[Red Hat JIRA] (ELY-2064) Elytron Quarkus integration not supporting key cloning
by Darran Lofthouse (Jira)
[ https://issues.redhat.com/browse/ELY-2064?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse updated ELY-2064:
----------------------------------
Priority: Critical (was: Major)
> Elytron Quarkus integration not supporting key cloning
> ------------------------------------------------------
>
> Key: ELY-2064
> URL: https://issues.redhat.com/browse/ELY-2064
> Project: WildFly Elytron
> Issue Type: Enhancement
> Reporter: Galder Zamarreño
> Assignee: Darran Lofthouse
> Priority: Critical
>
> Elytron Quarkus integration does not support key cloning, which causes Infinispan native server to not be buildable. See [here|https://github.com/infinispan/infinispan-quarkus/issues/44] for details.
> From an Elytron perspective, a way to solve this would be to have a substitution that looks something like this, where MethodHandle uses are replaced by standard reflection:
> {code:java}
> package org.example.elytron.graal;
> import com.oracle.svm.core.annotate.Substitute;
> import com.oracle.svm.core.annotate.TargetClass;
> import java.lang.reflect.Constructor;
> import java.lang.reflect.Method;
> import java.lang.reflect.UndeclaredThrowableException;
> import java.security.Key;
> import java.security.PrivilegedAction;
> import java.util.function.UnaryOperator;
> import static java.security.AccessController.doPrivileged;
> @TargetClass(className = "org.wildfly.security.key.KeyUtil$KeyClonerCreator")
> final class Target_org_wildfly_security_key_KeyUtil_KeyClonerCreator
> {
> @Substitute
> private UnaryOperator<Key> checkForCloneMethod(final Class<?> declType, final Class<?> returnType)
> {
> System.out.printf("Call checkForCloneMethod(%s,%s)%n", declType, returnType);
> final Method method = doPrivileged(new PrivilegedAction<Method>()
> {
> @Override
> public Method run()
> {
> try
> {
> final var cloneMethod = declType.getDeclaredMethod("clone");
> if (cloneMethod.getReturnType() == returnType)
> return cloneMethod;
> return null;
> }
> catch (NoSuchMethodException e)
> {
> return null;
> }
> }
> });
> if (method == null)
> return null;
> return new UnaryOperator<Key>()
> {
> @Override
> public Key apply(Key key)
> {
> try
> {
> return (Key) method.invoke(key);
> }
> catch (RuntimeException | Error e)
> {
> throw e;
> }
> catch (Throwable throwable)
> {
> throw new UndeclaredThrowableException(throwable);
> }
> }
> };
> }
> @Substitute
> private UnaryOperator<Key> checkForCopyCtor(final Class<?> declType, final Class<?> paramType)
> {
> System.out.printf("Call checkForCopyCtor(%s,%s)%n", declType, paramType);
> final Constructor<?> constructor = doPrivileged(new PrivilegedAction<Constructor<?>>()
> {
> @Override
> public Constructor<?> run()
> {
> try
> {
> return declType.getDeclaredConstructor(paramType);
> }
> catch (NoSuchMethodException e)
> {
> System.out.printf("Copy ctor in %s for parameter %s not found%n", declType, paramType);
> return null;
> }
> }
> });
> if (constructor == null)
> return null;
> return new UnaryOperator<Key>()
> {
> @Override
> public Key apply(Key key)
> {
> try
> {
> return (Key) constructor.newInstance(key);
> }
> catch (RuntimeException | Error e)
> {
> throw e;
> }
> catch (Throwable throwable)
> {
> throw new UndeclaredThrowableException(throwable);
> }
> }
> };
> }
> } {code}
> These substitutions alone are not enough, there are also needs to be some reflection registrations for the keys for which this is expected to work. As example:
> {code:java}
> package org.example.elytron.graal;
> import com.oracle.svm.core.annotate.AutomaticFeature;
> import org.example.elytron.Main;
> import org.graalvm.nativeimage.hosted.Feature;
> import org.graalvm.nativeimage.hosted.RuntimeReflection;
> import javax.crypto.SecretKey;
> import java.lang.reflect.UndeclaredThrowableException;
> @AutomaticFeature
> public class RuntimeReflectionRegistrations implements Feature
> {
> public void beforeAnalysis(BeforeAnalysisAccess access)
> {
> try
> {
> RuntimeReflection.register(Main.CopyConstructorSecretKey.class.getDeclaredConstructor(SecretKey.class));
> RuntimeReflection.register(Main.CopyConstructorSecretKey.class.getDeclaredMethod("destroy"));
> RuntimeReflection.register(Main.CloneMethodSecretKey.class.getDeclaredMethod("clone"));
> RuntimeReflection.register(Main.CloneMethodSecretKey.class.getDeclaredMethod("destroy"));
> }
> catch (NoSuchMethodException e)
> {
> throw new UndeclaredThrowableException(e);
> }
> }
> } {code}
> [This main class|https://github.com/galderz/mendrugo/blob/master/elytron-cloning/src... these substitutions which have been verified to work with a couple of custom designed secret keys that fall within the expected substitution.
> The Elytron and Infinispan teams should work together to figure out which keys require support from the reflection calls above.
> All the code above can be found in [this sample project.|https://github.com/galderz/mendrugo/tree/master/elytron-cloning]
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
5 years, 3 months
[Red Hat JIRA] (ELY-2064) Elytron Quarkus integration not supporting key cloning
by Galder Zamarreño (Jira)
[ https://issues.redhat.com/browse/ELY-2064?page=com.atlassian.jira.plugin.... ]
Galder Zamarreño commented on ELY-2064:
---------------------------------------
[MethodHandles support appears to be coming in 21.0|https://github.com/oracle/graal/issues/2761#issuecomment-755261611].
> Elytron Quarkus integration not supporting key cloning
> ------------------------------------------------------
>
> Key: ELY-2064
> URL: https://issues.redhat.com/browse/ELY-2064
> Project: WildFly Elytron
> Issue Type: Enhancement
> Reporter: Galder Zamarreño
> Assignee: Darran Lofthouse
> Priority: Major
>
> Elytron Quarkus integration does not support key cloning, which causes Infinispan native server to not be buildable. See [here|https://github.com/infinispan/infinispan-quarkus/issues/44] for details.
> From an Elytron perspective, a way to solve this would be to have a substitution that looks something like this, where MethodHandle uses are replaced by standard reflection:
> {code:java}
> package org.example.elytron.graal;
> import com.oracle.svm.core.annotate.Substitute;
> import com.oracle.svm.core.annotate.TargetClass;
> import java.lang.reflect.Constructor;
> import java.lang.reflect.Method;
> import java.lang.reflect.UndeclaredThrowableException;
> import java.security.Key;
> import java.security.PrivilegedAction;
> import java.util.function.UnaryOperator;
> import static java.security.AccessController.doPrivileged;
> @TargetClass(className = "org.wildfly.security.key.KeyUtil$KeyClonerCreator")
> final class Target_org_wildfly_security_key_KeyUtil_KeyClonerCreator
> {
> @Substitute
> private UnaryOperator<Key> checkForCloneMethod(final Class<?> declType, final Class<?> returnType)
> {
> System.out.printf("Call checkForCloneMethod(%s,%s)%n", declType, returnType);
> final Method method = doPrivileged(new PrivilegedAction<Method>()
> {
> @Override
> public Method run()
> {
> try
> {
> final var cloneMethod = declType.getDeclaredMethod("clone");
> if (cloneMethod.getReturnType() == returnType)
> return cloneMethod;
> return null;
> }
> catch (NoSuchMethodException e)
> {
> return null;
> }
> }
> });
> if (method == null)
> return null;
> return new UnaryOperator<Key>()
> {
> @Override
> public Key apply(Key key)
> {
> try
> {
> return (Key) method.invoke(key);
> }
> catch (RuntimeException | Error e)
> {
> throw e;
> }
> catch (Throwable throwable)
> {
> throw new UndeclaredThrowableException(throwable);
> }
> }
> };
> }
> @Substitute
> private UnaryOperator<Key> checkForCopyCtor(final Class<?> declType, final Class<?> paramType)
> {
> System.out.printf("Call checkForCopyCtor(%s,%s)%n", declType, paramType);
> final Constructor<?> constructor = doPrivileged(new PrivilegedAction<Constructor<?>>()
> {
> @Override
> public Constructor<?> run()
> {
> try
> {
> return declType.getDeclaredConstructor(paramType);
> }
> catch (NoSuchMethodException e)
> {
> System.out.printf("Copy ctor in %s for parameter %s not found%n", declType, paramType);
> return null;
> }
> }
> });
> if (constructor == null)
> return null;
> return new UnaryOperator<Key>()
> {
> @Override
> public Key apply(Key key)
> {
> try
> {
> return (Key) constructor.newInstance(key);
> }
> catch (RuntimeException | Error e)
> {
> throw e;
> }
> catch (Throwable throwable)
> {
> throw new UndeclaredThrowableException(throwable);
> }
> }
> };
> }
> } {code}
> These substitutions alone are not enough, there are also needs to be some reflection registrations for the keys for which this is expected to work. As example:
> {code:java}
> package org.example.elytron.graal;
> import com.oracle.svm.core.annotate.AutomaticFeature;
> import org.example.elytron.Main;
> import org.graalvm.nativeimage.hosted.Feature;
> import org.graalvm.nativeimage.hosted.RuntimeReflection;
> import javax.crypto.SecretKey;
> import java.lang.reflect.UndeclaredThrowableException;
> @AutomaticFeature
> public class RuntimeReflectionRegistrations implements Feature
> {
> public void beforeAnalysis(BeforeAnalysisAccess access)
> {
> try
> {
> RuntimeReflection.register(Main.CopyConstructorSecretKey.class.getDeclaredConstructor(SecretKey.class));
> RuntimeReflection.register(Main.CopyConstructorSecretKey.class.getDeclaredMethod("destroy"));
> RuntimeReflection.register(Main.CloneMethodSecretKey.class.getDeclaredMethod("clone"));
> RuntimeReflection.register(Main.CloneMethodSecretKey.class.getDeclaredMethod("destroy"));
> }
> catch (NoSuchMethodException e)
> {
> throw new UndeclaredThrowableException(e);
> }
> }
> } {code}
> [This main class|https://github.com/galderz/mendrugo/blob/master/elytron-cloning/src... these substitutions which have been verified to work with a couple of custom designed secret keys that fall within the expected substitution.
> The Elytron and Infinispan teams should work together to figure out which keys require support from the reflection calls above.
> All the code above can be found in [this sample project.|https://github.com/galderz/mendrugo/tree/master/elytron-cloning]
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
5 years, 3 months
[Red Hat JIRA] (DROOLS-5405) NPE removing a rule from KieBase
by Mario Fusco (Jira)
[ https://issues.redhat.com/browse/DROOLS-5405?page=com.atlassian.jira.plug... ]
Mario Fusco updated DROOLS-5405:
--------------------------------
Sprint: 2020 Week 52-03 (from Dec 21)
> NPE removing a rule from KieBase
> --------------------------------
>
> Key: DROOLS-5405
> URL: https://issues.redhat.com/browse/DROOLS-5405
> Project: Drools
> Issue Type: Bug
> Components: core engine
> Affects Versions: 7.37.0.Final
> Reporter: dianle zhang
> Assignee: Mario Fusco
> Priority: Blocker
>
> removing a rule from KieBase causes the following NPE:
> java.lang.NullPointerException: null
> at org.drools.core.phreak.AddRemoveRule.iterateLeftTuple(AddRemoveRule.java:1063) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.phreak.AddRemoveRule.visitChild(AddRemoveRule.java:978) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.phreak.AddRemoveRule.lambda$processLeftTuplesOnLian$1(AddRemoveRule.java:936) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.common.DefaultFactHandle$SingleLinkedTuples.forEachLeftTuple(DefaultFactHandle.java:727) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.common.DefaultFactHandle.forEachLeftTuple(DefaultFactHandle.java:923) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.phreak.AddRemoveRule.processLeftTuplesOnLian(AddRemoveRule.java:931) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.phreak.AddRemoveRule.processLeftTuples(AddRemoveRule.java:856) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.phreak.AddRemoveRule.removeRule(AddRemoveRule.java:173) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.reteoo.ReteooBuilder.removeTerminalNode(ReteooBuilder.java:191) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.reteoo.ReteooBuilder.removeRules(ReteooBuilder.java:177) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.impl.KnowledgeBaseImpl.lambda$removeRule$6(KnowledgeBaseImpl.java:1553) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.impl.KnowledgeBaseImpl.enqueueModification(KnowledgeBaseImpl.java:745) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
> at org.drools.core.impl.KnowledgeBaseImpl.removeRule(KnowledgeBaseImpl.java:1537) ~[drools-core-7.37.0.Final.jar:7.37.0.Final]
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
5 years, 3 months