search

jglobus / JGlobus

jGlobus is a collection of Java client libraries for Globus® Toolkit security, GRAM, and GridFTP.
http://www.globus.org/toolkit/jglobus/
Apache License 2.0
24 stars 44 forks source link

GSS tests not ok on master anymore. #87

Closed jrevillard closed 11 years ago

jrevillard commented 11 years ago

Hi all,

I was just trying to rebase master in my develop branch and found that the GSS tests do not pass anymore for me:

Tests in error: testInquireByOidClientOnly(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testInquireByOidServerAlso(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testDelegation(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testNewDelegation(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testContextExpiration(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testLimitedProxyChecking(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testAnonymousClient1(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testAnonymousClient2(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testAnonymousServer1(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testAnonymousServer2(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testRequestConf1(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testRequestConf2(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testRequestConf3(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testRequestConf4(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testWrap1(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testWrap2(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testWrap3(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testWrap4(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testBadUnwrap1(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testBadUnwrap2(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testBadUnwrap3(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed testStreamInitAcceptContext(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed

It is always the same issue:

testInquireByOidClientOnly(org.globus.gsi.gssapi.test.GlobusGSSContextTest) Time elapsed: 0.791 sec <<< ERROR! Failure unspecified at GSS-API level. Caused by Failure unspecified at GSS-API level. Caused by javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1108) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1080) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452) at org.globus.gsi.gssapi.GlobusGSSContextImpl.sslProcessHandshake(GlobusGSSContextImpl.java:813) at org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:1010) at org.globus.gsi.gssapi.test.GlobusGSSContextTest.establishContext(GlobusGSSContextTest.java:126) at org.globus.gsi.gssapi.test.GlobusGSSContextTest.testInquireByOidClientOnly(GlobusGSSContextTest.java:173) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:110) at junit.framework.TestResult.runProtected(TestResult.java:128) at junit.framework.TestResult.run(TestResult.java:113) at junit.framework.TestCase.run(TestCase.java:124) at junit.framework.TestSuite.runTest(TestSuite.java:232) at junit.framework.TestSuite.run(TestSuite.java:227) at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:83) at org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:53) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:123) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:104) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:164) at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:110) at org.apache.maven.surefire.booter.SurefireStarter.invokeProvider(SurefireStarter.java:175) at org.apache.maven.surefire.booter.SurefireStarter.runSuitesInProcessWhenForked(SurefireStarter.java:107) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:68) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1508) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952) at org.globus.gsi.gssapi.GlobusGSSContextImpl.runDelegatedTasks(GlobusGSSContextImpl.java:346) at org.globus.gsi.gssapi.GlobusGSSContextImpl.sslProcessHandshake(GlobusGSSContextImpl.java:851) ... 28 more Caused by: java.security.cert.CertificateException: Path validation failed. No trusted path can be constructed at org.globus.gsi.trustmanager.PKITrustManager.checkServerTrusted(PKITrustManager.java:115) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1201) ... 35 more Caused by: java.security.cert.CertPathValidatorException: No trusted path can be constructed at org.globus.gsi.trustmanager.TrustedCertPathFinder.findTrustedCertPath(TrustedCertPathFinder.java:144) at org.globus.gsi.trustmanager.X509ProxyCertPathValidator.engineValidate(X509ProxyCertPathValidator.java:107) at org.globus.gsi.trustmanager.PKITrustManager.checkServerTrusted(PKITrustManager.java:113) ... 36 more

Could you please have a look at it ?

For information:

[/JGlobus]➔ java -version java version "1.6.0_43" Java(TM) SE Runtime Environment (build 1.6.0_43-b01) Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01, mixed mode)

Also I have the EugridPMA CAs in my CA path (/etc/grid-security/certificates)

Best, Jerome

jrevillard commented 11 years ago

Also, v2.0 branch has exactly the same problem but v2.0.5 is OK.

kofemann commented 11 years ago

Can you bisec it?

jrevillard commented 11 years ago

Sorry, there was a copy/paste error in the message.. I added the stacktrace in the issue description....

jrevillard commented 11 years ago

By the way, can you reproduce ?

jrevillard commented 11 years ago

Here is the problematic commit: "Make GlobusGSSCredentialImpl honour its Serializable identifier."

If I revert it, tests are ok.

paulmillar commented 11 years ago

Running GlobusGSSCredentialTest individually passes:

paul@zitpcx6184:~/git/JGlobus (master)$ mvn -q -pl gss test -Dtest=GlobusGSSCredentialTest

T E S T S

Running org.globus.gsi.gssapi.test.GlobusGSSCredentialTest Tests run: 12, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.316 sec

Results :

Tests run: 12, Failures: 0, Errors: 0, Skipped: 0

Here's a single run of GlobusGSSContextTest. This, too, works fine when run individually:

paul@zitpcx6184:~/git/JGlobus (master)$ mvn -q -pl gss test -Dtest=GlobusGSSContextTest

T E S T S

Running org.globus.gsi.gssapi.test.GlobusGSSContextTest Tests run: 25, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 30.316 sec

Results :

Tests run: 25, Failures: 0, Errors: 0, Skipped: 0

However, running GlobusGSSContextTest after GlobusGSSCredentialTest provokes the failure:

paul@zitpcx6184:~/git/JGlobus (master)$ mvn -pl gss test -Dtest=GlobusGSSCredentialTest,GlobusGSSContextTest [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [INFO] Building GSS-API implementation for SSL with proxies [INFO] task-segment: [test] [INFO] ------------------------------------------------------------------------ [INFO] [resources:resources {execution: default-resources}] [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 2 resources [INFO] [compiler:compile {execution: default-compile}] [INFO] Nothing to compile - all classes are up to date [INFO] [resources:testResources {execution: default-testResources}] [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 2 resources [INFO] [compiler:testCompile {execution: default-testCompile}] [INFO] Nothing to compile - all classes are up to date [INFO] [surefire:test {execution: default-test}] [INFO] Surefire report directory: /home/paul/git/JGlobus/gss/target/surefire-reports

T E S T S

Running org.globus.gsi.gssapi.test.GlobusGSSCredentialTest Tests run: 12, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.061 sec Running org.globus.gsi.gssapi.test.GlobusGSSContextTest Tests run: 25, Failures: 0, Errors: 22, Skipped: 0, Time elapsed: 1.987 sec <<< FAILURE!

Results :

Tests in error: testInquireByOidClientOnly(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed [...] testStreamInitAcceptContext(org.globus.gsi.gssapi.test.GlobusGSSContextTest): Path validation failed. No trusted path can be constructed

Tests run: 37, Failures: 0, Errors: 22, Skipped: 0 [...] [INFO] ------------------------------------------------------------------------

Therefore, I believe the problem is likely that GlobusGSSContextTest relies on some state that the test does not ensure and the tests passing previously were "by accident".

I'm investigating further.

Cheers,

Paul.

paulmillar commented 11 years ago

Please see:

https://github.com/jglobus/JGlobus/pull/88

jrevillard commented 11 years ago

Yes, your patch fix it. Thanks a lot !

Best, Jerome