Error upgrading from 5.7.0 to 6.0.5

[Kristieb]

I'm having troubles upgrading from 5.7.0 to 6.0.5.

Looks like the new version is having trouble reading some of the configuration values.

There is a message saying the Certificate configuration is invalid. When I click on Certificate information I can see the following:

java.lang.ArrayIndexOutOfBoundsException: Index 16 out of bounds for length 16
1.: com.helger.commons.text.util.TextVariableHelper._nextCharConsiderMasking(TextVariableHelper.java:69)
2.: com.helger.commons.text.util.TextVariableHelper._findStartOfVarName(TextVariableHelper.java:135)
3.: com.helger.commons.text.util.TextVariableHelper.splitByVariables(TextVariableHelper.java:175)
4.: com.helger.commons.text.util.TextVariableHelper.forEachTextAndVariable(TextVariableHelper.java:270)
5.: com.helger.commons.text.util.TextVariableHelper.getWithReplacedVariables(TextVariableHelper.java:309)
6.: com.helger.config.Config._getWithVariablesReplacedRecursive(Config.java:257)
7.: com.helger.config.Config.lambda$_getWithVariablesReplacedRecursive$2(Config.java:247)
8.: com.helger.commons.text.util.TextVariableHelper.lambda$getWithReplacedVariables$0(TextVariableHelper.java:310)
9.: com.helger.commons.text.util.TextVariableHelper.forEachTextAndVariable(TextVariableHelper.java:287)
10.: com.helger.commons.text.util.TextVariableHelper.getWithReplacedVariables(TextVariableHelper.java:309)
11.: com.helger.config.Config._getWithVariablesReplacedRecursive(Config.java:257)
12.: com.helger.config.Config.getValue(Config.java:275)
13.: com.helger.config.Config.getValue(Config.java:48)
14.: com.helger.commons.traits.IGetterByKeyTrait.getConvertedValue(IGetterByKeyTrait.java:289)
15.: com.helger.commons.traits.IGetterByKeyTrait.getAsString(IGetterByKeyTrait.java:390)
16.: com.helger.config.fallback.ConfigWithFallback.getAsStringOrFallback(ConfigWithFallback.java:114)
17.: com.helger.pd.client.PDClientConfiguration.getKeyStorePassword(PDClientConfiguration.java:210)
18.: com.helger.pd.client.PDClientConfiguration.loadKeyStore(PDClientConfiguration.java:219)
19.: com.helger.phoss.smp.ui.secure.PageSecureCertificateInformation.fillContent(PageSecureCertificateInformation.java:349)
20.: com.helger.phoss.smp.ui.secure.PageSecureCertificateInformation.fillContent(PageSecureCertificateInformation.java:65)
21.: com.helger.photon.uicore.page.AbstractWebPage.getContent(AbstractWebPage.java:162)
22.: com.helger.photon.bootstrap4.uictrls.ext.BootstrapPageRenderer.getPageContent(BootstrapPageRenderer.java:133)
23.: com.helger.photon.bootstrap4.uictrls.ext.BootstrapPageRenderer.getPageContent(BootstrapPageRenderer.java:160)
24.: com.helger.phoss.smp.ui.secure.SMPRendererSecure.getContent(SMPRendererSecure.java:227)
25.: com.helger.phoss.smp.ui.SMPLayoutHTMLProvider.fillBody(SMPLayoutHTMLProvider.java:70)
26.: com.helger.photon.core.html.AbstractSWECHTMLProvider.fillHeadAndBody(AbstractSWECHTMLProvider.java:106)
27.: com.helger.photon.core.html.AbstractHTMLProvider.createHTML(AbstractHTMLProvider.java:164)
28.: com.helger.photon.app.html.PhotonHTMLHelper.createHTMLResponse(PhotonHTMLHelper.java:117)
29.: com.helger.photon.core.servlet.AbstractApplicationXServletHandler.handleRequest(AbstractApplicationXServletHandler.java:101)
30.: com.helger.phoss.smp.servlet.SMPApplicationXServletHandler.handleRequest(SMPApplicationXServletHandler.java:81)
31.: com.helger.xservlet.handler.simple.XServletHandlerToSimpleHandler.onRequest(XServletHandlerToSimpleHandler.java:245)
32.: com.helger.xservlet.AbstractXServlet._invokeHandler(AbstractXServlet.java:345)
33.: com.helger.xservlet.AbstractXServlet.service(AbstractXServlet.java:533)
34.: javax.servlet.http.HttpServlet.service(HttpServlet.java:779)
35.: com.helger.xservlet.AbstractXServlet.service(AbstractXServlet.java:587)
36.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
37.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
38.: org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
39.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
40.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
41.: com.helger.web.servlets.scope.AbstractScopeAwareFilter.doHttpFilter(AbstractScopeAwareFilter.java:81)
42.: com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66)
43.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
44.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
45.: com.helger.xservlet.AbstractXFilter.doHttpFilter(AbstractXFilter.java:189)
46.: com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66)
47.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
48.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
49.: com.helger.servlet.filter.CharacterEncodingFilter.doHttpFilter(CharacterEncodingFilter.java:187)
50.: com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66)
51.: org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
52.: org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
53.: org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177)
54.: org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
55.: org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
56.: org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
57.: org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
58.: org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
59.: org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
60.: org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
61.: org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
62.: org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
63.: org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:891)
64.: org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1784)
65.: org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
66.: org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
67.: org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
68.: org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
69.: java.base/java.lang.Thread.run(Thread.java:829)

