[jboss-jira] [JBoss JIRA] (JGRP-2152) ASYM_ENCRYPT failure on Wildfly 10.1.0

Michal Vinkler (JIRA) issues at jboss.org
Fri Jan 13 07:33:00 EST 2017 

    [ https://issues.jboss.org/browse/JGRP-2152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13347880#comment-13347880 ] 

Michal Vinkler commented on JGRP-2152:
--------------------------------------

[~rachmato], [~belaban], we did not have any failover tests using AUTH + ASYM_ENCRYPT, so I added one. 
I added both ASYM_ENCRYPT and AUTH as Bela suggested. I used EAP 7.1.0.DR10 build (uses jgroups-3.6.11.Final-redhat-1.jar) and also 7.1.0.DR6 build (the last one using jgroups-3.6.10.Final-redhat-1.jar).

Test description:
4 node cluster + mod-jk loadbalancer, one cluster node at the time is shut down (and then restarted after some time), while 2000 standalone clients keep calling the application.

link to the Jenkins runs: 
[run 4 - EAP 7.1.0.DR10 with jgroups-3.6.11.Final|http://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/mvinkler_perflab_eap-7x-failover-http-session-shutdown-dist-async-auth-asymEncrypt/4/]
[run 5 - EAP 7.1.0.DR6 with jgroups-3.6.10.Final|http://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/mvinkler_perflab_eap-7x-failover-http-session-shutdown-dist-async-auth-asymEncrypt/5/]
link to standalone-ha.xml: [perf18 standalone-ha.xml (run 4)|http://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/mvinkler_perflab_eap-7x-failover-http-session-shutdown-dist-async-auth-asymEncrypt/4/artifact/report/config/jboss-perf18/standalone-ha.xml] 

*run 4 - EAP 7.1.0.DR10 with jgroups-3.6.11.Final:*
There were few occurences of these error messages (see for example [perf21 log|http://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/mvinkler_perflab_eap-7x-failover-http-session-shutdown-dist-async-auth-asymEncrypt/4/console-perf21/]):
{code}
[JBossINF] 06:13:48,376 ERROR [org.jgroups.protocols.ASYM_ENCRYPT] (thread-1,ee,perf21) null: key server is currently not set
[JBossINF] 06:21:59,162 ERROR [org.jgroups.protocols.ASYM_ENCRYPT] (thread-6,ee,perf21) perf21: failed decrypting message from perf19 (offset=0, length=4880, buf.length=4880): java.lang.NullPointerException, headers are ASYM_ENCRYPT: [ENCRYPT version=n/a]
[JBossINF] 06:21:59,163 ERROR [org.jgroups.protocols.ASYM_ENCRYPT] (thread-6,ee,perf21) perf21: failed decrypting message from perf19 (offset=0, length=4880, buf.length=4880): java.lang.NullPointerException, headers are ASYM_ENCRYPT: [ENCRYPT version=n/a]
[JBossINF] 06:21:59,166 ERROR [org.jgroups.protocols.ASYM_ENCRYPT] (thread-6,ee,perf21) perf21: failed decrypting message from perf19 (offset=0, length=4880, buf.length=4880): java.lang.NullPointerException, headers are ASYM_ENCRYPT: [ENCRYPT version=n/a]
{code}
The NPE seems as a bug to me.
But other than that, there were no other issues. There were 15 sampline errors in total (i.e. client got stale data/bad response 15 times).

*run 5 - EAP 7.1.0.DR6 with jgroups-3.6.10.Final:*
There are *thousands* of occurrences of these WARN/ERROR messages (see for example [perf20 log|http://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/mvinkler_perflab_eap-7x-failover-http-session-shutdown-dist-async-auth-asymEncrypt/5/console-perf20/]):
{code}
[JBossINF] 07:00:13,579 WARN  [org.jgroups.protocols.ASYM_ENCRYPT] (thread-8,ee,perf20) perf20: exception occurred decrypting message
[JBossINF] 07:00:13,580 ERROR [org.jgroups.protocols.ASYM_ENCRYPT] (thread-1,ee,perf20) perf20: failed decrypting message from perf19 (offset=0, length=4960, buf.length=4960): javax.crypto.BadPaddingException: Given final block not properly padded, headers are ASYM_ENCRYPT: [ENCRYPT version=16 bytes]
{code}

There were 201 sampling errors in total (I would expect somewhat bigger number considering the number of ERROR messages).


Regarding the authentication/encryption tests in JGroups testsuite - see [~rjanik]'s answer:
I assume you're looking for JGroups version 3.6.10.Final (version for Wildfly 10.1, which is mentioned in the Jira). I can see some authentication/encryption tests in the JGroups testsuite under tag JGroups-3.6.10.Final. Some of them have @since 4.0, but I can see them nevertheless (?).

These would be
  EncryptTest (disabled)
  ENCRYPTAsymmetricTest
  ENCRYPTKeystoreTest
  ASYM_ENCRYPT_Test
  SYM_ENCRYPT_Test
  SASLTest
  SASL_SimpleAuthorizingCallbackTest

Some of these also reference AUTH.

> ASYM_ENCRYPT failure on Wildfly 10.1.0
> --------------------------------------
>
>                 Key: JGRP-2152
>                 URL: https://issues.jboss.org/browse/JGRP-2152
>             Project: JGroups
>          Issue Type: Bug
>    Affects Versions: 3.6.10
>            Reporter: Matt Wringe
>            Assignee: Bela Ban
>             Fix For: 4.0, 3.6.13
>
>         Attachments: hawkular-metrics-1.log, hawkular-metrics-2.log, org.jboss.as.test.clustering.cluster.cdi.CdiFailoverTestCase-SYNC-tcp-output.txt, standalone.xml
>
>
> Using ASYM_ENCRYPT on Wildfly 10.1.0 seems to be broken.
> I am using the parameters for ASYM_ENCRYPT specified in http://www.jgroups.org/manual/index.html#Security
> Note: running with SYM_ENCRYPT doesn't cause any issues and it works fine with my setup. Its only ASYM_ENCRYPT which is currently failing.
> Note: running this on EAP fails in a similar manner.
> Eg:
> <protocol type="ASYM_ENCRYPT">
>   <property name="encrypt_entire_message">true</property>
>   <property name="sym_keylength">128</property>
>   <property name="sym_algorithm">AES/ECB/PKCS5Padding</property>
>   <property name="asym_keylength">512</property>
>   <property name="asym_algorithm">RSA</property>
> </protocol>
> If I run a single instance, then I don't see any problems appear in the logs. Its when I start a second instance that I start to see errors about unrecognised ciphers and timeouts.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list