December 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (JGRP-2239) AUTH + ASYM_ENCRYPT causes problem with re-joining cluster (MERGE)

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2239?page=com.atlassian.jira.plugin.... ] Bela Ban updated JGRP-2239: --------------------------- Fix Version/s: 4.0.9 > AUTH + ASYM_ENCRYPT causes problem with re-joining cluster (MERGE) > ------------------------------------------------------------------ > > Key: JGRP-2239 > URL: https://issues.jboss.org/browse/JGRP-2239 > Project: JGroups > Issue Type: Bug > Affects Versions: 4.0.6 > Environment: Infinispan 9.1.1 + JGroups 4.0.6.Final + Vert.x 3.5.0 > Reporter: Boris Sh > Assignee: Bela Ban > Fix For: 4.0.9 > > > Hello, > I am using the following configuration: > {code:java} > <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns="urn:org:jgroups" xsi:schemaLocation="urn:org:jgroups http://www.jgroups.org/schema/jgroups.xsd"> > <UDP /> > <PING /> > <MERGE3 /> > <FD /> > <VERIFY_SUSPECT /> > <ASYM_ENCRYPT encrypt_entire_message="true" sym_keylength="128" > sym_algorithm="AES/ECB/PKCS5Padding" asym_keylength="2048" > asym_algorithm="RSA" /> > <pbcast.NAKACK2 /> > <UNICAST3 /> > <pbcast.STABLE /> > <FRAG2 /> > <AUTH auth_class="org.jgroups.auth.X509Token" auth_value="auth" > keystore_path="keystore.jks" keystore_password="pwd" cert_alias="alias" > cipher_type="RSA" /> > <pbcast.GMS /> > </config> > {code} > I have 7 services, but will try to show logs for 2 ones, coordinator and some random node, and all the other nodes behave similarly. > Initially, when these nodes join the cluster, everything is fine. > The server is a shared machine with slow CPU and also slow HDD, so sometimes, when other applications are busy with their tasks, whole my cluster can get frozen for 3-5 minutes. During/in the end of this freeze, some service may tell me the following (in logs): > {code:java} > org.jgroups.protocols.FD up > WARNING: node-26978: I was suspected by node-27291; ignoring the SUSPECT message and sending back a HEARTBEAT_ACK > WARNING: node-26978: unrecognized cipher; discarding message from node-27291 > org.jgroups.protocols.Encrypt handleEncryptedMessage > WARNING: node-26978: unrecognized cipher; discarding message from node-27291 > org.jgroups.protocols.Encrypt handleEncryptedMessage > WARNING: node-26978: unrecognized cipher; discarding message from node-36734 > org.jgroups.protocols.Encrypt handleEncryptedMessage > {code} > so the node was kicked out from the cluster, as it became "suspect", but the node doesn't agree with that fact. Cluster coordinator has already changed sym private key, so in the further logs of this server I see "unrecognized cipher". > In cluster coordinator logs I see the following: > {code:java} > INFO: ISPN100000: Node node-26978 joined the cluster > **** > WARN: node-27291: unrecognized cipher; discarding message from node-26978 > org.jgroups.logging.Slf4jLogImpl error > ERROR: key requester node-26978 is not in current view [***]; ignoring key request > org.jgroups.logging.Slf4jLogImpl warn > WARN: node-27291: unrecognized cipher; discarding message from node-26978 > INFO: ISPN000093: Received new, MERGED cluster view for channel ISPN: MergeView::[node-26978|8] (7) [node-26978, node-12721, node-17625, node-45936, node-56674, node-36734, node-27291], 2 subgroups: [node-27291|7] (6) [node-27291, node-12721, node-17625, node-45936, node-56674, node-36734], [node-27291|6] (7) [node-27291, node-26978, node-12721, node-17625, node-45936, node-56674, node-36734] > {code} > My understanding of what has happened: > For example I have 3 nodes {A, B, C} in the cluster. The cluster gets frozen for some minutes, so node {C} becomes suspected, and kicked out from the cluster by coordinator. For some reason {C} ignores that fact. Later, after cluster is up again, it becomes ignoring messages from {C}, because it is using ASYM encryption and private key has been re-generated by coordinator. Also, for some reason MERGE operation doesn't work, and {C} can not join back to cluster, and now cluster has 2 subgroups, that don't communicate to each other, and I don't fully understand why this happens. > How I temporary resolved this issue: changed ASYM_ENCRYPT to SYM_ENCRYPT, and now any node can come back to the cluster successfully after freeze, as the key doesn't change. > Also, I didn't test, but think change_key_on_leave="false" will help, but this is not the way I want to use. > So looks like this a problem with AUTH + ASYM_ENCRYPT protocol combination, when node in some cases can not rejoin the cluster. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2157) DMN Editor: Contexts: Add special behaviour of last row

by Jozef Marko (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2157?page=com.atlassian.jira.plugi... ] Jozef Marko updated DROOLS-2157: -------------------------------- QE Status: ON_QA (was: NEW) > DMN Editor: Contexts: Add special behaviour of last row > ------------------------------------------------------- > > Key: DROOLS-2157 > URL: https://issues.jboss.org/browse/DROOLS-2157 > Project: Drools > Issue Type: Enhancement > Components: DMN Editor > Reporter: Michael Anstis > Assignee: Michael Anstis > > The last row of a {{Context}} should span all columns and populate the last {{ContextEntry}} in the {{Context}}. It should not have a variable. This is the XML for a _regular_ row and the _final_ row: > {code} > <semantic:context id="_f4f86e5f-e3e3-4b99-9260-8086764e598f"> > <semantic:contextEntry> > <semantic:variable id="_779ca919-15d8-48d0-a9f0-e0203e60fac6" name="in1"/> > <semantic:literalExpression id="_4b8b8cc1-a56c-4673-8334-96e178cd04a4"> > <semantic:text>"literal exp" </semantic:text> > </semantic:literalExpression> > </semantic:contextEntry> > <semantic:contextEntry> > <semantic:literalExpression id="_297181da-d0d5-4137-960b-34836d5570e5"> > <semantic:text>"result" </semantic:text> > </semantic:literalExpression> > </semantic:contextEntry> > </semantic:context> > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-1458) SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues fails on IBM JDK

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1458?page=com.atlassian.jira.plugin.s... ] Martin Choma edited comment on ELY-1458 at 12/4/17 4:50 AM: ------------------------------------------------------------ With debugging I can see test is failing on searching OID 1.3.6.1.5.5.7.1.1 which is located in "Unparseable certificate extensions". [~fjuma], could you have a look if this is real issue? {noformat} [ [ Version: V3 Subject: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us Signature Algorithm: SHA256withDSA, OID = 2.16.840.1.101.3.4.3.2 Key: IBMJCE DSA Public Key: 10389539464412903556924870926977456600328661145126110914220364993646327182827897057810681641838672622783970775653085652971888667064482151030822018565974084164812785937167067899265071806883189425808652614041346698609430428488623420867004775841831737139272403718817301879754589951077983369859385368318809992517855682694872534538862937538545227595881495646173926384613674206105836908073825850547714481997228126103022280543137613384164844604733917034425561783854025917174233571273088420726961501571798407502539168274663967684401560564643528658155154341567883345191932615679686743952146121930966280400203143164167037724051 Validity: [From: Mon Dec 04 10:42:29 CET 2017, To: Sat Jan 01 00:59:59 CET 10000] Issuer: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us SerialNumber: [1965736310424294143] Certificate Extensions: 7 [1]: ObjectId: 1.3.6.1.5.5.7.1.11 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 38 30 36 30 10 06 08 2b 06 01 05 05 07 30 03 .8060.........0. 0010: 87 04 0b 16 21 2c 30 22 06 08 2b 06 01 05 05 07 ......0......... 0020: 30 05 86 16 68 74 74 70 3a 2f 2f 61 6e 6f 74 68 0...http...anoth 0030: 65 72 2e 75 72 6c 2e 63 6f 6d er.url.com [2]: ObjectId: 2.5.29.18 Criticality=false IssuerAlternativeName [ [IPAddress: 10.20.30.40, URIName: http://some.url.com]] [3]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [4]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4d cb ee b6 cf 01 78 b7 d3 5c 65 16 96 a2 3c 4b M.....x...e....K 0010: e8 d8 5f a0 .... ] ] [5]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2 ] [6]: ObjectId: 2.5.29.37 Criticality=false ExtKeyUsage [ 1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.8] [7]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ [RFC822Name: bobsmith(a)example.com, DNSName: bobsmith.example.com]] Unparseable certificate extensions: 1 [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false 0000: 30 3f 30 1c 06 08 2b 06 01 05 05 07 30 01 86 10 0.0.........0... 