openwallet-foundation / askar

Secure storage designed for Hyperledger Aries agents.
Apache License 2.0
63 stars 51 forks source link

Unable to specify multiple backend properties under NodeJS #267

Open scottexton opened 5 months ago

scottexton commented 5 months ago

When using the NodeJS interface I want to be able to specify multiple parameters to the backend PostgreSQL interface. However, it looks like the '&' character cannot be used to seperate multiple parameters in the uri. For example, if I specify a URI of: 'postgres://postgres:passw0rd@postgres:5432/mydb?sslmode=verify-full&sslrootcert=mycert.pem' it sometimes ignores the parameters altogether and at other times fails with the following error:

AriesAskarError: Error connecting to database pool
Caused by: error with configuration: error with configuration: unknown value "verify-fullsslrootcert=mycert.pem" for `ssl_mode`
    at NodeJSAriesAskar.getAriesAskarError (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:219:12)
    at cb (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:169:30)
    at Object.<anonymous> (/Users/exton/Desktop/askar-test/node_modules/@2060.io/ffi-napi/lib/callback.js:66:27) {
  code: 1

The uri always work fine if I only specify a single parameter. However, as soon as I specify more than one parameter (separated by the '&' character) I get some inconsistent behaviour.

Is this a known issue, or am I simply specifying the URL incorrectly?

swcurran commented 5 months ago

@genaris @andrewwhitehead --thoughts on this one?

TimoGlastra commented 5 months ago

Does this happen with SQLite or Postgres (or both)?

And could you provide a minimal repository with a reproduction? So it's easy to reproduce your issue and debug?

scottexton commented 5 months ago

@TimoGlastra I've only tried this on Postgresql. I don't have a minimal repository but the reproduction steps are trivial.

Here is the typescript code which can be used to replicate the error:

require('@hyperledger/aries-askar-nodejs')

import { Store, StoreKeyMethod, KdfMethod } from '@hyperledger/aries-askar-shared'

const testStoreUri = "postgres://postgres:passw0rd@www.google.com:443/db?sslmode=verify-full&badoption=xyz";

Store.open({
        uri: testStoreUri,
        keyMethod: new StoreKeyMethod(KdfMethod.Argon2IMod),
        passKey: "key"});

When running this typescript program you get inconsistent results. Sometimes you get an SSL connection error (which is expected because the program is not pointing at a real postgresql server) and at other times you get the 'invalid sslmode' error:

scotts-mbp-2:askar-test exton$ ts-node test.ts
AriesAskarError: Error connecting to database pool
Caused by: encountered unexpected or invalid data: unexpected response from SSLRequest: 0x15
    at NodeJSAriesAskar.getAriesAskarError (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:219:12)
    at cb (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:169:30)
    at Object.<anonymous> (/Users/exton/Desktop/askar-test/node_modules/@2060.io/ffi-napi/lib/callback.js:66:27) {
  code: 1
}
scotts-mbp-2:askar-test exton$ ts-node test.ts
AriesAskarError: Error connecting to database pool
Caused by: error with configuration: error with configuration: unknown value "verify-fullbadoption=xyz" for `ssl_mode`
    at NodeJSAriesAskar.getAriesAskarError (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:219:12)
    at cb (/Users/exton/Desktop/askar-test/node_modules/@hyperledger/aries-askar-nodejs/src/NodeJSAriesAskar.ts:169:30)
    at Object.<anonymous> (/Users/exton/Desktop/askar-test/node_modules/@2060.io/ffi-napi/lib/callback.js:66:27) {
  code: 1
}

This same issue was happening when I used the 'sslmode' and 'sslrootcert' parameters. As soon as I removed the 'sslrootcert' parameter and instead set the root certificate using the PGSSLROOTCERT environment variable everything started working correctly.

genaris commented 5 months ago

It seems weird to me, since in Credo we are specifying multiple parameters (as seen here) and we aren't experiencing this issue. However, we are not using those particular query parameters.

If we do, we arrive at the same problem that you've described. It actually happens also if we put some parameters in the middle of 'sslmode' and 'badoption', like:

uri: postgres://postgres:postgres@localhost:5432/PostgresWalletAgentsAlicef70f?sslmode=verify-full&max_connections=12&min_connections=4&badoption=xyz

The error thrown is the same: "error with configuration: error with configuration: unknown value "verify-fullbadoption=xyz" for ssl_mode" 🤯

It would be good to test this specific configuration with Python wrapper to see if there is something wrong with JS layer or we need to analyze deeper in FFI/Rust/SQLX code.

zdravko61 commented 1 month ago

The error thrown is the same: "error with configuration: error with configuration: unknown value "verify-fullbadoption=xyz" for ssl_mode" 🤯

It would be good to test this specific configuration with Python wrapper to see if there is something wrong with JS layer or we need to analyze deeper in FFI/Rust/SQLX code.

import asyncio
from aries_askar import Store, KeyAlg

from aries_askar.bindings import (
    generate_raw_key,
)

async def main():
    test_store_uri = "postgres://postgres:passw0rd@www.google.com:443/db?sslmode=verify-full&badoption=xyz"
    key = generate_raw_key()

    try:
        store = await Store.open(test_store_uri, "raw", key)
        print("Store opened successfully!")
    except Exception as e:
        print(f"An error occurred while opening the store: {e}")
    finally:
        if 'store' in locals():
            await store.close()
            print("Store closed.")

if __name__ == "__main__":
    asyncio.run(main())

the output from this code is:

An error occurred while opening the store: Error connecting to database pool
Caused by: error with configuration: error with configuration: unknown value "verify-fullbadoption=xyz" for `ssl_mode`

if I remove the code in finally block the error is:

index.crates.io-6f17d22bba15001f/sqlx-postgres-0.7.3/src/options/parse.rs:103 | ignoring unrecognized connect parameter key=badoption value=xyzsslmode=verify-full
An error occurred while opening the store: Error connecting to database pool
Caused by: encountered unexpected or invalid data: unexpected response from SSLRequest: 0x15

@genaris I guess it's FFI/Rust/SQLX