Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPE with 500 when generating zosmf token with client certificate authentication #3944

Open
richard-salac opened this issue Jan 13, 2025 · 0 comments
Open

NPE with 500 when generating zosmf token with client certificate authentication #3944

richard-salac opened this issue Jan 13, 2025 · 0 comments
Labels
bug Verified defect in functionality Priority: High size/S

Comments

@richard-salac
Copy link
Contributor

Describe the bug

When integration test org.zowe.apiml.integration.zaas.ZosmfTokensTest.WhenGeneratingZosmfTokens_returnValidZosmfToken#givenX509Certificate
is executed in negative scenario - with a client certificate that is trusted, but not mapped to a user, a NPE occurs resulting in 500 return code.

Steps to Reproduce

  1. Prepare a trusted certificate, that is not mapped to a user.
  2. Update the environment configuration to use trusted, but unmapped certificate
  3. Run the integration test

Expected behavior
401 is expected

Logs

				2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.JwtAuthSourceService)) Getting JWT token from request.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.JwtAuthSourceService)) JWT token not found in request.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.PATAuthSourceService)) Getting JWT token from request.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.PATAuthSourceService)) JWT token not found in request.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.OIDCAuthSourceService)) Getting JWT token from request.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.OIDCAuthSourceService)) JWT token not found in request.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Getting X509 client certificate from custom attribute 'client.auth.X509Certificate'.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Validating X509 client certificate.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) X509 client certificate found in request.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.DefaultAuthSourceService)) Authentication request towards the southbound service /zaas/scheme/zosmf using the auth source CLIENT_CERT
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Parsing X509 client certificate.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-
                0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Validating X509 client certificate.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.m.NativeMapper)) CertificateResponse(userId=, rc=-1, errno=143, errno2=318833740)
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Validating X509 client certificate.
                2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.s.s.w.FilterChainProxy)) Secured POST /zaas/scheme/zosmf
                2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.l.Providers)) z/OSMF registered with the Discovery Service and propagated to ZAAS: true
                2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.TokenCreationService)) ZOSMF is available and used. Attempt to authenticate with PassTicket
                2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.TokenCreationService)) Generating PassTicket for user: null and ZOSMF applid: IZUDFLT
                2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.z.ZaasExceptionHandler)) Unexpected internal error
                java.lang.NullPointerException: Cannot invoke "java.lang.String.toUpperCase()" because "userId" is null
                	at org.zowe.apiml.passticket.PassTicketService.generate(PassTicketService.java:50)
                	at org.zowe.apiml.zaas.security.service.TokenCreationService.generatePassTicket(TokenCreationService.java:105)
                	at org.zowe.apiml.zaas.security.service.TokenCreationService.createZosmfTokensWithoutCredentials(TokenCreationService.java:76)
                	at org.zowe.apiml.zaas.security.service.zosmf.ZosmfService.exchangeAuthenticationForZosmfToken(ZosmfService.java:244)
                	at jdk.internal.reflect.GeneratedMethodAccessor85.invoke(Unknown Source)

Details

  • Version and build number: v3
  • Test environment: miniplex

Additional context
Found during miniplex setup for integration tests
@richard-salac richard-salac added bug Verified defect in functionality new New issue that has not been worked on yet labels Jan 13, 2025
@balhar-jakub balhar-jakub added Priority: High size/S and removed new New issue that has not been worked on yet labels Jan 15, 2025
@balhar-jakub balhar-jakub moved this from New to Unplanned Bugs in API Mediation Layer Backlog Management Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Verified defect in functionality Priority: High size/S
Projects
API Mediation Layer Backlog Management
Status: Unplanned Bugs
Milestone
No milestone
Development

No branches or pull requests
2 participants
@balhar-jakub @richard-salac