search

jglobus / JGlobus

jGlobus is a collection of Java client libraries for Globus® Toolkit security, GRAM, and GridFTP.
http://www.globus.org/toolkit/jglobus/
Apache License 2.0
24 stars 44 forks source link

Remove ssl status ok check. #32

Closed romainreuillon closed 10 years ago

romainreuillon commented 12 years ago

In the documenation: http://docs.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/SSLEngineResult.Status.html

I don't understand clearly that the state closed match an error. I cannot submit job on EGI WMS with that part of code enable, whereas everything work like a charm without this code.

bbockelm commented 12 years ago

Hi Romain,

It's throwing an exception if you are trying to read from a closed SSL stream, right? Seems to be the correct behavior.

What's the stack trace when talking to EGI WMS?

Brian

romainreuillon commented 12 years ago

http://docs.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/SSLEngine.html

" At the end of a communication session, applications should properly close the SSL/TLS link. The SSL/TLS protocols have closure handshake messages, and these messages should be communicated to the peer before releasing the SSLEngine and closing the underlying transport mechanism. A close can be initiated by one of: an SSLException, an inbound closure handshake message, or one of the close methods. In all cases, closure handshake messages are generated by the engine, and wrap() should be repeatedly called until the resulting SSLEngineResult's status returns "CLOSED", or isOutboundDone() returns true. All data obtained from the wrap() method should be sent to the peer."

Does it mean closed state is acceptable?

bbockelm commented 12 years ago

Well, I think closed state is only acceptable in certain conditions. For example, if we are trying to write application data to a closed SSLEngine, we should throw an exception. However, I do see this:

""" Note that during the closure phase, a SSLEngine may generate handshake closure data that must be sent to the peer. wrap() must be called to generate this data. When this method returns true, no more outbound data will be created. """

So maybe we need to track state better and only throw exceptions when appropriate?

romainreuillon commented 12 years ago

For now I have no time / skill to dig into the crypto code of JGlobus. I think that this test is too restrictive since it keep the EGI WMS proxy delegation from working, and everything work fine without. I think it doesn't hurt to remove it, but if you want to keep it, I will have to mainting a patch on my fork of JGlobus.

bbockelm commented 12 years ago

Hi Romain,

Can you give me instructions to reproduce? I was fixing bugs in this code a few weeks ago, and may have enough time/skill/memory to completely diagnose it.

I think it would be quite useful if we could fix master to the point where it works with the WMS proxy delegation! I just want to make sure we completely understand what's going on here.

Brian

romainreuillon commented 12 years ago

I am not sure how to provide you with a project to reproduce the bug. Do you have an certificate / account for the EGI grid? Otherwise, I don't know how you can reproduce it from your side.