0010: 31 30 2e 32 30 2e 33 30 2e 34 30 3a 38 30 38 30 10.20.30.40.8080 0020: 30 1f 06 08 2b 06 01 05 05 07 30 02 82 13 69 73 0.........0...is 0030: 73 75 65 72 73 2e 65 78 61 6d 70 6c 65 2e 63 6f suers.example.co 0040: 6d m ] Algorithm: [SHA256withDSA] Signature: 0000: 30 45 02 21 00 a8 4a dc 8b 0e a3 bd 55 7f 78 2a 0E....J.....U.x. 0010: 4e 68 17 b7 72 34 7d d0 77 c6 31 1e 00 ea f0 23 Nh..r4..w.1..... 0020: 06 a9 54 dd 7d 02 20 1b 19 b9 ef 4b 73 42 8b 4c ..T........KsB.L 0030: d5 19 a7 1e 86 1c 44 60 24 2c dc b1 29 1a bc 89 ......D......... 0040: e9 92 01 b2 55 fd 90 ....U.. ] {noformat} was (Author: mchoma): With debugging I can see test is failing on searching OID 1.3.6.1.5.5.7.1.1 which is located in Unparseable certificate extensions {noformat} [ [ Version: V3 Subject: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us Signature Algorithm: SHA256withDSA, OID = 2.16.840.1.101.3.4.3.2 Key: IBMJCE DSA Public Key: 10389539464412903556924870926977456600328661145126110914220364993646327182827897057810681641838672622783970775653085652971888667064482151030822018565974084164812785937167067899265071806883189425808652614041346698609430428488623420867004775841831737139272403718817301879754589951077983369859385368318809992517855682694872534538862937538545227595881495646173926384613674206105836908073825850547714481997228126103022280543137613384164844604733917034425561783854025917174233571273088420726961501571798407502539168274663967684401560564643528658155154341567883345191932615679686743952146121930966280400203143164167037724051 Validity: [From: Mon Dec 04 10:42:29 CET 2017, To: Sat Jan 01 00:59:59 CET 10000] Issuer: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us SerialNumber: [1965736310424294143] Certificate Extensions: 7 [1]: ObjectId: 1.3.6.1.5.5.7.1.11 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 38 30 36 30 10 06 08 2b 06 01 05 05 07 30 03 .8060.........0. 0010: 87 04 0b 16 21 2c 30 22 06 08 2b 06 01 05 05 07 ......0......... 0020: 30 05 86 16 68 74 74 70 3a 2f 2f 61 6e 6f 74 68 0...http...anoth 0030: 65 72 2e 75 72 6c 2e 63 6f 6d er.url.com [2]: ObjectId: 2.5.29.18 Criticality=false IssuerAlternativeName [ [IPAddress: 10.20.30.40, URIName: http://some.url.com]] [3]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [4]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4d cb ee b6 cf 01 78 b7 d3 5c 65 16 96 a2 3c 4b M.....x...e....K 0010: e8 d8 5f a0 .... ] ] [5]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2 ] [6]: ObjectId: 2.5.29.37 Criticality=false ExtKeyUsage [ 1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.8] [7]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ [RFC822Name: bobsmith(a)example.com, DNSName: bobsmith.example.com]] Unparseable certificate extensions: 1 [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false 0000: 30 3f 30 1c 06 08 2b 06 01 05 05 07 30 01 86 10 0.0.........0... 0010: 31 30 2e 32 30 2e 33 30 2e 34 30 3a 38 30 38 30 10.20.30.40.8080 0020: 30 1f 06 08 2b 06 01 05 05 07 30 02 82 13 69 73 0.........0...is 0030: 73 75 65 72 73 2e 65 78 61 6d 70 6c 65 2e 63 6f suers.example.co 0040: 6d m ] Algorithm: [SHA256withDSA] Signature: 0000: 30 45 02 21 00 a8 4a dc 8b 0e a3 bd 55 7f 78 2a 0E....J.....U.x. 0010: 4e 68 17 b7 72 34 7d d0 77 c6 31 1e 00 ea f0 23 Nh..r4..w.1..... 0020: 06 a9 54 dd 7d 02 20 1b 19 b9 ef 4b 73 42 8b 4c ..T........KsB.L 0030: d5 19 a7 1e 86 1c 44 60 24 2c dc b1 29 1a bc 89 ......D......... 0040: e9 92 01 b2 55 fd 90 ....U.. ] {noformat} > SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues fails on IBM JDK > -------------------------------------------------------------------------------------------------------------- > > Key: ELY-1458 > URL: https://issues.jboss.org/browse/ELY-1458 > Project: WildFly Elytron > Issue Type: Bug > Components: Certificate Authority > Affects Versions: 1.2.0.Beta10 > Reporter: Martin Choma > > With IBM java > {noformat} > java -version > java version "1.8.0" > Java(TM) SE Runtime Environment (build pxa6480sr4fp6-20170518_02(SR4 FP6)) > IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170516_348050 (JIT enabled, AOT enabled) > J9VM - R28_20170516_1905_B348050 > JIT - tr.r14.java_20170516_348050 > GC - R28_20170516_1905_B348050_CMPRSS > J9CL - 20170516_348050) > JCL - 20170516_01 based on Oracle jdk8u131-b11 > {noformat} > run test > {noformat} > mvn test -Dtest=SelfSignedX509CertificateAndSigningKeyTest > [INFO] Running org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest > [ERROR] Tests run: 9, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 2.372 s <<< FAILURE! - in org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest > [ERROR] testSelfSignedCertificateWithStringExtensionValues(org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest) Time elapsed: 0.274 s <<< FAILURE! > java.lang.AssertionError > at org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues(SelfSignedX509CertificateAndSigningKeyTest.java:197) > {noformat} > This is test line failing > {code:java|title=SelfSignedX509CertificateAndSigningKeyTest.java} > byte[] authorityInfoAccessExtension = certificate.getExtensionValue(X500.OID_PE_AUTHORITY_INFO_ACCESS); > assertNotNull(authorityInfoAccessExtension); > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-1458) SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues fails on IBM JDK

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1458?page=com.atlassian.jira.plugin.s... ] Martin Choma commented on ELY-1458: ----------------------------------- With debugging I can see test is failing on searching OID 1.3.6.1.5.5.7.1.1 which is located in Unparseable certificate extensions {noformat} [ [ Version: V3 Subject: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us Signature Algorithm: SHA256withDSA, OID = 2.16.840.1.101.3.4.3.2 Key: IBMJCE DSA Public Key: 10389539464412903556924870926977456600328661145126110914220364993646327182827897057810681641838672622783970775653085652971888667064482151030822018565974084164812785937167067899265071806883189425808652614041346698609430428488623420867004775841831737139272403718817301879754589951077983369859385368318809992517855682694872534538862937538545227595881495646173926384613674206105836908073825850547714481997228126103022280543137613384164844604733917034425561783854025917174233571273088420726961501571798407502539168274663967684401560564643528658155154341567883345191932615679686743952146121930966280400203143164167037724051 Validity: [From: Mon Dec 04 10:42:29 CET 2017, To: Sat Jan 01 00:59:59 CET 10000] Issuer: CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us SerialNumber: [1965736310424294143] Certificate Extensions: 7 [1]: ObjectId: 1.3.6.1.5.5.7.1.11 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 38 30 36 30 10 06 08 2b 06 01 05 05 07 30 03 .8060.........0. 0010: 87 04 0b 16 21 2c 30 22 06 08 2b 06 01 05 05 07 ......0......... 0020: 30 05 86 16 68 74 74 70 3a 2f 2f 61 6e 6f 74 68 0...http...anoth 0030: 65 72 2e 75 72 6c 2e 63 6f 6d er.url.com [2]: ObjectId: 2.5.29.18 Criticality=false IssuerAlternativeName [ [IPAddress: 10.20.30.40, URIName: http://some.url.com]] [3]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [4]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4d cb ee b6 cf 01 78 b7 d3 5c 65 16 96 a2 3c 4b M.....x...e....K 0010: e8 d8 5f a0 .... ] ] [5]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2 ] [6]: ObjectId: 2.5.29.37 Criticality=false ExtKeyUsage [ 1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.8] [7]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ [RFC822Name: bobsmith(a)example.com, DNSName: bobsmith.example.com]] Unparseable certificate extensions: 1 [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false 0000: 30 3f 30 1c 06 08 2b 06 01 05 05 07 30 01 86 10 0.0.........0... 0010: 31 30 2e 32 30 2e 33 30 2e 34 30 3a 38 30 38 30 10.20.30.40.8080 0020: 30 1f 06 08 2b 06 01 05 05 07 30 02 82 13 69 73 0.........0...is 0030: 73 75 65 72 73 2e 65 78 61 6d 70 6c 65 2e 63 6f suers.example.co 0040: 6d m ] Algorithm: [SHA256withDSA] Signature: 0000: 30 45 02 21 00 a8 4a dc 8b 0e a3 bd 55 7f 78 2a 0E....J.....U.x. 0010: 4e 68 17 b7 72 34 7d d0 77 c6 31 1e 00 ea f0 23 Nh..r4..w.1..... 0020: 06 a9 54 dd 7d 02 20 1b 19 b9 ef 4b 73 42 8b 4c ..T........KsB.L 0030: d5 19 a7 1e 86 1c 44 60 24 2c dc b1 29 1a bc 89 ......D......... 0040: e9 92 01 b2 55 fd 90 ....U.. ] {noformat} > SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues fails on IBM JDK > -------------------------------------------------------------------------------------------------------------- > > Key: ELY-1458 > URL: https://issues.jboss.org/browse/ELY-1458 > Project: WildFly Elytron > Issue Type: Bug > Components: Certificate Authority > Affects Versions: 1.2.0.Beta10 > Reporter: Martin Choma > > With IBM java > {noformat} > java -version > java version "1.8.0" > Java(TM) SE Runtime Environment (build pxa6480sr4fp6-20170518_02(SR4 FP6)) > IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170516_348050 (JIT enabled, AOT enabled) > J9VM - R28_20170516_1905_B348050 > JIT - tr.r14.java_20170516_348050 > GC - R28_20170516_1905_B348050_CMPRSS > J9CL - 20170516_348050) > JCL - 20170516_01 based on Oracle jdk8u131-b11 > {noformat} > run test > {noformat} > mvn test -Dtest=SelfSignedX509CertificateAndSigningKeyTest > [INFO] Running org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest > [ERROR] Tests run: 9, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 2.372 s <<< FAILURE! - in org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest > [ERROR] testSelfSignedCertificateWithStringExtensionValues(org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest) Time elapsed: 0.274 s <<< FAILURE! > java.lang.AssertionError > at org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues(SelfSignedX509CertificateAndSigningKeyTest.java:197) > {noformat} > This is test line failing > {code:java|title=SelfSignedX509CertificateAndSigningKeyTest.java} > byte[] authorityInfoAccessExtension = certificate.getExtensionValue(X500.OID_PE_AUTHORITY_INFO_ACCESS); > assertNotNull(authorityInfoAccessExtension); > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-1458) SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues fails on IBM JDK

by Martin Choma (JIRA)

Martin Choma created ELY-1458: --------------------------------- Summary: SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues fails on IBM JDK Key: ELY-1458 URL: https://issues.jboss.org/browse/ELY-1458 Project: WildFly Elytron Issue Type: Bug Components: Certificate Authority Affects Versions: 1.2.0.Beta10 Reporter: Martin Choma With IBM java {noformat} java -version java version "1.8.0" Java(TM) SE Runtime Environment (build pxa6480sr4fp6-20170518_02(SR4 FP6)) IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170516_348050 (JIT enabled, AOT enabled) J9VM - R28_20170516_1905_B348050 JIT - tr.r14.java_20170516_348050 GC - R28_20170516_1905_B348050_CMPRSS J9CL - 20170516_348050) JCL - 20170516_01 based on Oracle jdk8u131-b11 {noformat} run test {noformat} mvn test -Dtest=SelfSignedX509CertificateAndSigningKeyTest [INFO] Running org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest [ERROR] Tests run: 9, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 2.372 s <<< FAILURE! - in org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest [ERROR] testSelfSignedCertificateWithStringExtensionValues(org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest) Time elapsed: 0.274 s <<< FAILURE! java.lang.AssertionError at org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKeyTest.testSelfSignedCertificateWithStringExtensionValues(SelfSignedX509CertificateAndSigningKeyTest.java:197) {noformat} This is test line failing {code:java|title=SelfSignedX509CertificateAndSigningKeyTest.java} byte[] authorityInfoAccessExtension = certificate.getExtensionValue(X500.OID_PE_AUTHORITY_INFO_ACCESS); assertNotNull(authorityInfoAccessExtension); {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-1457) Unable to run testsuite using mvn surefire:test

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1457?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1457: ------------------------------ Description: {noformat} mvn clean install -DskipTests mvn surefire:test -fae -Dmaven.test.failure.ignore=true [WARNING] Corrupted stdin stream in forked JVM 1. See the dump file /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire-reports/2017-11-30T17-02-48_325-jvmRun1.dumpstream ExecutionException The forked VM terminated without properly saying goodbye. VM crash or System.exit called? Command was /bin/sh -c cd /home/mchoma/workspace/git-repositories/wildfly-elytron && /usr/java/jdk1.8.0_131/jre/bin/java '-javaagent:${org.jmockit:jmockit:jar}' -jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire/surefirebooter575191532113315054.jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire 2017-11-30T17-02-48_325-jvmRun1 surefire4127140177271714029tmp surefire_06835135917194901533tmp Error occurred in starting fork, check output in log Process Exit Code: 1 {noformat} * "mvn test" works just fine. * "mvn surefire:test" used to be necessary for running testsuite with IBM JDK, as TS was not compilable with IBM JDK (this is not true anymore). So TS was build with Oracle JDK and run with IBM JDK. * "mvn surefire:test" used to work back in July. was: {noformat} mvn clean install -DskipTests mvn surefire:test -fae -Dmaven.test.failure.ignore=true [WARNING] Corrupted stdin stream in forked JVM 1. See the dump file /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire-reports/2017-11-30T17-02-48_325-jvmRun1.dumpstream ExecutionException The forked VM terminated without properly saying goodbye. VM crash or System.exit called? Command was /bin/sh -c cd /home/mchoma/workspace/git-repositories/wildfly-elytron && /usr/java/jdk1.8.0_131/jre/bin/java '-javaagent:${org.jmockit:jmockit:jar}' -jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire/surefirebooter575191532113315054.jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire 2017-11-30T17-02-48_325-jvmRun1 surefire4127140177271714029tmp surefire_06835135917194901533tmp Error occurred in starting fork, check output in log Process Exit Code: 1 {noformat} "mvn test" works just fine. "mvn surefire:test" used to be necessary for running testsuite with IBM JDK, as TS was not compilable with IBM JDK (this is not true anymore). So TS was build with Oracle JDK and run with IBM JDK. "mvn surefire:test" used to work back in July. > Unable to run testsuite using mvn surefire:test > ----------------------------------------------- > > Key: ELY-1457 > URL: https://issues.jboss.org/browse/ELY-1457 > Project: WildFly Elytron > Issue Type: Bug > Components: Testsuite, Utils > Affects Versions: 1.2.0.Beta10 > Reporter: Martin Choma > Priority: Minor > > {noformat} > mvn clean install -DskipTests > mvn surefire:test -fae -Dmaven.test.failure.ignore=true > [WARNING] Corrupted stdin stream in forked JVM 1. See the dump file /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire-reports/2017-11-30T17-02-48_325-jvmRun1.dumpstream > ExecutionException The forked VM terminated without properly saying goodbye. VM crash or System.exit called? > Command was /bin/sh -c cd /home/mchoma/workspace/git-repositories/wildfly-elytron && /usr/java/jdk1.8.0_131/jre/bin/java '-javaagent:${org.jmockit:jmockit:jar}' -jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire/surefirebooter575191532113315054.jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire 2017-11-30T17-02-48_325-jvmRun1 surefire4127140177271714029tmp surefire_06835135917194901533tmp > Error occurred in starting fork, check output in log > Process Exit Code: 1 > {noformat} > * "mvn test" works just fine. > * "mvn surefire:test" used to be necessary for running testsuite with IBM JDK, as TS was not compilable with IBM JDK (this is not true anymore). So TS was build with Oracle JDK and run with IBM JDK. > * "mvn surefire:test" used to work back in July. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (ELY-1457) Unable to run testsuite using mvn surefire:test

by Martin Choma (JIRA)

Martin Choma created ELY-1457: --------------------------------- Summary: Unable to run testsuite using mvn surefire:test Key: ELY-1457 URL: https://issues.jboss.org/browse/ELY-1457 Project: WildFly Elytron Issue Type: Bug Components: Testsuite, Utils Affects Versions: 1.2.0.Beta10 Reporter: Martin Choma Priority: Minor {noformat} mvn clean install -DskipTests mvn surefire:test -fae -Dmaven.test.failure.ignore=true [WARNING] Corrupted stdin stream in forked JVM 1. See the dump file /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire-reports/2017-11-30T17-02-48_325-jvmRun1.dumpstream ExecutionException The forked VM terminated without properly saying goodbye. VM crash or System.exit called? Command was /bin/sh -c cd /home/mchoma/workspace/git-repositories/wildfly-elytron && /usr/java/jdk1.8.0_131/jre/bin/java '-javaagent:${org.jmockit:jmockit:jar}' -jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire/surefirebooter575191532113315054.jar /home/mchoma/workspace/git-repositories/wildfly-elytron/target/surefire 2017-11-30T17-02-48_325-jvmRun1 surefire4127140177271714029tmp surefire_06835135917194901533tmp Error occurred in starting fork, check output in log Process Exit Code: 1 {noformat} "mvn test" works just fine. "mvn surefire:test" used to be necessary for running testsuite with IBM JDK, as TS was not compilable with IBM JDK (this is not true anymore). So TS was build with Oracle JDK and run with IBM JDK. "mvn surefire:test" used to work back in July. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2160) Enhance UI in Test Scenarios Editor

by Jozef Marko (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2160?page=com.atlassian.jira.plugi... ] Jozef Marko updated DROOLS-2160: -------------------------------- Tester: Jozef Marko > Enhance UI in Test Scenarios Editor > ----------------------------------- > > Key: DROOLS-2160 > URL: https://issues.jboss.org/browse/DROOLS-2160 > Project: Drools > Issue Type: Enhancement > Components: Test Scenarios Editor > Reporter: Ivo Bek > Assignee: Toni Rikkola > Attachments: Screenshot from 2017-12-01 16-38-52.png > > > Test Scenarios editor needs to be polished: > * Delete Buttons are too small - it would be good to enlarge them. > * Some other elements doesn't have enough space around them. > * Please do any other small visual changes which makes sense. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2239) AUTH + ASYM_ENCRYPT causes problem with re-joining cluster (MERGE)

by Boris Sh (JIRA)

[ https://issues.jboss.org/browse/JGRP-2239?page=com.atlassian.jira.plugin.... ] Boris Sh updated JGRP-2239: --------------------------- Steps to Reproduce: It was not easy for me to reproduce this problem on linux prod server, so what I did on my Windows dev machine: 1. Deployed 3 nodes (Not needed to have all 7 for test, 3 is enough. And I couldn't reproduce the issue on 2 nodes in cluster). 2. Started "CPU Stress" util with maximum thread priorities and activity for all CPU cores on my PC for 3-5 minutes. 3. Stopped "CPU Stress". 4. See the problem in logs: one node has left the cluster, and after "merge" request cluster became look a bit strange - now has 2 subgroups. And kicked node can't communicate with any other node, log is fulfilled with error messages like "unrecognized cipher". was: It was not easy for me to reproduce with problem on linux prod server, so what I did on my Windows dev machine: 1. Deployed 3 nodes (Not needed to have all 7 for test, 3 is enough. And I couldn't reproduce the issue on 2 nodes in cluster). 2. Started "CPU Stress" util with maximum thread priorities and activity for all CPU cores on my PC for 3-5 minutes. 3. Stopped "CPU Stress". 4. See the problem in logs: one node has left the cluster, and after "merge" request cluster became look a bit strange - now has 2 subgroups. And kicked node can't communicate with any other node, log is fulfilled with error messages like "unrecognized cipher". > AUTH + ASYM_ENCRYPT causes problem with re-joining cluster (MERGE) > ------------------------------------------------------------------ > > Key: JGRP-2239 > URL: https://issues.jboss.org/browse/JGRP-2239 > Project: JGroups > Issue Type: Bug > Affects Versions: 4.0.6 > Environment: Infinispan 9.1.1 + JGroups 4.0.6.Final + Vert.x 3.5.0 > Reporter: Boris Sh > Assignee: Bela Ban > > Hello, > I am using the following configuration: > {code:java} > <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xmlns="urn:org:jgroups" xsi:schemaLocation="urn:org:jgroups http://www.jgroups.org/schema/jgroups.xsd"> > <UDP /> > <PING /> > <MERGE3 /> > <FD /> > <VERIFY_SUSPECT /> > <ASYM_ENCRYPT encrypt_entire_message="true" sym_keylength="128" > sym_algorithm="AES/ECB/PKCS5Padding" asym_keylength="2048" > asym_algorithm="RSA" /> > <pbcast.NAKACK2 /> > <UNICAST3 /> > <pbcast.STABLE /> > <FRAG2 /> > <AUTH auth_class="org.jgroups.auth.X509Token" auth_value="auth" > keystore_path="keystore.jks" keystore_password="pwd" cert_alias="alias" > cipher_type="RSA" /> > <pbcast.GMS /> > </config> > {code} > I have 7 services, but will try to show logs for 2 ones, coordinator and some random node, and all the other nodes behave similarly. > Initially, when these nodes join the cluster, everything is fine. > The server is a shared machine with slow CPU and also slow HDD, so sometimes, when other applications are busy with their tasks, whole my cluster