[Hawkular-dev] agent running in EAP6.4 cannot talk to Hawkular Server over HTTPS

John Mazzitelli mazz at redhat.com
Tue Mar 7 17:03:38 EST 2017 

BTW: the latest agent release/master branch will not produce this NPE but it still isn't good because, instead of getting an NPE, you get this loveliness:

16:57:53,081 ERROR [org.hawkular.agent.monitor.service.MonitorService] (Hawkular WildFly Agent Startup Thread) HAWKMONITOR010054: Agent encountered errors during start up and will be stopped.: java.lang.IllegalStateException: Unable to extract the trust manager on okhttp3.internal.platform.Platform at 69f176ea, sslSocketFactory is class org.jboss.as.domain.management.security.WrapperSSLContext$WrapperSpi$WrapperSSLSocketFactory
	at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.java:599)

OKHttp is looking for particular SSL class to find a trust manager but is thrown for a loop when it finds WildFly has its own wrapper implementation. This is the whole reason why this PR exists (and the NPE shows up when running with that PR):

https://github.com/hawkular/hawkular-agent/pull/300

(and just to clarify, this is only an issue on EAP6.4. Everything works fine on EAP7+)

----- Original Message -----
> Josejulio, cc hawkular-dev:
> 
> <TL;DR>
> Due to incomplete API support in a EAP 6.4 library, we cannot support the
> agent installed as a subsystem extension inside EAP6 if the agent is to talk
> to the Hawkular Server over HTTPS.
> </TL;DR>
> 
> I don't know how to workaround this one - maybe someone has a bright idea.
> But right now, it looks like we can't support an EAP6-based agent talking to
> Hawkular-Metrics over HTTPS *unless* the agent is running as a javaagent (a
> new feature not even in master yet, but I tried it and it works).
> 
> This is a EAP 6.4 method that OKHttp is calling when making an HTTP request
> requiring SSL - I'll give you the summary - its a one-line auto-generated
> stub method that "return null;" :)
> 
> https://github.com/wildfly/wildfly-core/blame/de6b17d4d342e98871c0e95f7e6faa9006383768/domain-management/src/main/java/org/jboss/as/domain/management/security/WrapperSSLContext.java#L124-L126
> 
> I stepped into this code via a debugger and the line number and behavior
> (returning null always) matches up with that code.
> 
> Needless to say, this causes a NullPointerException later on in the OKHttp
> library and thus cannot talk to the Hawkular Server over HTTPS.
> 
> Here's the stack trace that got me there:
> 
> Daemon Thread [Hawkular WildFly Agent Startup Thread] (Suspended)
> 	org.jboss.as.domain.management.security.WrapperSSLContext$WrapperSpi$WrapperSSLSocketFactory.createSocket(java.net.Socket,
> 	java.lang.String, int, boolean) line: 126
> 	okhttp3.internal.connection.RealConnection.connectTls(int, int,
> 	okhttp3.internal.connection.ConnectionSpecSelector) line: 230
> 	okhttp3.internal.connection.RealConnection.establishProtocol(int, int,
> 	okhttp3.internal.connection.ConnectionSpecSelector) line: 198
> 	okhttp3.internal.connection.RealConnection.buildConnection(int, int, int,
> 	okhttp3.internal.connection.ConnectionSpecSelector) line: 174
> 	okhttp3.internal.connection.RealConnection.connect(int, int, int,
> 	java.util.List<okhttp3.ConnectionSpec>, boolean) line: 114
> 	okhttp3.internal.connection.StreamAllocation.findConnection(int, int, int,
> 	boolean) line: 193
> 	okhttp3.internal.connection.StreamAllocation.findHealthyConnection(int, int,
> 	int, boolean, boolean) line: 129
> 	okhttp3.internal.connection.StreamAllocation.newStream(okhttp3.OkHttpClient,
> 	boolean) line: 98
> 	okhttp3.internal.connection.ConnectInterceptor.intercept(okhttp3.Interceptor$Chain)
> 	line: 42
> 	okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request,
> 	okhttp3.internal.connection.StreamAllocation,
> 	okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> 	okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request) line: 67
> 	okhttp3.internal.cache.CacheInterceptor.intercept(okhttp3.Interceptor$Chain)
> 	line: 109
> 	okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request,
> 	okhttp3.internal.connection.StreamAllocation,
> 	okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> 	okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request) line: 67
> 	okhttp3.internal.http.BridgeInterceptor.intercept(okhttp3.Interceptor$Chain)
> 	line: 93
> 	okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request,
> 	okhttp3.internal.connection.StreamAllocation,
> 	okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> 	okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(okhttp3.Interceptor$Chain)
> 	line: 124
> 	okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request,
> 	okhttp3.internal.connection.StreamAllocation,
> 	okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> 	okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request) line: 67
> 	okhttp3.RealCall.getResponseWithInterceptorChain() line: 170
> 	okhttp3.RealCall.execute() line: 60
> 	org.hawkular.agent.monitor.service.MonitorService(org.hawkular.agent.monitor.service.AgentCoreEngine).waitForHawkularServer()
> 	line: 648
> 	org.hawkular.agent.monitor.service.MonitorService(org.hawkular.agent.monitor.service.AgentCoreEngine).startHawkularAgent(org.hawkular.agent.monitor.config.AgentCoreEngineConfiguration)
> 	line: 279
> 	org.hawkular.agent.monitor.service.MonitorService(org.hawkular.agent.monitor.service.AgentCoreEngine).startHawkularAgent()
> 	line: 164
> 	org.hawkular.agent.monitor.service.MonitorService$1CustomPropertyChangeListener$1.run()
> 	line: 395
> 	java.lang.Thread.run() line: 745
>

More information about the hawkular-dev mailing list