glassfish
  1. glassfish
  2. GLASSFISH-15653

[REGRESSION] 40+ ssl and wss test cases failed in b38

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 3.1_b38
    • Fix Version/s: 3.1_b39
    • Component/s: security
    • Labels:
      None
    • Environment:

      solaris10

      Description

      More than 40+ ssl, wss related test cases failed in b38, this is a regression bug since all these tests passed in b37. The list of failed test cases:
      appserver-sqe/pe/security/ssl/clientcert
      appserver-sqe/pe/security/ssl/interop
      appserver-sqe/pe/security/ssl/clientcertnickname
      appserver-sqe/pe/security/ssl/converter
      appserver-sqe/pe/security/wss/runasubject/servletws
      appserver-sqe/pe/security/wss/dynencryptkey/servletws
      appserver-sqe/pe/security/wss/enforcepolicy/servletws
      appserver-sqe/pe/security/wss/ejbws
      appserver-sqe/pe/security/wss/mesgmethod/servletws
      appserver-sqe/pe/security/wss/mesgoperation/ejbws
      appserver-sqe/pe/security/wss/mesgoperation/usrpwd/ejbws
      appserver-sqe/pe/security/wss/encrypt/ejbws
      appserver-sqe/pe/security/wss/userpassword/ejbws/.
      appserver-sqe/pe/security/wss/clienthandler/ejbws
      appserver-sqe/pe/security/wss/clientmesgoperation/ejbws
      appserver-sqe/pe/security/wss/clientmesgoperation/servletws
      appserver-sqe/pe/security/wss/sslwss/transpo/ejbws
      appserver-sqe/pe/security/wss/sslwss/clientcerto/ejbws/

      Steps to reproduce the bug:
      1.Checkout SQE workspace:
      cvs co appserver-sqe/bootstrap.xml
      (CVSROOT=:pserver:cvsguest@sunsw.sfbay.sun.com:/m/jws)
      cd appserver-sqe
      ant -f bootstrap.xml co-security
      2. install GF V3.1, start domain domain1
      3. Setup env. variables
      S1AS_HOME <GF installation dir> (example: /export/sonia/v3/glassfishv3/glassfish
      SPS_HOME <workspace dir> (example: /export/sonia/appserver-sqe)
      ANT_HOME <ant dir>
      JAVA_HOME <java dir> (I use jdk1.6.0_23)
      4. cd appserver-sqe/, run "ant startDerby" to start derby
      5. cd appserver-sqe/pe/security/ssl, run "ant setup"
      6. cd appserver-sqe/pe/security/ssl/clientcert, run "ant all"
      The test failed and the following exception displayed at client:

