Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-13748

"Contains non-LDH ASCII" characters during remote EJB SSL call in IPV6 network

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • 19.1.0.Final
    • EJB, Web (Undertow)
    • None

      Summary: " Contains non-LDH ASCII characters " during any remote EJB SSL call in IPV6 network on Kubernetes

      Problem Description
      We are doing EJB call SSL from client container A to EJB located in container B. I reproduced this issue with two different remote EJB SLL call.

      Unfortunately, this is only happening on some of our servers. It's difficult to reproduce since we need Kubernetes/IPV6 stack only - and I don't have a test case for it locally.

       

      The wildfly context use to get the ejb (javax.naming.InitialContext) in our app is using this url
      java.naming.provider.url=https://my-server:8443/wildfly-services

      as you can see the hostname is my-server. my-server does not have illegal characters and SNIHostName does not throw an exception when using it in a small unit test.

      My assumption is at some point in undertow wildfly code converts the hostname into a IPV6 adress.

      Other notes:

      • The issue is seen on the client side. The client is a java standalone client. The issue is seen under kubernetes.
      • The issue is seen with the 19.0.1.Final wildfly-client-all jar. It is also seen with 18.0.0.Final wildfly-client-all jar. It looks to me like an issue in SNIHostName(destinationURI.getHost()) in UndertowXnioSsl.
      • I can reproduce this issue with OpenJDK class SNIHostaneme with a local Junit using a IPV6 dummy adress [65:765]

       

      public void testSNIHostName_Case_IPV6()
      {
      String hostname = "[65:765]";
      SNIHostName sniHostname = new SNIHostName(hostname);
      }
      

       

        java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
       at java.net.IDN.toASCIIInternal(IDN.java:296)
       at java.net.IDN.toASCII(IDN.java:122)
       at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)

       

       

