Gen EDGE

View Only

CALL REST example returns undocumented error TIRM329E

Douglas Seaver posted Jun 13, 2023 08:41 AM

I am trying to use the example provided in Example of a Call REST Statement in an Action Diagram (broadcom.com)

I believe i followed all the steps indicated, but i am getting an error while trying to test.

__________________(following output is from the trace.out debug file - i am using a Java Proxy interface to the Gen CICS server which calls my AB_CALL_REST_DEMO.

6/12/23-10:32:46:234[AWT-EventQueue-0]: ObsPsSMotorCarrierMenuInit(): Listener heard that ObsPsSMotorCarrierMenuInitOperation completed with Exception.ObsPsSMotorCarrierMenuInitcom.ca.gen.jprt.ProxyException: [Function: doObsPsSMotorCarrierMenuInitOperation]com.ca.gen.jprt.ProxyException: com.ca.gen.jprt.ProxyException: [Function: doObsPsSMotorCarrierMenuInitOperation]TIRM030E: APPLICATION FAILED - UPDATES HAVE BEEN BACKED OUT
TIRM031E: FAILING PROCEDURE EXIT DATA FOLLOWS
TIRM032E: LAST OR CURRENT ACTION BLOCK ID = 1413218308
TIRM033E: LAST OR CURRENT ACTION BLOCK NAME = AB_CALL_REST_DEMO
TIRM034E: LAST OR CURRENT DATABASE STATEMENT = 0000000000
TIRM035E: CURRENT STATEMENT BEING PROCESSED = 0000000001
TIRM037E: ** FATAL ERROR WAS ENCOUNTERED **
TIRM322E: EXTERNAL CALL ERROR OCCURED DURING REST CALL
TIRM329E: URIMAP resource:PET.SERV is unavailable,RESP=13,RESP2=3
TIRM046E: *** TRANSACTION PROCESSING TERMINATED EMC0
TIRM602E: REMOTE COOPERATIVE PROCESSING WAS ACTIVE
TIRM670E: FROM PROCEDURE STEP OBS_PS_S_MOTOR_CARRIER_MENU_INIT
TIRM671E: TO PROCEDURE STEP CI_DPC_FROM_PSTEP

___________________

Can anyone provide me with diagnostic information for the TIRM329E error? or provide other suggestions or confirmation that this web service should work?

Thanks in advance for any and all feedback.

Broadcom Employee Andy Hebert posted Jun 13, 2023 10:47 AM

Doug,

I suggest reviewing some Knowledge Articles produced by Gen Engineering on the CALL REST topic. After you have reviewed the info and enacted any adjustments, please open a Case with Support if you still are having problems.

https://knowledge.broadcom.com/external/article?articleId=255194

https://knowledge.broadcom.com/external/article?articleId=234414

Cheers,

Andy Hebert

Daniel Stratton posted Jun 13, 2023 08:37 PM

Doug,

Based on the RESP/RESP2 values, it's looking like you haven't defined the URIMAP it's looking for.

https://www.justtext.com/messageboards/tech/20180204210246.html tells us that RESP=13 is NOTFND.

https://www.ibm.com/docs/en/cics-ts/5.2?topic=commands-inquire-urimap confirms this as NOTFND with RESP2 = 3 indicates The URIMAP cannot be found.

The second link by Andy is what you're looking for. You need to defined the URIMAP `PET.SERV` to the region.

Douglas Seaver posted Jun 14, 2023 05:15 PM

Thanks to both Andy and Daniel for the feedback. I will re-test once i have the URIMAP defined.

Douglas Seaver posted Jun 21, 2023 05:48 PM

OK, I think I am making progress. However, this is all new to me, and it would be most helpful if there were a specific example to follow.

I have defined the URIMAP entry to get beyond my original problem. Now I am getting different error from the WEB CONVERSE which tells me i probably have the URIMAP defined incorrectly.

using the example of https://petstore3.swagger.io/api/v3/openapi.json can someone tell me what i should specify for

UNIVERSAL RESOURCE IDENTIFIER
SCheme : HTTPS HTTP | HTTPS
POrt : No No | 1-65535 <-- because I specified HTTPS, CICS automatically uses 443 as the port (or so it appears)

HOST : petstore.swagger.io <-- I don't know if this is complete or if I need to specify /v3 at the end
:
PAth : /v2/pet/findByStatus <-- I know this path is wrong, I'd just like some advice on what it should be and where the /v3 should go.

OUTBOUND CONNECTION POOLING
SOcketclose : 000500 0-240000 (HHMMSS)

SECURITY ATTRIBUTES
USErid :
CIphers :
(Mixed Case)
CErtificate :
AUthenticate : No No | Basic ____________________end of definition...

the error I am currently getting follows, along with a CICS error message about missing a needed certificate (which I don't have and don't believe I need)

TIRM322E: EXTERNAL CALL ERROR OCCURED DURING REST CALL
TIRM329E: Error occurred during WebConverse(Response),Resp=17,Resp2=42

Diagnosis of WEB CONVERSE: WEB CONVERSE - IBM Documentation

17 IOERR

RESP2 values are:

Socket error.

CICS log shows this:

SDSF BROWSE CICSD012 (STC25393) MSGUSR Line 00002244 Col 001 132

Command ===> Scroll ===> CSR

DFHSO0123 06/20/2023 08:02:45 CICSD012 RETURN CODE 8 RECEIVED FROM FUNCTION GSK_SECURE_SOCKET_INIT OF SYSTEM SSL. REASON:

CERTIFICATE VALIDATION FAILED. PEER: 52.87.15.66, TCPIPSERVICE: *NONE*.

Daniel Stratton posted Jun 25, 2023 07:06 PM

Doug,

Sounds like a lot of fun. I believe per the documentation that the path doesn't matter so much, it's the host and port that matters. Yes, by default, HTTPS is 443.

Make sure that you're defining the URIMAP with USAGE(CLIENT). The IBM documentation may help you as well https://www.ibm.com/docs/en/cics-ts/5.3?topic=application-creating-urimap-resource-cics-as-http-client and https://www.ibm.com/docs/en/cics-ts/5.3?topic=resources-urimap-attributes

Specifically:

Optional: If SSL is being used, specify the CERTIFICATE attribute as the label of the certificate that is to be used as the SSL client certificate for this request.
Optional: If SSL or TLS is being used, specify the CIPHERS attribute as the cipher code that is to be used for this request.

However, looking further we also see https://www.ibm.com/support/pages/apar/PI62251 which indicates that the message was changed at some point. It could mean the server certificate is invalid (expired, signed by a root cert not in your system keyring, etc) or the client certificate you're supplying (if any) is invalid. According to https://www.ibm.com/docs/en/cics-ts/5.3?topic=messages-dfhso0123

> If the brief interpretation of the return code is Certificate validation failed then either the server or client certificate (if client certificates are being used) is invalid.

If you're looking to stand up a simple example, I'd suggest with non-HTTPS to start with until you're comfortable. Then layer on the certificate stuff as required.

But yes, I think you're heading towards a Support ticket so you can share confidential information with BC to help analyze it too.

Broadcom Employee Vasudeva Rao Jammula posted Jun 26, 2023 03:39 PM

Thanks Daniel for the suggestions.

However I wanted to re-iterate few things here

1) The URIMAP should be defined in CICS with Usage as CLIENT

2) The URIMAP is used only for making the connection, that means only SCHEME, HOST and PORT are used for making the connection

3) The complete path is formed by concatenating the partial path taken by removing host name and port from the BasePath and the Resource name

For Example:

BasePath: https://petstore3.swagger.io/api/v3/

Resource: /pet/findByStatus

The complete path would be formed as

Partial Path from the BasePath : /api/v3/

Resource Name : /pet/findByStatus

Path : /api/v3/pet/findByStatus

Please note that any path from the URIMAP would not be considered

4) For doing a secure communication from CICS, the CICS region must be configured to contain the cacert file added to CICS keyring database

https://www.ibm.com/docs/en/cics-ts/5.5?topic=clients-configuring-cics-use-ssl

The above IBM link may provide some guidance on it

Thanks,

Vasu.

Broadcom Employee Clay Rabun posted Jun 29, 2023 03:15 PM

Doug,

The TIRM329E error message may be reported along with the TIRM322E error message. The purpose of the TIRM329E error message is to provide additional details about the error that occurred while performing the external call.

Thank you for bringing this omission to our attention. The Techdocs documentation has been updated to include a description of the TIRM329E error message.

https://techdocs.broadcom.com/us/en/ca-mainframe-software/devops/ca-gen/8-6/messages/runtime-messages/common-runtime-messages-tirm000e-tirm599e/tirm329e-error-details-while-performing-the-rest-call.html

Thanks,
Clay