can get frozen for 3-5 minutes. During/in the end of this freeze, some service may tell me the following (in logs): > {code:java} > org.jgroups.protocols.FD up > WARNING: node-26978: I was suspected by node-27291; ignoring the SUSPECT message and sending back a HEARTBEAT_ACK > WARNING: node-26978: unrecognized cipher; discarding message from node-27291 > org.jgroups.protocols.Encrypt handleEncryptedMessage > WARNING: node-26978: unrecognized cipher; discarding message from node-27291 > org.jgroups.protocols.Encrypt handleEncryptedMessage > WARNING: node-26978: unrecognized cipher; discarding message from node-36734 > org.jgroups.protocols.Encrypt handleEncryptedMessage > {code} > so the node was kicked out from the cluster, as it became "suspect", but the node doesn't agree with that fact. Cluster coordinator has already changed sym private key, so in the further logs of this server I see "unrecognized cipher". > In cluster coordinator logs I see the following: > {code:java} > INFO: ISPN100000: Node node-26978 joined the cluster > **** > WARN: node-27291: unrecognized cipher; discarding message from node-26978 > org.jgroups.logging.Slf4jLogImpl error > ERROR: key requester node-26978 is not in current view [***]; ignoring key request > org.jgroups.logging.Slf4jLogImpl warn > WARN: node-27291: unrecognized cipher; discarding message from node-26978 > INFO: ISPN000093: Received new, MERGED cluster view for channel ISPN: MergeView::[node-26978|8] (7) [node-26978, node-12721, node-17625, node-45936, node-56674, node-36734, node-27291], 2 subgroups: [node-27291|7] (6) [node-27291, node-12721, node-17625, node-45936, node-56674, node-36734], [node-27291|6] (7) [node-27291, node-26978, node-12721, node-17625, node-45936, node-56674, node-36734] > {code} > My understanding of what has happened: > For example I have 3 nodes {A, B, C} in the cluster. The cluster gets frozen for some minutes, so node {C} becomes suspected, and kicked out from the cluster by coordinator. For some reason {C} ignores that fact. Later, after cluster is up again, it becomes ignoring messages from {C}, because it is using ASYM encryption and private key has been re-generated by coordinator. Also, for some reason MERGE operation doesn't work, and {C} can not join back to cluster, and now cluster has 2 subgroups, that don't communicate to each other, and I don't fully understand why this happens. > How I temporary resolved this issue: changed ASYM_ENCRYPT to SYM_ENCRYPT, and now any node can come back to the cluster successfully after freeze, as the key doesn't change. > Also, I didn't test, but think change_key_on_leave="false" will help, but this is not the way I want to use. > So looks like this a problem with AUTH + ASYM_ENCRYPT protocol combination, when node in some cases can not rejoin the cluster. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9588) Investigate on splitting as transaction module to not be gathering all dependencies

by Ondra Chaloupka (JIRA)

[ https://issues.jboss.org/browse/WFLY-9588?page=com.atlassian.jira.plugin.... ] Ondra Chaloupka commented on WFLY-9588: --------------------------------------- not sure if directly block WFLY-9455 but making easier more granular dependency graph could help a lot in solving it > Investigate on splitting as transaction module to not be gathering all dependencies > ----------------------------------------------------------------------------------- > > Key: WFLY-9588 > URL: https://issues.jboss.org/browse/WFLY-9588 > Project: WildFly > Issue Type: Task > Components: Transactions > Affects Versions: 11.0.0.Final > Reporter: Ondra Chaloupka > Assignee: Ondra Chaloupka > Attachments: eap71-txn-dependencies.jpg > > > Current org.jboss.as.transaction module is heavy lifting and has many dependencies and lot of work competencies. E.g. org.jboss.jts module depends on that too. > It should be investigated how to disentangle all the dependencies. > Plus this could be beneficiary for WildFly Swarm if we are able to split the dependency chains, maybe not using one big jar in the transaction module but provide more granularity. Needs to be investigated. > See attached image for a view of dependencies. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 5 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira December 2017