      [exec] main, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error
      [exec] main, called close()
      [exec] main, called closeInternal(true)
      [exec] Got Exception!!! All tests marked as failed!
      [exec] java.rmi.MarshalException: CORBA COMM_FAILURE 1330446339 Maybe; nested exception is:
      [exec] org.omg.CORBA.COMM_FAILURE: FINE: IOP00410003: Write error sent vmcid: OMG minor code: 3 completed: Maybe
      [exec] at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.mapSystemException(Util.java:259)
      [exec] at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:213)
      [exec] at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:152)
      [exec] at com.sun.corba.ee.impl.presentation.rmi.codegen.CodegenStubBase.invoke(CodegenStubBase.java:227)
      [exec] at com.sun.s1peqe.security.realmperapp._SecAuthTestRemoteHome_DynamicStub.create(com/sun/s1peqe/security/realmperapp/_SecAuthTestRemoteHome_DynamicStub.java)
      [exec] at com.sun.s1peqe.security.realmperapp.RealmPerAppTestClient.doTests(RealmPerAppTestClient.java:63)
      [exec] at com.sun.s1peqe.security.realmperapp.RealmPerAppTestClient.main(RealmPerAppTestClient.java:37)
      [exec] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      [exec] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      [exec] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      [exec] at java.lang.reflect.Method.invoke(Method.java:597)
      [exec] at org.glassfish.appclient.client.acc.AppClientContainer.launch(AppClientContainer.java:432)
      [exec] at org.glassfish.appclient.client.AppClientFacade.launch(AppClientFacade.java:182)
      [exec] at org.glassfish.appclient.client.AppClientGroupFacade.main(AppClientGroupFacade.java:65)
      [exec] Caused by: org.omg.CORBA.COMM_FAILURE: FINE: IOP00410003: Write error sent vmcid: OMG minor code: 3 completed: Maybe
      [exec] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      [exec] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      [exec] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      [exec] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      [exec] at com.sun.corba.ee.spi.orbutil.logex.corba.CorbaExtension.makeException(CorbaExtension.java:248)
      [exec] at com.sun.corba.ee.spi.orbutil.logex.corba.CorbaExtension.makeException(CorbaExtension.java:95)
      [exec] at com.sun.corba.ee.spi.orbutil.logex.WrapperGenerator.handleFullLogging(WrapperGenerator.java:387)
      [exec] at com.sun.corba.ee.spi.orbutil.logex.WrapperGenerator.access$400(WrapperGenerator.java:107)
      [exec] at com.sun.corba.ee.spi.orbutil.logex.WrapperGenerator$2.invoke(WrapperGenerator.java:511)
      [exec] at com.sun.corba.ee.spi.orbutil.proxy.CompositeInvocationHandlerImpl.invoke(CompositeInvocationHandlerImpl.java:99)
      [exec] at $Proxy34.writeErrorSend(Unknown Source)
      [exec] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.sendWithoutLock(SocketOrChannelConnectionImpl.java:999)
      [exec] at com.sun.corba.ee.impl.encoding.BufferManagerWriteStream.sendFragment(BufferManagerWriteStream.java:151)
      [exec] at com.sun.corba.ee.impl.encoding.BufferManagerWriteStream.sendMessage(BufferManagerWriteStream.java:165)
      [exec] at com.sun.corba.ee.impl.encoding.CDROutputObject.finishSendingMessage(CDROutputObject.java:200)
      [exec] at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.finishSendingRequest(CorbaMessageMediatorImpl.java:274)
      [exec] at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete1(CorbaClientRequestDispatcherImpl.java:401)
      [exec] at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(CorbaClientRequestDispatcherImpl.java:368)
      [exec] at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:264)
      [exec] at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:200)
      [exec] ... 12 more
      [exec] Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
      [exec] at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:97)
      [exec] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:744)
      [exec] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238)
      [exec] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
      [exec] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
      [exec] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
      [exec] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
      [exec] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:753)
      [exec] at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
      [exec] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:604)
      [exec] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:439)
      [exec] at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:139)
      [exec] at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPMessage(MessageBase.java:127)
      [exec] at com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:147)
      [exec] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:362)
      [exec] at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:339)
      [exec] at com.sun.corba.ee.impl.transport.ReaderThreadImpl.doWork(ReaderThreadImpl.java:112)
      [exec] at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:497)
      [exec] at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:540)
      [exec] Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
      [exec] at javax.crypto.KeyGenerator.<init>(DashoA13*..)
      [exec] at javax.crypto.KeyGenerator.getInstance(DashoA13*..)
      [exec] at com.sun.net.ssl.internal.ssl.JsseJce.getKeyGenerator(JsseJce.java:223)
      [exec] at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:89)
      [exec] ... 18 more
      [exec] Generating report at /export/sonia/appserver-sqe/test_results.xml
      [exec]
      [exec]
      [exec] -----------------------------------------
      [exec] - CertificateRealmPerApp-AppLevel-Test2.testIsCallerIsExcepted(): FAIL -
      [exec] - CertificateRealmPerApp-AppLevel-Test1.testIsCallerIsInRole(): FAIL -
      [exec] - CertificateRealmPerApp-AppLevel-Test4.Calling-Not-authorized-method: FAIL -
      [exec] - CertificateRealmPerApp-AppLevel-Test3.Calling-authorized-method: FAIL -
      [exec] -----------------------------------------
      [exec] Total PASS: 0
      [exec] Total FAIL: 4
      [exec] Total DNR: 0

      ----------
      There is no exceptions in server.log
      -----------------------
      The exceptions for wss tests are different, but also related to the SSL. I did not report a separate bug. Please take a look at the exceptions below and let me know if I need to report a separate bug.
      Steps to reproduce the wss/sslwss failures:
      1. cd appserver-sqe/pe/security/ssl, run "ant setup enable-wss-log"
      2. cd appserver-sqe/pe/security/ssl/sslwss, run "ant all". The test failed and the following errors displayed:

      [exec] java.rmi.RemoteException: HTTP transport error: javax.net.ssl.SSLKeyException: RSA premaster secret error; nested exception is:
      [exec] HTTP transport error: javax.net.ssl.SSLKeyException: RSA premaster secret error
      [exec] at com.sun.appserv.sqe.security.wss.ejbws.taxcal.client.FedTaxIF_Stub.getFedTax(FedTaxIF_Stub.java:88)
      [exec] at com.sun.appserv.sqe.security.wss.ejbws.taxcal.client.TaxCalClient.callFedTaxService(TaxCalClient.java:89)
      [exec] at com.sun.appserv.sqe.security.wss.ejbws.taxcal.client.TaxCalClient.main(TaxCalClient.java:43)
      [exec] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      [exec] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      [exec] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      [exec] at java.lang.reflect.Method.invoke(Method.java:597)
      [exec] at org.glassfish.appclient.client.acc.AppClientContainer.launch(AppClientContainer.java:432)
      [exec] at org.glassfish.appclient.client.AppClientFacade.launch(AppClientFacade.java:182)
      [exec] at org.glassfish.appclient.client.AppClientGroupFacade.main(AppClientGroupFacade.java:65)
      [exec] Caused by: HTTP transport error: javax.net.ssl.SSLKeyException: RSA premaster secret error
      [exec] at com.sun.xml.rpc.client.http.HttpClientTransport.invoke(HttpClientTransport.java:165)
      [exec] at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:113)
      [exec] at com.sun.appserv.sqe.security.wss.ejbws.taxcal.client.FedTaxIF_Stub.getFedTax(FedTaxIF_Stub.java:71)
      [exec] ... 9 more
      [exec] ]
      [exec] *** ServerHelloDone
      [exec] main, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error
      [exec] main, SEND TLSv1 ALERT: fatal, description = unexpected_message
      [exec] main, WRITE: TLSv1 Alert, length = 2
      [exec] main, called closeSocket()
      [exec] main, called close()
      [exec] main, called closeInternal(true)
      [exec] TaxCalEjbWebService client failed
      [exec] Generating report at /export/sonia/appserver-sqe/test_results.xml
      [exec]
      [exec]
      [exec] -----------------------------------------
      [exec] - Security-WSS-SSL-Transport-user-password-TaxCalEjbbasedWS-StateTaxPort: FAIL -
      [exec] - Security-WSS-SSL-Transport-user-password-TaxCalEjbbasedWS-FedTaxPort: FAIL -
      [exec] -----------------------------------------
      [exec] Total PASS: 0
      [exec] Total FAIL: 2
      [exec] Total DNR: 0
      [exec] -----------------------------------------

        Activity

        Hide
        Tim Quinn added a comment -

        Fix checked in.

        Project: glassfish
        Repository: svn
        Revision: 44709
        Author: tjquinn
        Date: 2011-01-26 00:28:26 UTC
        Link:

        Log Message:
        ------------
        Fix for 15653

        CLIBootstrap generates the java command which launches the app client container. It was incorrectly using the AS_JAVA or JAVA_HOME setting to locate the Java-provided extension and endorsed directories. With these changes it instead (and correctly) uses the java.home system property which does point to the JRE home for locating the lib directory (which in in turn contains ext and endorsed).