Here is the stack: Exception in thread "main" AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: org.globus.common.ChainedIOException: unwrap failed [Caused by: Failure unspecified at GSS-API level [Caused by: badCLOSED]] faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:unwrap failed. Caused by Failure unspecified at GSS-API level. Caused by java.lang.RuntimeException: badCLOSED at org.globus.gsi.gssapi.GlobusGSSException.<init>(GlobusGSSException.java:85) at org.globus.gsi.gssapi.GlobusGSSException.<init>(GlobusGSSException.java:71) at org.globus.gsi.gssapi.GlobusGSSContextImpl.sslDataUnwrap(GlobusGSSContextImpl.java:835) at org.globus.gsi.gssapi.GlobusGSSContextImpl.unwrap(GlobusGSSContextImpl.java:1689) at org.globus.gsi.gssapi.GlobusGSSContextImpl.unwrap(GlobusGSSContextImpl.java:1626) at org.globus.gsi.gssapi.net.GssInputStream.unwrap(GssInputStream.java:43) at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readMsg(GSIGssInputStream.java:47) at org.globus.gsi.gssapi.net.GssInputStream.hasData(GssInputStream.java:85) at org.globus.gsi.gssapi.net.GssInputStream.read(GssInputStream.java:59) at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) at java.io.BufferedInputStream.read(BufferedInputStream.java:334) at java.io.FilterInputStream.read(FilterInputStream.java:133) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager$RewindableInputStream.read(XMLEntityManager.java:2901) at com.sun.org.apache.xerces.internal.impl.io.UTF8Reader.read(UTF8Reader.java:302) at com.sun.org.apache.xerces.internal.impl.XMLEntityScanner.load(XMLEntityScanner.java:1753) at com.sun.org.apache.xerces.internal.impl.XMLEntityScanner.scanLiteral(XMLEntityScanner.java:1079) at com.sun.org.apache.xerces.internal.impl.XMLScanner.scanPseudoAttribute(XMLScanner.java:585) at com.sun.org.apache.xerces.internal.impl.XMLScanner.scanXMLDeclOrTextDecl(XMLScanner.java:417) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanXMLDeclOrTextDecl(XMLDocumentFragmentScannerImpl.java:914) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$XMLDeclDriver.next(XMLDocumentScannerImpl.java:775) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:607) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:116) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:431) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:835) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1210) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:568) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:302) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at org.gridsite.www.namespaces.delegation_2.DelegationSoapBindingStub.getProxyReq(DelegationSoapBindingStub.java:424) at fr.iscpif.gridscale.jobservice.WMSJobService$class.delegateProxy(WMSJobService.scala:69) at fr.iscpif.gridscale.information.BDII$$anonfun$queryWMS$3$$anon$2.delegateProxy(BDII.scala:160) at fr.iscpif.gridscale.GridScale$delayedInit$body.apply(GridScale.scala:98) at scala.Function0$class.apply$mcV$sp(Function0.scala:40) at scala.runtime.AbstractFunction0.apply$mcV$sp(AbstractFunction0.scala:12) at scala.App$$anonfun$main$1.apply(App.scala:71) at scala.App$$anonfun$main$1.apply(App.scala:71) at scala.collection.immutable.List.foreach(List.scala:309) at scala.collection.generic.TraversableForwarder$class.foreach(TraversableForwarder.scala:32) at scala.collection.mutable.ListBuffer.foreach(ListBuffer.scala:45) at scala.App$class.main(App.scala:71) at fr.iscpif.gridscale.GridScale$.main(GridScale.scala:27) at fr.iscpif.gridscale.GridScale.main(GridScale.scala)

{http://xml.apache.org/axis/}hostname:simplet

org.globus.common.ChainedIOException: unwrap failed [Caused by: Failure unspecified at GSS-API level [Caused by: badCLOSED]] at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:701) at org.apache.axis.Message.getSOAPEnvelope(Message.java:435) at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at org.gridsite.www.namespaces.delegation_2.DelegationSoapBindingStub.getProxyReq(DelegationSoapBindingStub.java:424) at fr.iscpif.gridscale.jobservice.WMSJobService$class.delegateProxy(WMSJobService.scala:69) at fr.iscpif.gridscale.information.BDII$$anonfun$queryWMS$3$$anon$2.delegateProxy(BDII.scala:160) at fr.iscpif.gridscale.GridScale$delayedInit$body.apply(GridScale.scala:98) at scala.Function0$class.apply$mcV$sp(Function0.scala:40) at scala.runtime.AbstractFunction0.apply$mcV$sp(AbstractFunction0.scala:12) at scala.App$$anonfun$main$1.apply(App.scala:71) at scala.App$$anonfun$main$1.apply(App.scala:71) at scala.collection.immutable.List.foreach(List.scala:309) at scala.collection.generic.TraversableForwarder$class.foreach(TraversableForwarder.scala:32) at scala.collection.mutable.ListBuffer.foreach(ListBuffer.scala:45) at scala.App$class.main(App.scala:71) at fr.iscpif.gridscale.GridScale$.main(GridScale.scala:27) at fr.iscpif.gridscale.GridScale.main(GridScale.scala) Caused by: org.globus.common.ChainedIOException: unwrap failed [Caused by: Failure unspecified at GSS-API level [Caused by: badCLOSED]] at org.globus.gsi.gssapi.net.GssInputStream.unwrap(GssInputStream.java:45) at org.globus.gsi.gssapi.net.impl.GSIGssInputStream.readMsg(GSIGssInputStream.java:47) at org.globus.gsi.gssapi.net.GssInputStream.hasData(GssInputStream.java:85) at org.globus.gsi.gssapi.net.GssInputStream.read(GssInputStream.java:59) at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) at java.io.BufferedInputStream.read(BufferedInputStream.java:334) at java.io.FilterInputStream.read(FilterInputStream.java:133) at com.sun.org.apache.xerces.internal.impl.XMLEntityManager$RewindableInputStream.read(XMLEntityManager.java:2901) at com.sun.org.apache.xerces.internal.impl.io.UTF8Reader.read(UTF8Reader.java:302) at com.sun.org.apache.xerces.internal.impl.XMLEntityScanner.load(XMLEntityScanner.java:1753) at com.sun.org.apache.xerces.internal.impl.XMLEntityScanner.scanLiteral(XMLEntityScanner.java:1079) at com.sun.org.apache.xerces.internal.impl.XMLScanner.scanPseudoAttribute(XMLScanner.java:585) at com.sun.org.apache.xerces.internal.impl.XMLScanner.scanXMLDeclOrTextDecl(XMLScanner.java:417) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanXMLDeclOrTextDecl(XMLDocumentFragmentScannerImpl.java:914) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$XMLDeclDriver.next(XMLDocumentScannerImpl.java:775) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:607) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:116) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:431) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:835) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1210) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:568) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:302) at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227) at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696) ... 22 more Caused by: GSSException: Failure unspecified at GSS-API level [Caused by: badCLOSED] at org.globus.gsi.gssapi.GlobusGSSContextImpl.sslDataUnwrap(GlobusGSSContextImpl.java:849) at org.globus.gsi.gssapi.GlobusGSSContextImpl.unwrap(GlobusGSSContextImpl.java:1689) at org.globus.gsi.gssapi.GlobusGSSContextImpl.unwrap(GlobusGSSContextImpl.java:1626) at org.globus.gsi.gssapi.net.GssInputStream.unwrap(GssInputStream.java:43) ... 48 more Caused by: java.lang.RuntimeException: badCLOSED at org.globus.gsi.gssapi.GlobusGSSException.(GlobusGSSException.java:85) at org.globus.gsi.gssapi.GlobusGSSException.(GlobusGSSException.java:71) at org.globus.gsi.gssapi.GlobusGSSContextImpl.sslDataUnwrap(GlobusGSSContextImpl.java:835) ... 51 more Java Result: 1

bbockelm commented 12 years ago

Hi Romain,

Yes - I have a CMS VO membership, so I can use any EGI WMS endpoint.

That said, if you're using the delegation service, I think it's SSL/TLS-based, not httpg-based. The two protocols are not supposed to be compatible.

Brian

bbockelm commented 12 years ago

To test the difference - if you can copy/paste the URL into your browser and get a response, it's a TLS endpoint (most remote Axis apps will give some sort of HTTPS error code). If it hangs and then closes the connection, it's httpg-based.

romainreuillon commented 12 years ago

You may pull the branch jglobustest of gridscale: git://github.com/romainreuillon/gridscale.git

Then you should mention the dir for your CA certificates, your certificate, your voms info in: gridscale/src/main/scala/fr/iscpif/gridscale/GridScale.scala

Then compile every thing. Then go to the gridscale submodule and run: mvn exec:java -Dexec.mainClass="fr.iscpif.gridscale.GridScale"

It should reproduce the bug.

romainreuillon commented 12 years ago

You should compile it against the current snapshot of jglobus with the myproxy patch.

romainreuillon commented 11 years ago

Any news on this merge. I have to maintain the patch off the tree, could it be merged?

romainreuillon commented 10 years ago

My code seems to work now without this fix.