search

paseto-toolkit / jpaseto

A library for creating and parsing Paseto in Java
Apache License 2.0
65 stars 15 forks source link

Can't run jpaseto artifact in ubuntu server #13

Closed davidcbbc closed 3 years ago

davidcbbc commented 3 years ago

Hello! I'm using the jpaseto maven artifact : 

        <dependency>
            <groupId>dev.paseto</groupId>
            <artifactId>jpaseto-api</artifactId>
            <version>0.5.0</version>
        </dependency>

And when I try to run my spring boot project with mvn spring-boot:run on my Windows / Mac / Raspberry Pi machine it works beautifully , but when I try to run inside an ubuntu server it gets stuck when I try to run the singleton I made for the jpaseto. The class that has the singleton is the following:

package com.apala.services.security;
import com.apala.services.repositories.UserRepo;
import dev.paseto.jpaseto.PasetoException;
import dev.paseto.jpaseto.Pasetos;
import dev.paseto.jpaseto.lang.Keys;
import lombok.Data;
import lombok.ToString;
import org.springframework.beans.factory.annotation.Autowired;

import javax.crypto.SecretKey;
import java.util.Base64;

@Data
@ToString
public class Security {

    /**
     * Secret key that generates all tokens
     */
    private SecretKey secretKey;

    private static Security security = null;

    public static Security getInstance(){
        if (security == null)
            security = new Security();
        return security;
    }

    /**
     * Generate a new security key
     */
    private Security(){
        this.secretKey=Keys.secretKey();
    }

    /**
     * @param phoneNumber of the user we want to generate the token
     * @return paseto token valid for the user
     */
    public String generateTokenForPhoneNumber(int phoneNumber){
        return Pasetos.V1.LOCAL.builder()
                .setSubject(Integer.toString(phoneNumber))
                .setSharedSecret(this.secretKey)
                .compact();
    }

    /**
     * @param token sent from the user to get validated
     * @return the phone number encrypted from the token
     * @throws PasetoException if the token is not valid
     */
    public int getPhoneNumberFromToken(String token) throws PasetoException {
        return Integer.parseInt(Pasetos.parserBuilder().setSharedSecret(this.secretKey).build().parse(token).getClaims().getSubject());
    }

    /**
     * Load a secret key from the string
     * @param key we want to be the secret key
     */
    public void loadSecretKeyFromString(String key){
        this.secretKey = Keys.secretKey(key.getBytes());
        System.out.println("This is the new secret key -> " + this.readSecretKey());
    }

    /**
     * Decodes the secret key
     * @return secret key in plain text
     */
    public String readSecretKey(){
        String base64Key = Base64.getEncoder().encodeToString(this.secretKey.getEncoded());
        byte[] decodedBytes = Base64.getDecoder().decode(base64Key);
        return new String(decodedBytes);
    }

}

I've tried to change the JDK to almost every version inside the ubuntu cloud server and also tried to change the cloud host , always get the same result. I'm not sure why this is happening and why it works on some machines and not on ubuntu , because it does not throw any error , it just get stuck as follows the output from my ubuntu server

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/usr/share/maven/lib/guice.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Scanning for projects...
[INFO]
[INFO] -------------------------< com.apala:services >-------------------------
[INFO] Building services 0.1.0
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] >>> spring-boot-maven-plugin:2.3.4.RELEASE:run (default-cli) > test-compile @ services >>>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ services ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] Copying 0 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ services ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ services ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/apala/apala/services/src/test/resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ services ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] <<< spring-boot-maven-plugin:2.3.4.RELEASE:run (default-cli) < test-compile @ services <<<
[INFO]
[INFO]
[INFO] --- spring-boot-maven-plugin:2.3.4.RELEASE:run (default-cli) @ services ---
[INFO] Attaching agents: []

And my main function is the following


@SpringBootApplication
public class ServicesApplication {

    public static void main(String[] args) {
        // Create a security key for paseto tokens
        Security.getInstance().loadSecretKeyFromString("very_very_secret_key");
        SpringApplication.run(ServicesApplication.class, args);
    }

}

Does someone knows what's happening? Thanks in advance!

davidcbbc commented 3 years ago

I've also tried to run different spring boot projects on the same ubuntu server and they work.

bdemers commented 3 years ago

Can you debug through and figure out where it is getting locked? (Or add some println’s)

If I had to make a wild guess I would say look at the “ Keys.secretKey();” line first.

Something like: https://www.codesandnotes.be/2018/09/18/strong-random-number-generation-hangs-on-linux-machines/

if you can track the issue down the a specific line in your example that would help a ton!

davidcbbc commented 3 years ago

@bdemers that's exactly the problem, good catch. The Keys.secretKey() get stuck in some linux systems , so my turn around was to create a default string to initialize the keys , like this

    private Security(){
        String key = "very_much_secret_key";
        this.secretKey=Keys.secretKey(key.getBytes());
    }

Thank you so much for your time 👍