Skip to content

KMS: Getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException with Java 17 #2767

Closed
Closed
KMS: Getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException with Java 17#2767
Assignees
debora-ito
Labels
bugThis issue is a bug.closed-for-stalenessresponse-requestedWaiting on additional info or feedback. Will move to "closing-soon" in 5 days.
@gsinghlulu

Description

@gsinghlulu
gsinghlulu
opened on May 23, 2022

Describe the bug

When calling decrypt with private key that user do not have access to, getting com.fasterxml.jackson.databind.exc.InvalidDefinitionException instead of AccessDeniedException.

Here's the stacktrace

com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Failed to call `setAccess()` on Method 'setCause' due to `java.lang.reflect.InaccessibleObjectException`, problem: Unable to make final void java.lang.Throwable.setCause(java.lang.Throwable) accessible: module java.base does not "opens java.lang" to unnamed module @129a8472
at [Source: UNKNOWN; byte offset: #UNKNOWN]
at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.DeserializationContext.reportBadDefinition(DeserializationContext.java:1904) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:268) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:642) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4805) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:4650) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2831) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.fasterxml.jackson.databind.ObjectMapper.treeToValue(ObjectMapper.java:3295) ~[jackson-databind-2.13.1.jar!/:2.13.1]
at com.amazonaws.transform.JsonErrorUnmarshaller.unmarshall(JsonErrorUnmarshaller.java:61) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.doLegacyUnmarshall(JsonErrorResponseHandler.java:185) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.unmarshallException(JsonErrorResponseHandler.java:147) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.createException(JsonErrorResponseHandler.java:131) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.handle(JsonErrorResponseHandler.java:94) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.JsonErrorResponseHandler.handle(JsonErrorResponseHandler.java:40) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:58) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:45) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:27) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1801) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:7223) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7190) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7179) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:1775) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:1744) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.llm.transactions.crypto.CipherProvider.buildCipher(CipherProvider.java:85) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.crypto.CipherProvider.getCipher(CipherProvider.java:69) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.decryptor.ATGCreateOrderDecryptor.decryptATGOrderData(ATGCreateOrderDecryptor.java:66) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.service.DynamoDBService.saveOrderInfo(DynamoDBService.java:57) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.streams.processor.RetryableCreateOrderStreamProcessor.retryPostPurchaseTopic(RetryableCreateOrderStreamProcessor.java:124) ~[classes!/:stage-112adf1-683]
at com.llm.transactions.streams.processor.RetryableCreateOrderStreamProcessor.process(RetryableCreateOrderStreamProcessor.java:70) ~[classes!/:stage-112adf1-683]
at org.apache.kafka.streams.processor.internals.ProcessorNode.process(ProcessorNode.java:146) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forwardInternal(ProcessorContextImpl.java:253) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forward(ProcessorContextImpl.java:232) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.ProcessorContextImpl.forward(ProcessorContextImpl.java:191) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.SourceNode.process(SourceNode.java:84) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamTask.lambda$process$1(StreamTask.java:731) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.metrics.StreamsMetricsImpl.maybeMeasureLatency(StreamsMetricsImpl.java:769) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamTask.process(StreamTask.java:731) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.TaskManager.process(TaskManager.java:1193) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.runOnce(StreamThread.java:753) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.runLoop(StreamThread.java:583) ~[kafka-streams-3.0.0.jar!/:na]
at org.apache.kafka.streams.processor.internals.StreamThread.run(StreamThread.java:555) ~[kafka-streams-3.0.0.jar!/:na]
2022-05-10 11:37:42.780 ERROR 1 --- [-StreamThread-1] c.l.t.decryptor.ATGCreateOrderDecryptor : KAFKA_ATG_STREAM_LISTENER_ERROR Error while decrypting the data. ErrorOrderNumber=pv15056760210
com.amazonaws.AmazonServiceException: Unable to unmarshall exception response with the unmarshallers provided (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 9b4cc746-7a66-4d31-8edc-3f8f3d477464; Proxy: null)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) ~[aws-java-sdk-core-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:7223) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7190) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:7179) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:1775) ~[aws-java-sdk-kms-1.11.997.jar!/:na]
at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:1744) ~[aws-java-sdk-kms-1.11.997.jar!/:na]

Using following version
Java 17
com.amazonaws:aws-java-sdk-kms:jar:1.11.997
com.fasterxml.jackson.core:jackson-databind:jar:2.13.1

Expected Behavior

Expecting AccessDeniedException to be thrown

Current Behavior

throwing com.fasterxml.jackson.databind.exc.InvalidDefinitionException

Reproduction Steps

Use a encrypted string that is encrypted using a private key inaccessible to he user

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

1.11.997

JDK version used

17

Operating System and version

Any

Metadata

Metadata

Assignees

Labels

bugThis issue is a bug.closed-for-stalenessresponse-requestedWaiting on additional info or feedback. Will move to "closing-soon" in 5 days.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions