SSL Filter IllegalStateException with mutual auth and persist session
---------------------------------------------------------------------

                 Key: DIRMINA-494
                 URL: https://issues.apache.org/jira/browse/DIRMINA-494
             Project: MINA
          Issue Type: Bug
    Affects Versions: 1.0.1
         Environment: Solaris SunOS version 5.10 and Windows XP
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode)
            Reporter: janardhanan vembunarayanan


Hi,

I am using Mina and developing a proxy server

1. I am using SSL with Mutual Authentication and the sslProtocol is "TLS".
2. I am using tomcat as the webserver with ssl setup
3. Client => proxy server the protocol is http
4. proxy server => tomcat is https with mutual auth setup

I am using persistent connection between proxy server and tomcat. Instead of 
using the connection for each request I am pooling the session and reusing.

Under this scenario I get the following error

java.lang.IllegalStateException
        at 
org.apache.mina.filter.SSLFilter.getSSLSessionHandler(SSLFilter.java:636)
        at org.apache.mina.filter.SSLFilter.isSSLStarted(SSLFilter.java:190)
        at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:374)
        at 
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
        at 
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
        at 
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
        at 
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
        at 
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
        at 
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:990)
        at 
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:531)
        at java.lang.Thread.run(Thread.java:595)

I added the fix suggested in one of the bugs to change the call in onPreAdd and 
onPostAdd but did not fix the problem.


public void onPreAdd( IoFilterChain parent, String name, NextFilter nextFilter 
) throws SSLException
{
        if( parent.contains( SSLFilter.class ) )
        {
            throw new IllegalStateException( "A filter chain cannot contain 
more than one SSLFilter." );
        }
        IoSession session = parent.getSession();
        session.setAttribute( NEXT_FILTER, nextFilter );
        
        // Create an SSL handler and start handshake.
        SSLHandler handler =
            new SSLHandler( this, sslContext, session );
        session.setAttribute( SSL_HANDLER, handler );
    }
    
public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter 
) throws SSLException
{
        getSSLSessionHandler( parent.getSession() ).handshake( nextFilter );
}

Not sure why the handler should be null in this method getSSLSessionHandler. 
This is removed only in onPreRemove method and we have special filter called 
RemoveSSLFilter and we are calling it in sessionClosed. The code is given below.

    private SSLHandler getSSLSessionHandler( IoSession session )
    {
        SSLHandler handler = ( SSLHandler ) session.getAttribute( SSL_HANDLER );
        if( handler == null )
        {
                throw new IllegalStateException();
        }
        if( handler.getParent() != this )
        {
            throw new IllegalArgumentException( "Not managed by this filter." );
        }
        return handler;
    }

public class RemoveSSLFilter extends IoFilterAdapter {
   
    @Override
    public void sessionClosed(NextFilter nextFilter, IoSession session) throws 
Exception {

        IoFilterChain chain = session.getFilterChain();
                if (chain.contains("SSL")) {                    
                        chain.remove("SSL");
                }
        nextFilter.sessionClosed(session);
    }
    
}

This happens only when do persist session for ssl with mutual auth it works 
fine without mutual auth.

Any pointers on this will be of great help?

Regards,
Jana

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to