      Logs
      What we see in the log file of the client:
       {{2020-07-31 08:46:47,731 INFO [org.wildfly.naming] [RegistrationStateChangeNotification-pool-27-thread-1] WildFly Naming version 1.0.12.Final
      2020-07-31 08:46:47,786 INFO [org.wildfly.security] [RegistrationStateChangeNotification-pool-27-thread-1] ELY00001: WildFly Elytron version 1.11.4.Final
      2020-07-31 08:46:47,826 INFO [org.xnio] [RegistrationStateChangeNotification-pool-27-thread-1] XNIO version 3.7.7.Final
      2020-07-31 08:46:47,837 INFO [org.xnio.nio] [RegistrationStateChangeNotification-pool-27-thread-1] XNIO NIO Implementation Version 3.7.7.Final
      2020-07-31 08:46:47,868 INFO [org.jboss.threads] [RegistrationStateChangeNotification-pool-27-thread-1] JBoss Threads version 2.3.3.Final
      2020-07-31 08:46:48,004 INFO [org.jboss.remoting] [RegistrationStateChangeNotification-pool-27-thread-1] JBoss Remoting version 5.0.17.Final
      2020-07-31 08:46:48,045 INFO [org.jboss.ejb.client] [RegistrationStateChangeNotification-pool-27-thread-1] JBoss EJB Client version 4.0.30.Final
      2020-07-31 08:46:48,206 ERROR [com.application.lifecycle.internal.dataservice.ServiceImpl] [RegistrationStateChangeNotification-pool-27-thread-1] RemoteException while accessing ServiceRemote on cluster: Error; nested exception is:
      java.io.IOException: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      java.rmi.RemoteException: Error; nested exception is:
      java.io.IOException: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:219)
      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:125)
      at com.sun.proxy.$Proxy12.register(Unknown Source)
      at com.application.lifecycle.internal.dataservice.ServiceImpl$1.exec(ServiceImpl.java:41)
      at com.application.lifecycle.internal.dataservice.ServiceImpl$1.exec(ServiceImpl.java:38)
      at com.service.remoteservice.AbstractStatelessRemoteServiceProxy.exec(AbstractStatelessRemoteServiceProxy.java:128)
      at com.application.lifecycle.internal.dataservice.ServiceImpl.register(ServiceImpl.java:38)
      at com.application.lifecycle.internal.model.BusinessTierClusterModelImpl.register(BusinessTierClusterModelImpl.java:94)
      at com.application.lifecycle.internal.action.RegisterAction.execute(RegisterAction.java:51)
      at com.af.app.action.DefaultActionManager.executeRequest(DefaultActionManager.java:176)
      at com.service.message.DelegatingMessageReceiver.delegate(DelegatingMessageReceiver.java:68)
      at com.service.message.DelegatingMessageReceiver.receive(DelegatingMessageReceiver.java:50)
      at com.af.app.message.DefaultMessageReceiver.execute(DefaultMessageReceiver.java:65)
      at com.af.app.action.DefaultActionManager.executeRequest(DefaultActionManager.java:176)
      at com.af.app.message.DefaultMessageReceiver.onMessage(DefaultMessageReceiver.java:154)
      at com.af.app.impl.LocalMessageSenderImpl$SenderRunnable.run(LocalMessageSenderImpl.java:189)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: java.io.IOException: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      at io.undertow.protocols.ssl.UndertowXnioSsl$StreamConnectionChannelListener.handleEvent(UndertowXnioSsl.java:450)
      at io.undertow.protocols.ssl.UndertowXnioSsl$StreamConnectionChannelListener.handleEvent(UndertowXnioSsl.java:416)
      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      at org.xnio.nio.WorkerThread$ConnectHandle.handleReady(WorkerThread.java:333)
      at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
      Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      at java.net.IDN.toASCIIInternal(IDN.java:296)
      at java.net.IDN.toASCII(IDN.java:122)
      at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)
      at io.undertow.protocols.ssl.UndertowXnioSsl$StreamConnectionChannelListener.handleEvent(UndertowXnioSsl.java:434)
      .. 4 more
      2020-07-31 08:46:48,208 WARN [com.application.lifecycle.internal.action.RegisterAction] [RegistrationStateChangeNotification-pool-27-thread-1] Failed to register with business tier. Retrying in 10 seconds.
      com.Exception: RemoteException while accessing ServiceRemote on cluster
      at com.service.remoteservice.AbstractStatelessRemoteServiceProxy.handleRemoteException(AbstractStatelessRemoteServiceProxy.java:112)
      at com.service.remoteservice.AbstractStatelessRemoteServiceProxy.exec(AbstractStatelessRemoteServiceProxy.java:130)
      at com.application.lifecycle.internal.dataservice.ServiceImpl.register(ServiceImpl.java:38)
      at com.application.lifecycle.internal.model.BusinessTierClusterModelImpl.register(BusinessTierClusterModelImpl.java:94)
      at com.application.lifecycle.internal.action.RegisterAction.execute(RegisterAction.java:51)
      at com.af.app.action.DefaultActionManager.executeRequest(DefaultActionManager.java:176)
      at com.service.message.DelegatingMessageReceiver.delegate(DelegatingMessageReceiver.java:68)
      at com.service.message.DelegatingMessageReceiver.receive(DelegatingMessageReceiver.java:50)
      at com.af.app.message.DefaultMessageReceiver.execute(DefaultMessageReceiver.java:65)
      at com.af.app.action.DefaultActionManager.executeRequest(DefaultActionManager.java:176)
      at com.af.app.message.DefaultMessageReceiver.onMessage(DefaultMessageReceiver.java:154)
      at com.af.app.impl.LocalMessageSenderImpl$SenderRunnable.run(LocalMessageSenderImpl.java:189)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      Caused by: java.rmi.RemoteException: Error; nested exception is:
      java.io.IOException: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:219)
      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:125)
      at com.sun.proxy.$Proxy12.register(Unknown Source)
      at com.application.lifecycle.internal.dataservice.ServiceImpl$1.exec(ServiceImpl.java:41)
      at com.application.lifecycle.internal.dataservice.ServiceImpl$1.exec(ServiceImpl.java:38)
      at com.service.remoteservice.AbstractStatelessRemoteServiceProxy.exec(AbstractStatelessRemoteServiceProxy.java:128)
      .. 13 more
      Caused by: java.io.IOException: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      at io.undertow.protocols.ssl.UndertowXnioSsl$StreamConnectionChannelListener.handleEvent(UndertowXnioSsl.java:450)
      at io.undertow.protocols.ssl.UndertowXnioSsl$StreamConnectionChannelListener.handleEvent(UndertowXnioSsl.java:416)
      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      at org.xnio.nio.WorkerThread$ConnectHandle.handleReady(WorkerThread.java:333)
      at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
      Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
      at java.net.IDN.toASCIIInternal(IDN.java:296)
      at java.net.IDN.toASCII(IDN.java:122)
      at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)
      at io.undertow.protocols.ssl.UndertowXnioSsl$StreamConnectionChannelListener.handleEvent(UndertowXnioSsl.java:434)
      .. 4 more}}
      Other information:

      Java version:
      $ java -version
      openjdk version "1.8.0_252"
      OpenJDK Runtime Environment (build 1.8.0_252-b09)
      OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)

      Java arguments:
      -Djava.net.preferIPv4Stack=false

      tested also with this java arguments :
      -Djava.net.preferIPv6Addresses=true

      Wildfly server version:
      WFLYSRV0049: WildFly Full 19.1.0.Final (WildFly Core 11.1.1.Final)

      my-server corresponds to a kubernetes service which redirects to pod my-pod-hostname

      In our environment we verified that we can curl between client pod and wildfly pod
      >podA
      curl -6 -k https://1234:ef7:.......:rt5:8443
      curl -6 -k https://my-pod-hostname:8443
      Welcome to wildfly
       
      As far as we know the Kubernetes and pods are well configured in IPV6.

              flaviarnn Flavia Rainone
              jlecollo Julien Le Colloëc (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: