[Hawkular-dev] agent running in EAP6.4 cannot talk to Hawkular Server over HTTPS

Josejulio Martinez Magana jmartine at redhat.com
Tue Mar 7 19:48:58 EST 2017 

Only thing I could think of was to use reflection to get the actual wrapped
factory:

https://github.com/hawkular/hawkular-agent/pull/300/commits/bedf8a19496aba56df71c95447b1327c766676d5#diff-394e3f128a0dd5307095aab90861bce7R319

This is currently working on EAP6 (and EAP7).

On Tue, Mar 7, 2017 at 4:03 PM, John Mazzitelli <mazz at redhat.com> wrote:

> BTW: the latest agent release/master branch will not produce this NPE but
> it still isn't good because, instead of getting an NPE, you get this
> loveliness:
>
> 16:57:53,081 ERROR [org.hawkular.agent.monitor.service.MonitorService]
> (Hawkular WildFly Agent Startup Thread) HAWKMONITOR010054: Agent
> encountered errors during start up and will be stopped.: java.lang.IllegalStateException:
> Unable to extract the trust manager on okhttp3.internal.platform.
> Platform at 69f176ea, sslSocketFactory is class org.jboss.as.domain.
> management.security.WrapperSSLContext$WrapperSpi$WrapperSSLSocketFactory
>         at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.
> java:599)
>
> OKHttp is looking for particular SSL class to find a trust manager but is
> thrown for a loop when it finds WildFly has its own wrapper implementation.
> This is the whole reason why this PR exists (and the NPE shows up when
> running with that PR):
>
> https://github.com/hawkular/hawkular-agent/pull/300
>
> (and just to clarify, this is only an issue on EAP6.4. Everything works
> fine on EAP7+)
>
> ----- Original Message -----
> > Josejulio, cc hawkular-dev:
> >
> > <TL;DR>
> > Due to incomplete API support in a EAP 6.4 library, we cannot support the
> > agent installed as a subsystem extension inside EAP6 if the agent is to
> talk
> > to the Hawkular Server over HTTPS.
> > </TL;DR>
> >
> > I don't know how to workaround this one - maybe someone has a bright
> idea.
> > But right now, it looks like we can't support an EAP6-based agent
> talking to
> > Hawkular-Metrics over HTTPS *unless* the agent is running as a javaagent
> (a
> > new feature not even in master yet, but I tried it and it works).
> >
> > This is a EAP 6.4 method that OKHttp is calling when making an HTTP
> request
> > requiring SSL - I'll give you the summary - its a one-line auto-generated
> > stub method that "return null;" :)
> >
> > https://github.com/wildfly/wildfly-core/blame/
> de6b17d4d342e98871c0e95f7e6faa9006383768/domain-management/
> src/main/java/org/jboss/as/domain/management/security/
> WrapperSSLContext.java#L124-L126
> >
> > I stepped into this code via a debugger and the line number and behavior
> > (returning null always) matches up with that code.
> >
> > Needless to say, this causes a NullPointerException later on in the
> OKHttp
> > library and thus cannot talk to the Hawkular Server over HTTPS.
> >
> > Here's the stack trace that got me there:
> >
> > Daemon Thread [Hawkular WildFly Agent Startup Thread] (Suspended)
> >       org.jboss.as.domain.management.security.
> WrapperSSLContext$WrapperSpi$WrapperSSLSocketFactory.
> createSocket(java.net.Socket,
> >       java.lang.String, int, boolean) line: 126
> >       okhttp3.internal.connection.RealConnection.connectTls(int, int,
> >       okhttp3.internal.connection.ConnectionSpecSelector) line: 230
> >       okhttp3.internal.connection.RealConnection.establishProtocol(int,
> int,
> >       okhttp3.internal.connection.ConnectionSpecSelector) line: 198
> >       okhttp3.internal.connection.RealConnection.buildConnection(int,
> int, int,
> >       okhttp3.internal.connection.ConnectionSpecSelector) line: 174
> >       okhttp3.internal.connection.RealConnection.connect(int, int, int,
> >       java.util.List<okhttp3.ConnectionSpec>, boolean) line: 114
> >       okhttp3.internal.connection.StreamAllocation.findConnection(int,
> int, int,
> >       boolean) line: 193
> >       okhttp3.internal.connection.StreamAllocation.findHealthyConnection(int,
> int,
> >       int, boolean, boolean) line: 129
> >       okhttp3.internal.connection.StreamAllocation.newStream(
> okhttp3.OkHttpClient,
> >       boolean) line: 98
> >       okhttp3.internal.connection.ConnectInterceptor.intercept(
> okhttp3.Interceptor$Chain)
> >       line: 42
> >       okhttp3.internal.http.RealInterceptorChain.proceed(
> okhttp3.Request,
> >       okhttp3.internal.connection.StreamAllocation,
> >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> >       okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request)
> line: 67
> >       okhttp3.internal.cache.CacheInterceptor.intercept(
> okhttp3.Interceptor$Chain)
> >       line: 109
> >       okhttp3.internal.http.RealInterceptorChain.proceed(
> okhttp3.Request,
> >       okhttp3.internal.connection.StreamAllocation,
> >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> >       okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request)
> line: 67
> >       okhttp3.internal.http.BridgeInterceptor.intercept(
> okhttp3.Interceptor$Chain)
> >       line: 93
> >       okhttp3.internal.http.RealInterceptorChain.proceed(
> okhttp3.Request,
> >       okhttp3.internal.connection.StreamAllocation,
> >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> >       okhttp3.internal.http.RetryAndFollowUpInterceptor.
> intercept(okhttp3.Interceptor$Chain)
> >       line: 124
> >       okhttp3.internal.http.RealInterceptorChain.proceed(
> okhttp3.Request,
> >       okhttp3.internal.connection.StreamAllocation,
> >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> >       okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request)
> line: 67
> >       okhttp3.RealCall.getResponseWithInterceptorChain() line: 170
> >       okhttp3.RealCall.execute() line: 60
> >       org.hawkular.agent.monitor.service.MonitorService(org.
> hawkular.agent.monitor.service.AgentCoreEngine).waitForHawkularServer()
> >       line: 648
> >       org.hawkular.agent.monitor.service.MonitorService(org.
> hawkular.agent.monitor.service.AgentCoreEngine).startHawkularAgent(org.
> hawkular.agent.monitor.config.AgentCoreEngineConfiguration)
> >       line: 279
> >       org.hawkular.agent.monitor.service.MonitorService(org.
> hawkular.agent.monitor.service.AgentCoreEngine).startHawkularAgent()
> >       line: 164
> >       org.hawkular.agent.monitor.service.MonitorService$
> 1CustomPropertyChangeListener$1.run()
> >       line: 395
> >       java.lang.Thread.run() line: 745
> >
> _______________________________________________
> hawkular-dev mailing list
> hawkular-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hawkular-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/hawkular-dev/attachments/20170307/efee44b3/attachment-0001.html

More information about the hawkular-dev mailing list