Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11298

keystore_path is not propagated into X509Token when creating protocol stack

    Details

    • Type: Bug
    • Status: Verified (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 7.1.0.DR18, 7.1.0.DR19
    • Fix Version/s: 7.1.0.ER1
    • Component/s: Clustering
    • Labels:
      None
    • Target Release:
    • Steps to Reproduce:
      Hide
      keytool -genkeypair -alias alias -keypass password -storepass password -storetype jks -keystore key3.keystore -keyalg RSA
      
      /subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8,properties={auth_class=org.jgroups.auth.X509Token,keystore_type=JKS,keystore_path="/tmp/key3.keystore",keystore_password=password,cert_alias=alias,cert_password=password,auth_value=shared-password,cipher_type=RSA})
      reload
      
      Show
      keytool -genkeypair -alias alias -keypass password -storepass password -storetype jks -keystore key3.keystore -keyalg RSA /subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8,properties={auth_class=org.jgroups.auth.X509Token,keystore_type=JKS,keystore_path="/tmp/key3.keystore",keystore_password=password,cert_alias=alias,cert_password=password,auth_value=shared-password,cipher_type=RSA}) reload
    • Workaround Description:
      Hide

      use .../protocol=AUTH/token=cipher:add() instead

      Show
      use .../protocol=AUTH/token=cipher:add() instead

      Description

      This is related to the discussion that Lami Akagwu started on JBEAP-10285. I reproduced the NPE he was getting, went through the stacktrace, and I think it's a bug.

      08:53:37,361 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 67) MSC000001: Failed to start service org.wildfly.clustering.jgroups.channel.ee: org.jboss.msc.service.StartException in service org.wildfly.clustering.jgroups.channel.ee: java.lang.NullPointerException
      	at org.jboss.as.clustering.jgroups.subsystem.ChannelBuilder.start(ChannelBuilder.java:104)
      	at org.wildfly.clustering.service.AsynchronousServiceBuilder.lambda$start$0(AsynchronousServiceBuilder.java:99)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:748)
      	at org.jboss.threads.JBossThread.run(JBossThread.java:320)
      Caused by: java.lang.NullPointerException
      	at org.jboss.modules.ConcurrentClassLoader.getResourceAsStream(ConcurrentClassLoader.java:366)
      	at org.jgroups.auth.X509Token.setCertificate(X509Token.java:180)
      	at org.jgroups.protocols.AUTH.init(AUTH.java:101)
      	at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:861)
      	at org.jgroups.stack.ProtocolStack.init(ProtocolStack.java:831)
      	at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:108)
      	at org.jboss.as.clustering.jgroups.subsystem.ChannelBuilder.start(ChannelBuilder.java:102)
      	... 5 more
      

      It looks like the only reason ConcurrentClassLoader would throw an NPE instead of returning null in getResourceAsStream is that the name (in this case keystore_path) is null. That means the keystore_path is not propagated from EAP configuration to JGroups when the protocol stack is being created.

      The getResourceAsStream is still expected to fail, as the keystore is not on the classpath, but it should be found after that via the FileInputStream check that JGroups does.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  pferraro Paul Ferraro
                  Reporter:
                  rjanik Richard Janik
                  Tester:
                  Richard Janik
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: