Reg-client error Certificate path trust validation failed

Hi @All

I run reg-client and I follow the tutorial to integrate Mock-MDS with reg-client

but when I start reg-client I get this error:

2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of ROOT Trust Found: 0
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of INTERMEDIATE Trust Found: 0
2023-01-05 18:08:49,706 ERROR [pool-5-thread-1] i.m.r.m.s.i.MosipDeviceSpecificationHelper : REG - REGISTRATION - Failed to decode device info - io.mosip.registration.exception.DeviceException: REG-MDM-108 --> Certificate path trust validation failed
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationHelper.validateJWTResponse(MosipDeviceSpecificationHelper.java:133)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationHelper.getDeviceInfoDecoded(MosipDeviceSpecificationHelper.java:107)
at io.mosip.registration.mdm.sbi.spec_1_0.service.impl.MosipDeviceSpecification_SBI_1_0_ProviderImpl.getMdmDevices(MosipDeviceSpecification_SBI_1_0_ProviderImpl.java:113)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy211.getMdmDevices(Unknown Source)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory.initByPort(MosipDeviceSpecificationFactory.java:206)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory$1.run(MosipDeviceSpecificationFactory.java:124)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source) 2023-01-05 18:08:49,706 ERROR [pool-5-thread-1] i.m.r.m.s.s.s.i.MosipDeviceSpecification_SBI_1_0_ProviderImpl : REGISTRATION - REG - Exception while parsing deviceinfo response(SBI 1_0 spec) - java.lang.NullPointerException
at io.mosip.registration.mdm.sbi.spec_1_0.service.impl.MosipDeviceSpecification_SBI_1_0_ProviderImpl.getBioDevice(MosipDeviceSpecification_SBI_1_0_ProviderImpl.java:337)
at io.mosip.registration.mdm.sbi.spec_1_0.service.impl.MosipDeviceSpecification_SBI_1_0_ProviderImpl.getMdmDevices(MosipDeviceSpecification_SBI_1_0_ProviderImpl.java:115)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy211.getMdmDevices(Unknown Source)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory.initByPort(MosipDeviceSpecificationFactory.java:206)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory$1.run(MosipDeviceSpecificationFactory.java:124)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source) 2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_092_ProviderImpl : MosipDeviceSpecification_092_ProviderImpl - REGISTRATION - REG - received device info response on port : 4501
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_092_ProviderImpl : MosipDeviceSpecification_092_ProviderImpl - REGISTRATION - REG - parsing device info response to 092 dto
2023-01-05 18:08:49,706 ERROR [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_092_ProviderImpl : REGISTRATION - REG - Exception while parsing deviceinfo response(092 spec) - com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "errorCode" (class io.mosip.registration.mdm.spec_0_9_2.dto.response.Error), not marked as ignorable (2 known properties: "errorcode", "errorinfo"])
at [Source: (String)"[{"deviceInfo":"eyJ4NWMiOlsiTUlJRit6Q0NBK09nQXdJQkFnSUJCVEFOQmdrcWhraUc5dzBCQVFzRkFEQmdNUXN3Q1FZRFZRUUdFd0pVVGpFT01Bd0dBMVVFQ0F3RmRIVnVhWE14RGpBTUJnTlZCQWNNQlhSMWJtbHpNUTh3RFFZRFZRUUtEQVpTVDAxTlJGTXhEekFOQmdOVkJBc01CbEpQVFUxRVV6RVBNQTBHQTFVRUF3d0dVazlOVFVSVE1CNFhEVEl6TURFd05UQTVNamN3TjFvWERUSTBNREV3TlRBNU1qY3dOMW93V2pFTE1Ba0dBMVVFQmhNQ1ZFNHhEakFNQmdOVkJBZ01CWFIxYm1sek1RNHdEQVlEVlFRSERBVjBkVzVwY3pFTk1Bc0dBMVVFQ2d3RVJrRkRSVEVOTUFzR0ExVUVDd3dFUmtGRFJURU5NQXNHQTFVRUF3d0VSa0ZEUlRDQ0FpSXdEUVlKS29aSWh2"[truncated 26228 chars]; line: 1, column: 8884] (through reference chain: java.util.ArrayList[0]->io.mosip.registration.mdm.spec_0_9_2.dto.response.MdmDeviceInfoResponse["error"]->io.mosip.registration.mdm.spec_0_9_2.dto.response.Error["errorCode"])
at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:840)
at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1192)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1592)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1570)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:294)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:151)
at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:129)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:288)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:151)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:286)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:245)
at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:27)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4202)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3205)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3188)
at io.mosip.registration.mdm.spec_0_9_2.service.impl.MosipDeviceSpecification_092_ProviderImpl.getMdmDevices(MosipDeviceSpecification_092_ProviderImpl.java:105)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy211.getMdmDevices(Unknown Source)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory.initByPort(MosipDeviceSpecificationFactory.java:206)
at io.mosip.registration.mdm.service.impl.MosipDeviceSpecificationFactory$1.run(MosipDeviceSpecificationFactory.java:124)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source) 2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_095_ProviderImpl : MosipDeviceSpecification_095_ProviderImpl - REGISTRATION - REG - received device info response on port : 4501
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.r.m.s.s.i.MosipDeviceSpecification_095_ProviderImpl : MosipDeviceSpecification_095_ProviderImpl - REGISTRATION - REG - parsing device info response to 095 dto
2023-01-05 18:08:49,706 INFO [pool-5-thread-1] i.m.k.s.s.i.SignatureServiceImpl : SignatureSessionId - JWTSignature - - Certificate found in JWT Header.
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Certificate Trust Path Validation.
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Certificate Trust Path Validation for domain: DEVICE
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Certificate Trust Path Validation for domain: DEVICE
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of ROOT Trust Found: 0
2023-01-05 18:08:49,708 INFO [pool-5-thread-1] i.m.k.p.s.i.PartnerCertificateManagerServiceImpl : pcSessionId - CertTrustPathValidation - - Total Number of INTERMEDIATE Trust Found: 0

Thanks for help

Hello @kamiri

Based on the logs,

Total Number of ROOT Trust Found: 0
Total Number of INTERMEDIATE Trust Found: 0

seems like CA certificates are not synced to reg-client.

points to check:

  1. Is MDS onboarded as a Device provider?
  2. Is device provider certificates available in master.ca_cert_store table?
  3. what is the value in “domain” column in master.ca_cert_store table?

Hi @Anusha_sunkadh

Thanks for the reply

  1. Is MDS onboarded as a Device provider?
  • Yes is onboarded
  1. Is device provider certificates available in master.ca_cert_store table?
  • No, that is not the case
  1. what is the value in “domain” column in master.ca_cert_store table?
  • I upload the certificate manually to master.ca_cert_store table and the value in partner_domain is “DEVICE”

After fill in the table master.ca_cert_store table manually the reg-client now can see the MDS.

PS: After checking the PMS, I saw that it can’t connect with the websub.

@Anusha_sunkadh is it possible that this error occurred because of websub?