I had a look at the updated sample configuration properties and change the properties starting with pdclient to match:
https://github.com/phax/phoss-smp/blob/master/docker/example-config-dir/application.properties

pdclient.keystore.type = ${smp.keystore.type}
pdclient.keystore.path = ${smp.keystore.path}
pdclient.keystore.key.alias = ${smp.keystore.key.alias}
pdclient.keystore.password = ${smp.keystore.password}
pdclient.keystore.key.password = ${smp.keystore.key.password}

However it's still showing the same error above. Everything else seems to be configured correctly still.

[phax]

@Kristieb Can you please send me the source property file that caused that issue? It's clearly a bug "somewhere" in the variable resolution code :-/

[Kristieb]

@phax pasted the content of the application.properties below. Remove the actual passwords.

# Global flags for initializer
# For production debug should be false and production should be true
global.debug = true
global.production = false
global.debugjaxws = false

## Application Configuration
# Type (JKS or PKCS12)
pdclient.keystore.type = ${smp.keystore.type}
# The path should be absolute for docker configuration
# Put the .p12 file in the same directory as this file (depends on the docker config)
pdclient.keystore.path = ${smp.keystore.path}
pdclient.keystore.key.alias = ${smp.keystore.key.alias}

#DO NOT COMMIT THE REAL PASSWORD!
pdclient.keystore.password = ${smp.keystore.password}
pdclient.keystore.key.password = ${smp.keystore.key.password}

## SMP Configuration
# The backend to be used. Can either be "sql" or "xml". Any other value will result in a startup error
smp.backend = xml

## Keystore data

# Type (JKS or PKCS12)
smp.keystore.type = pkcs12
# The path should be absolute for docker configuration
# Put the .p12 file in the same directory as this file (depends on the docker config)
smp.keystore.path = /config/smp-test-complete.p12
smp.keystore.key.alias = smp-test
#DO NOT COMMIT THE REAL PASSWORD!
smp.keystore.password = password
smp.keystore.key.password = password

# This default truststore handles 2010 and 2018 PKIs
#smp.truststore.type     = jks
#smp.truststore.path     = truststore/complete-truststore.jks
#smp.truststore.password = peppol

# Force all paths (links) to be "/" instead of the context path
# This is helpful if the web application runs in a context like "/smp" but is proxied to a root path
smp.forceroot = true

# If this property is specified, it will overwrite the automatically generated URL
# for all cases where absolute URLs are necessary
# This might be helpful when running on a proxied Tomcat behind a web server
smp.publicurl = http://smp-test.payreq.com/

## Write to SML? true or false
sml.enabled=false
# Is an SML needed in the current scenario - show warnings if true
sml.required=true
# The SMP ID also used in the SML!
sml.smpid=PAU000363

# SML connection timeout milliseconds
#sml.connection.timeout.ms = 5000

# SML request timeout milliseconds
#sml.request.timeout.ms = 20000

# Enable PEPPOL Directory integration?
#todo: change to true in prod
smp.directory.integration.enabled=true
smp.directory.hostname=https://test-directory.peppol.eu

# Use PEPPOL identifiers (with all constraints) or simple, unchecked identifiers?
# Possible values are "peppol", "simple" and "bdxr"
smp.identifiertype=peppol

smp.rest.type=peppol
smp.rest.log.exceptions=true

# Central directory where the data should be stored.
# This should be absolute in production.
webapp.datapath = /home/git/conf

# Should all files of the application checked for readability?
# This should only be set to true when datapath is a relative directory inside a production version
webapp.checkfileaccess = false

# Is it a test version? E.g. a separate header is shown
webapp.testversion = true

# Use slow, but fancy dynamic table on the start page?
webapp.startpage.dynamictable = false

# Participant list is enabled by default
webapp.startpage.participants.none = false

# Don't show content of extensions by default on start page
webapp.startpage.extensions.show = false

# The name of the Directory implementation
webapp.directory.name = PEPPOL Directory

# Don't show content of extensions by default in service groups
webapp.servicegroups.extensions.show = false

[phax]

The problem is most likely a solo "$" in one of your passwords.
That is an error in variable resolution code that will be fixed for the next iteration. The only workaround I can current offer is not to use the $ sign in your passwords.
Sorry for the inconvenience caused :(

[phax]

Will be fixed in the 6.0.6 version

[phax]

v6.0.6 is now available: https://github.com/phax/phoss-smp/releases/tag/phoss-smp-parent-pom-6.0.6

[Kristieb]

Thank you for resolving the issue the certificate is now being picked up.