Resident manage my vid

sathwikasj · July 22, 2024, 10:56am

In resident manage my vid, while try to download vid card getting download in progress.

HarikrishnaReddy · July 22, 2024, 11:02am

@Kamesh , please can you respond on this.

Kamesh · July 22, 2024, 11:09am

@sathwikasj It seems credentials not issued.

SELECT credential_request_id FROM resident.resident_transaction x
WHERE event_id ='Your event id'

Can you please execute this script in resident db. Then you will get credential id Please check it’s status. if it’s stuck at issued stage . Please check in digital card service logs for any errors.

sathwikasj · July 22, 2024, 11:23am

Iam not getting any response after excecting the above script.

Kamesh · July 22, 2024, 11:33am

SELECT aid FROM resident.resident_transaction x

WHERE event_id ='your event id'

can you please try this script in resident db

Kamesh · July 22, 2024, 11:34am

@sathwikasj please check for the same event id you are seeing for vid card download for other event id credential request id will not come.

sathwikasj · July 22, 2024, 12:04pm

Please find the VID card download event id details

in credential for above request status is showing failed.

Kamesh · July 22, 2024, 12:20pm

It seems some issue with Data share service or credential service. Please share both logs or check any errors in these 2 services.

sathwikasj · July 22, 2024, 12:46pm

Logs of datashare
{“@timestamp”:“2024-07-22T11:45:25.143Z”,“@version”:“1”,“message”:"SESSIONID - PARTNERID - mpartner-default-digitalcard - EncryptionUtil::encryptData():: error with error messageio.mosip.datashare.exception.DataEncryptionFailureException: DAT-SER-001 → Not allowed to generate new key pair for other domains or not allowed to generate base key.\n\tat io.mosip.datashare.util.EncryptionUtil.encryptData(EncryptionUtil.java:106)\n\tat io.mosip.datashare.service.impl.DataShareServiceImpl.createDataShare(DataShareServiceImpl.java:148)\n\tat jdk.internal.reflect.GeneratedMethodAccessor190.invoke(Unknown Source)\n\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\n\tat org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:223)\n\tat org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:494)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)\n\tat org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)\n\tat io.mosip.datashare.service.impl.DataShareServiceImpl$$EnhancerBySpringCGLIB$$b781b527.createDataShare()\n\tat io.mosip.datashare.controller.DataShareController.createDataShare(DataShareController.java:76)\n\tat io.mosip.datashare.controller.DataShareController$$FastClassBySpringCGLIB$$607e77f6.invoke()\n\tat org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)\n\tat org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)\n\tat org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69)\n\tat org.springframework.ao

rdHostValve.java:139)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:615)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1627)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\n",“logger_name”:“io.mosip.datashare.util.EncryptionUtil”,“thread_name”:“http-nio-8097-exec-3”,“level”:“ERROR”,“level_value”:40000,“appName”:“application,data-share”,“traceId”:“5061fa893848b673fb11ca4a82bffe82”,“spanExportable”:“false”,“req.requestURI”:“/v1/datashare/create/mpolicy-default-PDFCard/mpartner-default-digitalcard”,“X-Span-Export”:“false”,“X-B3-ParentSpanId”:“800a60db53282ef0”,“req.method”:“POST”,“parentId”:“800a60db53282ef0”,“req.userAgent”:“Apache-HttpClient/4.5.6 (Java/11.0.16)”,“spanId”:“9765904a49f8c54c”,“X-B3-SpanId”:“9765904a49f8c54c”,“X-B3-TraceId”:“5061fa893848b673fb11ca4a82bffe82”,“req.remoteHost”:“127.0.0.6”,“req.requestURL”:“http://datashare.datashare/v1/datashare/create/mpolicy-default-PDFCard/mpartner-default-digitalcard”}

sathwikasj · July 22, 2024, 12:48pm

Logs for credential service
{“@timestamp”:“2024-07-22T12:10:20.559Z”,“@version”:“1”,“message”:“service-account-mosip-crereq-client - REQUEST_ID - 10002103870001220240722120626-PDF - DAT-SER-001 → Not allowed to generate new key pair for other domains or not allowed to generate base key.”,“logger_name”:“io.mosip.credentialstore.util.DataShareUtil”,“thread_name”:“http-nio-8095-exec-5”,“level”:“ERROR”,“level_value”:40000,“appName”:“credential-service,id-repository,application”,“req.requestURI”:“/v1/credentialservice/issue”,“traceId”:“5dde30b73aa193aa21a61dfa435f180a”,“spanExportable”:“true”,“X-Span-Export”:“true”,“X-B3-ParentSpanId”:“21a61dfa435f180a”,“req.method”:“POST”,“req.userAgent”:“Apache-HttpClient/4.5.6 (Java/11.0.16)”,“parentId”:“21a61dfa435f180a”,“spanId”:“c3ffad2b36345eaf”,“X-B3-SpanId”:“c3ffad2b36345eaf”,“X-B3-TraceId”:“5dde30b73aa193aa21a61dfa435f180a”,“req.remoteHost”:“127.0.0.6”,“req.requestURL”:“http://credential.idrepo/v1/credentialservice/issue”}

lterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat brave.servlet.TracingFilter.doFilter(TracingFilter.java:86)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)\n\tat io.mosip.kernel.core.logger.config.SleuthValve.invoke(SleuthValve.java:36)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:615)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1627)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.base/java.util.concurr

ent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\n",“logger_name”:“io.mosip.credentialstore.util.DataShareUtil”,“thread_name”:“http-nio-8095-exec-5”,“level”:“ERROR”,“level_value”:40000,“appName”:“credential-service,id-repository,application”,“req.requestURI”:“/v1/credentialservice/issue”,“traceId”:“5dde30b73aa193aa21a61dfa435f180a”,“spanExportable”:“true”,“X-Span-Export”:“true”,“X-B3-ParentSpanId”:“21a61dfa435f180a”,“req.method”:“POST”,“req.userAgent”:“Apache-HttpClient/4.5.6 (Java/11.0.16)”,“parentId”:“21a61dfa435f180a”,“spanId”:“c3ffad2b36345eaf”,“X-B3-SpanId”:“c3ffad2b36345eaf”,“X-B3-TraceId”:“5dde30b73aa193aa21a61dfa435f180a”,“req.remoteHost”:“127.0.0.6”,“req.requestURL”:“http://credential.idrepo/v1/credentialservice/issue”}

Mon, Jul 22 2024 5:40:20 pm{“@timestamp”:“2024-07-22T12:10:20.561Z”,“@version”:“1”,“message”:“”,“logger_name”:“io.mosip.kernel.core.retry.RetryListenerImpl”,“thread_name”:“http-nio-8095-exec-5”,“level”:“ERROR”,“level_value”:40000,“stack_trace”:"io.mosip.credentialstore.exception.DataShareException: IDR-CRS-011 → Datashare response is null; \nnested exception is io.mosip.credentialstore.exception.DataShareException: IDR-CRS-011 → Datashare response is null\n\tat io.mosip.credentialstore.util.DataShareUtil.getDataShare(DataShareUtil.java:142)\n\tat io.mosip.credentialstore.util.DataShareUtil$$FastClassBySpringCGLIB$$77084ded.invoke()\n\tat org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)\n\tat org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)\n\tat org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:91)\n\tat org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:287)\n\tat org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:164)\n\tat org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:118)\n\tat org.springframework.retry.annotation.AnnotationAwareRetryOperationsInterceptor.invoke(AnnotationAwareRetryOperationsInterceptor.java:152)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)\n\tat org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)\n\tat io.mosip.credentialstore.util.DataShareUtil$$EnhancerBySpringCGLIB$$3ff90562.getDataShare()\n\tat io.mosip.credentialstore.service.impl.CredentialStoreServiceImpl.createCredentialIssuance(CredentialStoreServiceImpl.java:200)\n\tat io.mosip.credentialstore.controller.CredentialStoreCon

ramework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:48)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat brave.servlet.TracingFilter.doFilter(TracingFilter.java:86)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)\n\tat io.mosip.kernel.core.logger.config.SleuthValve.invoke(SleuthValve.java:36)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:615)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)\n\tat org.apache.tomcat.

Kamesh · July 23, 2024, 9:31am

github.com

mosip/durian/blob/caf21d0b2deb39feb55c1e2a1fef947ef23e7186/data-share/data-share-service/src/main/java/io/mosip/datashare/util/EncryptionUtil.java#L106


      
          			request.setRequest(cryptomanagerRequestDto);

          			cryptomanagerRequestDto.setTimeStamp(localdatetime);

          			String response = restUtil.postApi(ApiName.CRYPTOMANAGER_ENCRYPT, null, "", "",

          					MediaType.APPLICATION_JSON, request, String.class);

          

          			CryptomanagerResponseDto responseObject = mapper.readValue(response,

          					CryptomanagerResponseDto.class);

          

          			if (responseObject != null && responseObject.getErrors() != null && !responseObject.getErrors().isEmpty()) {

          				ServiceError error = responseObject.getErrors().get(0);

          				throw new DataEncryptionFailureException(error.getMessage());

          			}

          			encryptedPacket = responseObject.getResponse().getData().getBytes();

          			LOGGER.info(LoggerFileConstant.SESSIONID.toString(), LoggerFileConstant.PARTNERID.toString(), partnerId,

          					"Encryption done successfully");

