Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KMS: Getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException with Java 17 #2767

Closed
gsinghlulu opened this issue May 23, 2022 · 3 comments
Closed

KMS: Getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException with Java 17 #2767

gsinghlulu opened this issue May 23, 2022 · 3 comments
Assignees
@debora-ito
Labels
bug This issue is a bug. closed-for-staleness response-requested Waiting on additional info or feedback. Will move to "closing-soon" in 5 days.

Comments

@gsinghlulu
Copy link

Describe the bug

When calling decrypt with private key that user do not have access to, getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException instead of AccessDeniedException.

Here's the stacktrace

com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Failed to call `setAccess()` on Method 'setCause' due to `java.lang.reflect.InaccessibleObjectException`, problem: Unable to make final void java.lang.Throwable.setCause(java.lang.Throwable) accessible: module java.base does not "opens java.lang" to unnamed module @129a8472
at [Source: UNKNOWN; byte offset: #UNKNOWN]
at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.DeserializationContext.reportBadDefinition(DeserializationContext.java:1904) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:268) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:642) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4805) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:4650) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2831) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper.treeToValue(ObjectMapper.java:3295) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.amazonaws.transform.JsonErrorUnmarshaller.unmarshall(JsonErrorUnmarshaller.java:61) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.doLegacyUnmarshall(JsonErrorResponseHandler.java:185) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.unmarshallException(JsonErrorResponseHandler.java:147) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.createException(JsonErrorResponseHandler.java:131) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.handle(JsonErrorResponseHandler.java:94) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.handle(JsonErrorResponseHandler.java:40) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:58) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:45) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:27) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1801) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:7223) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7190) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7179) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:1775) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:1744) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.llm.transactions.crypto.CipherProvider.buildCipher(CipherProvider.java:85) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.crypto.CipherProvider.getCipher(CipherProvider.java:69) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.decryptor.ATGCreateOrderDecryptor.decryptATGOrderData(ATGCreateOrderDecryptor.java:66) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.service.DynamoDBService.saveOrderInfo(DynamoDBService.java:57) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.streams.processor.RetryableCreateOrderStreamProcessor.retryPostPurchaseTopic(RetryableCreateOrderStreamProcessor.java:124) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.streams.processor.RetryableCreateOrderStreamProcessor.process(RetryableCreateOrderStreamProcessor.java:70) ~[classes!/:stage-112adf1-683]
at org.apache.kafka.streams.processor.internals.ProcessorNode.process(ProcessorNode.java:146) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forwardInternal(ProcessorContextImpl.java:253) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forward(ProcessorContextImpl.java:232) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forward(ProcessorContextImpl.java:191) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.SourceNode.process(SourceNode.java:84) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamTask.lambda$process$1(StreamTask.java:731) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.metrics.StreamsMetricsImpl.maybeMeasureLatency(StreamsMetricsImpl.java:769) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamTask.process(StreamTask.java:731) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.TaskManager.process(TaskManager.java:1193) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.runOnce(StreamThread.java:753) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.runLoop(StreamThread.java:583) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.run(StreamThread.java:555) ~[kafka-streams-3.0.0.jar!/:na]
2022-05-10 11:37:42.780 ERROR 1 --- [-StreamThread-1] c.l.t.decryptor.ATGCreateOrderDecryptor : KAFKA_ATG_STREAM_LISTENER_ERROR Error while decrypting the data. ErrorOrderNumber=pv15056760210
com.amazonaws.AmazonServiceException: Unable to unmarshall exception response with the unmarshallers provided (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 9b4cc746-7a66-4d31-8edc-3f8f3d477464; Proxy: null)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:7223) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7190) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7179) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:1775) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:1744) ~[aws-java-sdk-kms-1.11.997.jar!/:na]

Using following version
Java 17
com.amazonaws:aws-java-sdk-kms:jar:1.11.997
com.fasterxml.jackson.core:jackson-databind:jar:2.13.1

Expected Behavior

Expecting AccessDeniedException to be thrown

Current Behavior

throwing com.fasterxml.jackson.databind.exc.InvalidDefinitionException

Reproduction Steps

Use a encrypted string that is encrypted using a private key inaccessible to he user

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

1.11.997

JDK version used

17

Operating System and version

Any
@gsinghlulu gsinghlulu added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 23, 2022
@gsinghlulu
Copy link
Author

Seems like a jackson issue, but wondering if it can be workaround.
FasterXML/jackson-databind#3275

@debora-ito
Copy link
Member

@gsinghlulu is this still an issue with the SDK? I see a fix for FasterXML/jackson-databind#3275 was made.

@debora-ito debora-ito removed the needs-triage This issue or PR still needs to be triaged. label Jun 21, 2022
@debora-ito debora-ito self-assigned this Jun 21, 2022
@debora-ito debora-ito added the response-requested Waiting on additional info or feedback. Will move to "closing-soon" in 5 days. label Jun 21, 2022
@github-actions
Copy link

It looks like this issue has not been active for more than five days. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please add a comment to prevent automatic closure, or if the issue is already closed please feel free to reopen it.

@github-actions github-actions bot added closing-soon This issue will close in 2 days unless further comments are made. closed-for-staleness and removed closing-soon This issue will close in 2 days unless further comments are made. labels Jun 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@debora-ito debora-ito

Labels
bug This issue is a bug. closed-for-staleness response-requested Waiting on additional info or feedback. Will move to "closing-soon" in 5 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@debora-ito @gsinghlulu