Saturday, 4 February 2012

IBM Tivoli Directory Integrator - java.lang.IllegalArgumentException: Bad arguments

This one baffled me for a good 10-15 minutes on Friday.

When I ran any TDI script ( this is TDI 7.0.0.5 as used with Connections 3.0.1 ), including populate_from_dn_file.sh

<snip>
CTGDKD024I Remote API successfully started on port:1099, bound to:'SessionFactory'. SSL and Client Authentication are enabled.

Platform: 'Generic' 
java.lang.IllegalArgumentException: Bad arguments 
        at javax.crypto.Cipher.doFinal(Unknown Source) 
        at com.ibm.di.security.RSACrypto.decrypt(RSACrypto.java:145) 
        at com.ibm.di.util.PropertiesFile$Property.decryptPropertyValue(PropertiesFile.java:411) 
        at com.ibm.di.util.PropertiesFile$Property.getValue(PropertiesFile.java:221) 
        at com.ibm.di.util.PropertiesFile.getProperty(PropertiesFile.java:795) 
        at com.ibm.di.connector.PropertiesConnector.findEntry(PropertiesConnector.java:635) 
        at com.ibm.di.connector.PropertiesConnector.getNextEntry(PropertiesConnector.java:595) 
        at com.ibm.di.config.interfaces.TDIPropertyStore.advanceIterator(TDIPropertyStore.java:693) 
        at com.ibm.di.config.interfaces.TDIPropertyStore.hasNext(TDIPropertyStore.java:648) 
        at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) 
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
        at java.lang.reflect.Method.invoke(Method.java:618) 
        at com.ibm.jscript.types.JavaAccessObject.call(JavaAccessObject.java:298) 
        at com.ibm.jscript.types.FBSObject.call(FBSObject.java:153) 
        at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:151) 
        at com.ibm.jscript.ASTTree.ASTWhile.interpret(ASTWhile.java:61) 
        at com.ibm.jscript.std.FunctionObject._executeFunction(FunctionObject.java:230) 
        at com.ibm.jscript.std.FunctionObject.executeFunction(FunctionObject.java:162) 
        at com.ibm.jscript.std.FunctionObject.call(FunctionObject.java:148) 
        at com.ibm.jscript.types.FBSObject.call(FBSObject.java:153) 
        at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:151) 
        at com.ibm.jscript.ASTTree.ASTObjectLiteral.interpret(ASTObjectLiteral.java:72) 
        at com.ibm.jscript.ASTTree.ASTAssign.interpret(ASTAssign.java:90) 
        at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(ASTProgram.java:102) 
        at com.ibm.jscript.JSExpression.interpretExpression(JSExpression.java:399) 
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:249) 
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:236) 
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:239) 
        at com.ibm.jscript.JSInterpreter.interpret(JSInterpreter.java:53) 
        at com.ibm.di.script.ScriptEngine.interpret(ScriptEngine.java:867) 
        at com.ibm.di.script.ScriptEngine.exec(ScriptEngine.java:495) 
        at com.ibm.di.script.ScriptEngine.loadScript(ScriptEngine.java:622) 
        at com.ibm.di.script.ScriptEngine.includeAllScripts(ScriptEngine.java:726) 
        at com.ibm.di.script.ScriptEngine.includeAllScripts(ScriptEngine.java:752) 
        at com.ibm.di.server.AssemblyLine.autoIncludeScripts(AssemblyLine.java:2626) 
        at com.ibm.di.server.AssemblyLine.initScriptEngine(AssemblyLine.java:2205) 
        at com.ibm.di.server.AssemblyLine.msStart(AssemblyLine.java:3243) 
        at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:3145) 
        at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2818) 
        at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2801) 
        at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:2770) 
        at com.ibm.di.server.AssemblyLine.run(AssemblyLine.java:1275)


