool-5-thread-1] i.m.r.m.s.s.s.i.MosipDeviceSpecification_SBI_1_0_ProviderImpl : REGISTRATION - REG - Exception while parsing deviceinfo response(SBI 1_0 spec) - java.lang.NullPointerException
at io.mosip.registration.mdm.sbi.spec_1_0.service.impl.MosipDeviceSpecification_SBI_1_0_ProviderImpl.getBioDevice(MosipDeviceSpecification_SBI_1_0_ProviderImpl.java:337)
at io.mosip.registration.mdm.sbi.spec_1_0.service.impl.MosipDeviceSpecification_SBI_1_0_ProviderImpl.getMdmDevices(MosipDeviceSpecification_SBI_1_0_ProviderImpl.java:115)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy211.getMdmDevices(Unknown Source)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory.initByPort(MosipDeviceSpecificationFactory.java:206)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory$1.run(MosipDeviceSpecificationFactory.java:124)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source) 2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_092_ProviderImpl : MosipDeviceSpecification_092_ProviderImpl - REGISTRATION - REG - received device info response on port : 4501
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_092_ProviderImpl : MosipDeviceSpecification_092_ProviderImpl - REGISTRATION - REG - parsing device info response to 092 dto
2023-01-05 18:08:49,706 ERROR [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_092_ProviderImpl : REGISTRATION - REG - Exception while parsing deviceinfo response(092 spec) - com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "errorCode" (class io.mosip.registration.mdm.spec_0_9_2.dto.response.Error), not marked as ignorable (2 known properties: "errorcode", "errorinfo"])
at [Source: (String)"[{"deviceInfo":"eyJ4NWMiOlsiTUlJRit6Q0NBK09nQXdJQkFnSUJCVEFOQmdrcWhraUc5dzBCQVFzRkFEQmdNUXN3Q1FZRFZRUUdFd0pVVGpFT01Bd0dBMVVFQ0F3RmRIVnVhWE14RGpBTUJnTlZCQWNNQlhSMWJtbHpNUTh3RFFZRFZRUUtEQVpTVDAxTlJGTXhEekFOQmdOVkJBc01CbEpQVFUxRVV6RVBNQTBHQTFVRUF3d0dVazlOVFVSVE1CNFhEVEl6TURFd05UQTVNamN3TjFvWERUSTBNREV3TlRBNU1qY3dOMW93V2pFTE1Ba0dBMVVFQmhNQ1ZFNHhEakFNQmdOVkJBZ01CWFIxYm1sek1RNHdEQVlEVlFRSERBVjBkVzVwY3pFTk1Bc0dBMVVFQ2d3RVJrRkRSVEVOTUFzR0ExVUVDd3dFUmtGRFJURU5NQXNHQTFVRUF3d0VSa0ZEUlRDQ0FpSXdEUVlKS29aSWh2"[truncated 26228 chars]; line: 1, column: 8884] (through reference chain: java.util.ArrayList[0]->io.mosip.registration.mdm.spec_0_9_2.dto.response.MdmDeviceInfoResponse["error"]->io.mosip.registration.mdm.spec_0_9_2.dto.response.Error["errorCode"])
at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:840)
at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1192)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1592)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1570)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:294)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:151)
at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:129)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:288)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:151)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:286)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:245)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:27)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4202)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3205)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3188)
at io.mosip.registration.mdm.spec_0_9_2.service.impl.MosipDeviceSpecification_092_ProviderImpl.getMdmDevices(MosipDeviceSpecification_092_ProviderImpl.java:105)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy211.getMdmDevices(Unknown Source)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory.initByPort(MosipDeviceSpecificationFactory.java:206)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory$1.run(MosipDeviceSpecificationFactory.java:124)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source) 2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_095_ProviderImpl : MosipDeviceSpecification_095_ProviderImpl - REGISTRATION - REG - received device info response on port : 4501
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_095_ProviderImpl : MosipDeviceSpecification_095_ProviderImpl - REGISTRATION - REG - parsing device info response to 095 dto
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.k.s.s.i.SignatureServiceImpl : SignatureSessionId - JWTSignature - - Certificate found in JWT Header.
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Certificate Trust Path Validation.
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Certificate Trust Path Validation for domain: DEVICE
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Certificate Trust Path Validation for domain: DEVICE
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of ROOT Trust Found: 0
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of INTERMEDIATE Trust Found: 0

Thanks for help

Anusha_sunkadh · January 10, 2023, 8:22am

Hello @kamiri

Based on the logs,

Total Number of ROOT Trust Found: 0
Total Number of INTERMEDIATE Trust Found: 0

seems like CA certificates are not synced to reg-client.

points to check:

Is MDS onboarded as a Device provider?
Is device provider certificates available in master.ca_cert_store table?
what is the value in “domain” column in master.ca_cert_store table?

kamiri · January 10, 2023, 11:55am

Hi @Anusha_sunkadh

Thanks for the reply

Is MDS onboarded as a Device provider?

Yes is onboarded

Is device provider certificates available in master.ca_cert_store table?

No, that is not the case

what is the value in “domain” column in master.ca_cert_store table?

I upload the certificate manually to master.ca_cert_store table and the value in partner_domain is “DEVICE”

After fill in the table master.ca_cert_store table manually the reg-client now can see the MDS.

PS: After checking the PMS, I saw that it can’t connect with the websub.

gsasikumar · January 10, 2023, 1:18pm

@Anusha_sunkadh is it possible that this error occurred because of websub?

Anusha_sunkadh · February 3, 2023, 9:26am

Yes Sasi,

As PMS was not able to connect to websub, cert-uploaded events were not published to syncdata-service.

PMS health check should have failed if it’s not able to connect to websub.
@kamiri - Did the health check pass for PMS?

kamiri · February 3, 2023, 10:27am

Hi @Anusha_sunkadh
Yes The health check pass for PMS and can connect to websub

Anusha_sunkadh · February 7, 2023, 5:11pm

Hello @kamiri

With PMS and websub connection being fine now, Do you still see an issue with CA certificates sync to master.ca_cert_store table?

kamiri · February 8, 2023, 10:17am

Hi @Anusha_sunkadh

Yes, I still have the problem but the script to fill the data in the database pms.auth_policy, we should take care of datashare url in cloumn policy_file_id.

Thank you

Topic		Replies	Views
The downoladed reg-client canno't find Mock MDS regclient	2	361	December 7, 2022
RegClient (Error in mock biometric authentication) regclient	8	320	April 19, 2023
Tutorial on how to setup the environment for configuring mock-MDS? Support regclient	57	1637	September 29, 2023
Mock MDS is not Running	11	290	October 18, 2023
MOCK MDS Setup and Integration with the deployment Platform	1	424	December 8, 2022

Reg-client error Certificate path trust validation failed

Related Topics