Re: Exception in filter (was: Re: [Vote] MINA 2.2.0 release)

[Emmanuel Lécharny]

Hi Christoph,

I think we should have the exact same tests in MINA. Poerting them 
should not take too long.


On 06/07/2022 22:51, Christoph John wrote:
Hi
You could see the failing tests here: 
https://github.com/quickfix-j/quickfixj/runs/7201285514?check_suite_focus=true
Basically these are tests that should fail when using a bad certificate.
As an example here is one test that registers a filter that should get an 
exception but it doesn't: 
https://github.com/quickfix-j/quickfixj/blob/da21d92c32c37265ee1d4e20519832fb13a26d05/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L67

Thanks in advance and cheers
Chris

Jul 6, 2022 12:42:15 Jonathan Valliere <john...@apache.org>:

What test are you trying?  Emmanuel made changes from the original design
to cause it to throw on the filter.  My original design threw on the filter
but only during a subsequent read or write action thereby enforcing strong
concurrency within the pipeline.

On Jul 6, 2022 at 3:53:57 AM, Christoph John
<christoph.j...@macd.com.invalid> wrote:

Ok, the tests in QuickFIX/J which expect the exception to be caught in a
filter still don't work.
I recall that you also did some changes in other Apache projects to make
it work with MINA 2.2.0. Could it be that I also need to adapt something in
this regard?

Thanks
Chris

Jul 5, 2022 18:47:09 Emmanuel Lécharny <elecha...@gmail.com>:

I have tested that the exception gets propagated before launching the vote
to be clear :-)


On 05/07/2022 18:17, Christoph John wrote:

Sorry, no. The last message regarding this was:



----------snip---------



11.04.2022 09:37:30 Emmanuel Lécharny <elecha...@gmail.com>:

Hi Christophe,

sorry, my late mail was off base.

The pb here is that the SSLEngine excpeiton is not propagated to the
handler, when it should.

My guess is that we have some missing call somewhere in the stack. I'm
going to check that out.

On 11/04/2022 00:15, Christoph John wrote:

Hi,

thanks Jonathan and Emmanuel for working on this!

I tried to integrate this into QuickFIX/J and it compiles successfully.
However there are some tests failing that expect an Exception. For example
we have


https://github.com/quickfix-j/quickfixj/blob/b6a822a46a5278dcd0985a5a77299ed03168ab03/quickfixj-core/src/test/java/quickfix/mina/ssl/SecureSocketTest.java#L54

Up to now it was tried to get the Exception via a filter in the chain.
This no longer seems to work but I think I can see the error getting thrown
in the log:

SEVERE: SSLHandlerG0@590ec99c[mode=server, connected=false] task() -
storing error {}

javax.net.ssl.SSLHandshakeException: No available authentication scheme

     at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)

     at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)

     at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358)

     at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)

     at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:305)

     at
java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:972)

     at
java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:961)

     at
java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)

     at
java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1246)

     at
java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1182)

     at
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:840)

     at
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:801)

     at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)

     at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)

     at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)

     at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)

     at
java.base/java.security.AccessController.doPrivileged(AccessController.java:712)

     at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)

     at
org.apache.mina.filter.ssl.SSLHandlerG0.execute_task(SSLHandlerG0.java:743)

     at
org.apache.mina.filter.ssl.SSLHandlerG0.receive_loop(SSLHandlerG0.java:255)

     at
org.apache.mina.filter.ssl.SSLHandlerG0.receive(SSLHandlerG0.java:162)

     at
org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:342)

     at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)

     at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)

     at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)

     at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)

     at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)

     at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)

     at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)

     at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)

     at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1224)

     at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1213)

     at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)

     at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

     at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)

     at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)

     at java.base/java.lang.Thread.run(Thread.java:833)

What is the new way to get this Exception?

NB: I recall discussing this with Jonathan some months ago but seem to
have lost track of the mail thread.

Thanks in advance,

Chris.

On 09.04.22 00:26, Emmanuel Lécharny wrote:

Hi !



I will start to cut a first milestone for the MINA 2.2.X branch. It
has been tested on Apache Ftpserver, Ldap API and Directory Server with
success.



There will probably be more milestone, but that would be a first step.



The main changes are:

- a complete redesign of the TLS handling

- the removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute,
which is either replaced by a dedicated filter, or the encapsulation of the
message in a DisableEncryptWriteRequest interface





I'll do that this week-end.



Thanks !






--

*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE

T. +33 (0)4 89 97 36 50

P. +33 (0)6 08 33 32 61

emmanuel.lecha...@busit.com https://www.busit.com/


---------------------------------------------------------------------

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org

For additional commands, e-mail: dev-h...@mina.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org



--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org