2012-02-03 14:42:40,652 INFO  [convert_uids_for_customer] - CTGDIR103W The properties file '/opt/IBM/TDI/V7.0/tdisol_FM/TDI/301.properties' for  was not found, and will be created if anything is written to it. 
2012-02-03 14:42:40,789 ERROR [AssemblyLine.AssemblyLines/dump_profiles.1] - [read_whole_db] CTGDIS810E handleException - cannot handle exception , initialize java.lang.IllegalArgumentException: Bad arguments 
        at javax.crypto.Cipher.doFinal(Unknown Source) 
        at com.ibm.di.security.RSACrypto.decrypt(RSACrypto.java:145) 
        at com.ibm.di.util.PropertiesFile$Property.decryptPropertyValue(PropertiesFile.java:411) 
        at com.ibm.di.util.PropertiesFile$Property.getValue(PropertiesFile.java:221) 
        at com.ibm.di.util.PropertiesFile.getProperty(PropertiesFile.java:795) 
        at com.ibm.di.connector.PropertiesConnector.findEntry(PropertiesConnector.java:635) 
        at com.ibm.di.config.interfaces.TDIPropertyStore.getPropertyEntry(TDIPropertyStore.java:426) 
        at com.ibm.di.config.interfaces.TDIPropertyStore.getProperty(TDIPropertyStore.java:384) 
        at com.ibm.di.config.interfaces.TDIProperties.getProperty(TDIProperties.java:351) 
        at com.ibm.lconn.profiles.api.tdi.connectors.Util.AbstractProfilesConnector.initializeInternal(AbstractProfilesConnector.java:72) 
        at com.ibm.lconn.profiles.api.tdi.connectors.Util.AbstractProfilesConnector.initialize(AbstractProfilesConnector.java:53)

        at com.ibm.di.server.AssemblyLineComponent.doInitialize(AssemblyLineComponent.java:1129) 
        at com.ibm.di.server.AssemblyLineComponent.initialize(AssemblyLineComponent.java:1110) 
        at com.ibm.di.server.AssemblyLine.initConnectors(AssemblyLine.java:1865) 
        at com.ibm.di.server.AssemblyLine.msInitConn(AssemblyLine.java:3335) 
        at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:3157) 
        at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2818) 
        at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2801) 
        at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:2770) 
        at com.ibm.di.server.AssemblyLine.run(AssemblyLine.java:1275) 
2012-02-03 14:42:40,790 ERROR [AssemblyLine.AssemblyLines/dump_profiles.1] - CTGDIS266E Error in InitConnectors. Exception occurred: java.lang.IllegalArgumentException: Bad arguments 
java.lang.IllegalArgumentException: Bad arguments 

        at javax.crypto.Cipher.doFinal(Unknown Source) 
        at com.ibm.di.security.RSACrypto.decrypt(RSACrypto.java:145) 
        at com.ibm.di.util.PropertiesFile$Property.decryptPropertyValue(PropertiesFile.java:411) 
        at com.ibm.di.util.PropertiesFile$Property.getValue(PropertiesFile.java:221)

</snip>

I was getting really really cross as I couldn't see what had led to this problem. However, having just updated the SSL certificates between TDI and LDAP ( Active Directory ), I wasted a bit of time checking that the certificates were correct.

Then I remembered that I'd also updated the password in profiles_tdi.properties for the target database ( DB2 UDB ) ….

Even with that clue, it still took me two or three attempts to realise that, when I'd pasted the new password into profiles_tdi.properties, I'd inadvertently included a …. CR/LF character.

I was fooled because the encoded password wraps around onto a second line so I saw: -

{protect}-dbrepos_password={encr}f9dfa8r348rufdu9r8849089df8f89dfhdjhrkhwerjh32984r9fud9f9dsu90r[23ij4repdfua9sudf90[dsr0u2390ruefjaf
9832rufdifp8dsgy7sysuhuhrh3ur3y48dfsf8sdafkjhlkhrew

and read it as: -

{protect}-dbrepos_password={encr}f9dfa8r348rufdu9r8849089df8f89dfhdjhrkhwerjh32984r9fud9f9dsu90r[23ij4repdfua9sudf90[dsr0u2390ruefjaf9832rufdifp8dsgy7sysuhuhrh3ur3y48dfsf8sdafkjhlkhrew

whereas it was actually stored in the file as: -

{protect}-dbrepos_password={encr}f9dfa8r348rufdu9r8849089df8f89dfhdjhrkhwerjh32984r9fud9f9dsu90r[23ij4repdfua9sudf90[dsr0u2390ruefjaf [CR/LF]
9832rufdifp8dsgy7sysuhuhrh3ur3y48dfsf8sdafkjhlkhrew

meaning that TDI didn't know what to with this line: -

9832rufdifp8dsgy7sysuhuhrh3ur3y48dfsf8sdafkjhlkhrew

in its properties file, hence the nasty ( but actually quite revealing ) java.lang.IllegalArgumentException.

Bottom line, check your property files, and avoid copy/paste.

Newbie error :-)

No comments:

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...