          			LOGGER.debug(LoggerFileConstant.SESSIONID.toString(), LoggerFileConstant.PARTNERID.toString(),

          					partnerId, "EncryptionUtil::encryptData()::exit");

          		} catch (IOException e) {

          			LOGGER.error(LoggerFileConstant.SESSIONID.toString(), LoggerFileConstant.PARTNERID.toString(),

          					partnerId,

          					"EncryptionUtil::encryptData():: error with error message" + ExceptionUtils.getStackTrace(e));

@sathwikasj It’s failing while encryption. can you please tell which version of keymanager, data share, mosip-config, resident service and credential service you have deployed.

sathwikasj · July 23, 2024, 9:51am

keymanager-1.2.0.1

Datashare-1.2.0.1

Mosipconfig-1.2.0.1 config but updated resident 1.2.1.0 related changes

Resident service-1.2.1.0

Credential service-1.2.1.0

sathwikasj · July 23, 2024, 10:00am

We have deployed env from 1.2.0.1 mosip-infra tag on top there resident was not working, so after the 1.2.1.0 resident release we have deployed that in 1.2.0.1 infra and updated the config related changes and service related (image) changes

Kamesh · July 23, 2024, 11:01am

github.com

mosip/keymanager/blob/5cd763b205612bb8c1d99f62808d2267b4368af5/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java#L288


      
          					String.valueOf(currentKeyAlias.size()),
          					"CurrentKeyAlias size is zero. Will create new Keypair for this applicationId, referenceId and timestamp");
          			List<KeyAlias> keyAlias = keyAliasMap.get(KeymanagerConstant.KEYALIAS);
          			if (!keyAlias.isEmpty()) {
          				keyAlias.forEach(innerAlias -> {
          					String ksAlias = innerAlias.getAlias();
          					Optional<io.mosip.kernel.keymanagerservice.entity.KeyStore> keyFromDBStore = dbHelper.getKeyStoreFromDB(ksAlias);
          					String masterKeyAlias = keyFromDBStore.get().getMasterAlias();
          					String privateKeyObj = keyFromDBStore.get().getPrivateKey();
          
          					if (ksAlias.equals(masterKeyAlias) || privateKeyObj.equals(KeymanagerConstant.KS_PK_NA)) {
          						LOGGER.error(KeymanagerConstant.SESSIONID, KeymanagerConstant.APPLICATIONID, null,
          								"Not Allowed to generate New Key Pair for other domains (Partner Certificate might have expired).");
          						throw new KeymanagerServiceException(KeymanagerErrorConstant.GENERATION_NOT_ALLOWED.getErrorCode(),
          								KeymanagerErrorConstant.GENERATION_NOT_ALLOWED.getErrorMessage());
          					}
          				});
          			}
          			if (applicationId.equalsIgnoreCase(KeymanagerConstant.ROOT)){
          				LOGGER.error(KeymanagerConstant.SESSIONID, KeymanagerConstant.APPLICATIONID, null,
          								"Not Allowed to generate Base Key for Root Key.");

@sathwikasj Main error is
Not allowed to generate new key pair for other domains or not allowed to generate base key.
So it coming from above code of keymanager.
So it seems partner certificate is expired. or key of partners not matching.

Kamesh · July 23, 2024, 11:07am

SELECT cert_thumbprint FROM ida.key_alias x where ref_id ='your partner id'
@sathwikasj you can execute above query You can check partner id .
Execute above query in ida db.

SELECT x.* FROM keymgr.key_alias x

WHERE cert_thumbprint ='your thumbprint'

What ever thumbprint you got please check same in key manager db . if it matches then fine otherwise there is some issue with partner onboarding check partner onboarding report. Or run partner onbarding again.

sathwikasj · July 23, 2024, 12:08pm

We are having below attached entries in ida keyalias table please guide me which entry needs for query.

Kamesh · July 23, 2024, 12:56pm

@sathwikasj please search for refid mpartner-default-auth and find cert thumbprint

sathwikasj · July 24, 2024, 4:18am

Thumbprint of both ida keyalias table and keymanager tables are same.

Kamesh · July 25, 2024, 5:25am

@sathwikasj have you checked cert expiry date ? whether it is expired or not.

sathwikasj · July 25, 2024, 5:33am

This is the fresh deployment i have done 20days back. Its not expired.

Topic		Replies	Views
A 404 error is returned when downloading credentials onto the inji application Developer android , inji	15	262	December 1, 2023
Not Able to Download Card Support android	12	209	July 22, 2024
Inji Web local setup	5	98	July 22, 2024
Error when requesting for otp from id-authenticaion after clicking the inji get card button Developer android , inji	6	194	November 16, 2023
Getting error while downloading certificate	2	18	October 9, 2024

Resident manage my vid

Related Topics