        Approved: Chris
        Reviewed: Tom
        Tests: QL, deployment and EJB devtests, SQE test which failed for Sonia (tested on my Mac and on her Solaris system)

        Revisions:
        ----------
        44709

        Modified Paths:
        ---------------
        trunk/v3/appclient/client/acc/src/main/java/org/glassfish/appclient/client/CLIBootstrap.java

        Show
        Tim Quinn added a comment - Fix checked in. Project: glassfish Repository: svn Revision: 44709 Author: tjquinn Date: 2011-01-26 00:28:26 UTC Link: Log Message: ------------ Fix for 15653 CLIBootstrap generates the java command which launches the app client container. It was incorrectly using the AS_JAVA or JAVA_HOME setting to locate the Java-provided extension and endorsed directories. With these changes it instead (and correctly) uses the java.home system property which does point to the JRE home for locating the lib directory (which in in turn contains ext and endorsed). Approved: Chris Reviewed: Tom Tests: QL, deployment and EJB devtests, SQE test which failed for Sonia (tested on my Mac and on her Solaris system) Revisions: ---------- 44709 Modified Paths: --------------- trunk/v3/appclient/client/acc/src/main/java/org/glassfish/appclient/client/CLIBootstrap.java
        Hide
        Chris Kasso added a comment -

        Approved for 3.1

        Show
        Chris Kasso added a comment - Approved for 3.1
        Hide
        Tim Quinn added a comment -

        How bad is its impact? (Severity)
        regression of functionality or performance available in a prior release

        How often does it happen? (Frequency)
        Any time an app client relies on an extension library in the Java installation directory java.home/lib/ext. (Similar problem for endorsed libs).

        How much effort is required to fix it? (Cost)
        Minimal - candidate fix is working in my workspace and I have asked Sonia to verify that it works in her environment.

        What is the risk of fixing it? (Risk)
        Minimal.

        Does a work around for the issue exist? Can the workaround be reasonably employed by the end user?
        There is no workaround. The CLIBootstrap class builds the java command which launches the app client container and, in turn, the app client. CLIBootstrap computes the correct setting for java.ext.dirs. It currently uses JAVA_HOME if the user specified it, but it should use the property value java.home instead. The user could conceivably set java.ext.dirs explicitly on the appclient command, but to do so correctly would require adding the GlassFish library directories as well as his/her own or the Java ones. This is too cumbersome and error-prone to serve as a realistic workaround.

        If the issue is not fixed should the issue and its workaround (if applicable) be described in the Release Notes?
        n/a (no workaround)

        Show
        Tim Quinn added a comment - How bad is its impact? (Severity) regression of functionality or performance available in a prior release How often does it happen? (Frequency) Any time an app client relies on an extension library in the Java installation directory java.home/lib/ext. (Similar problem for endorsed libs). How much effort is required to fix it? (Cost) Minimal - candidate fix is working in my workspace and I have asked Sonia to verify that it works in her environment. What is the risk of fixing it? (Risk) Minimal. Does a work around for the issue exist? Can the workaround be reasonably employed by the end user? There is no workaround. The CLIBootstrap class builds the java command which launches the app client container and, in turn, the app client. CLIBootstrap computes the correct setting for java.ext.dirs. It currently uses JAVA_HOME if the user specified it, but it should use the property value java.home instead. The user could conceivably set java.ext.dirs explicitly on the appclient command, but to do so correctly would require adding the GlassFish library directories as well as his/her own or the Java ones. This is too cumbersome and error-prone to serve as a realistic workaround. If the issue is not fixed should the issue and its workaround (if applicable) be described in the Release Notes? n/a (no workaround)
        Hide
        Tim Quinn added a comment -

        I have a fix in my workspace that works on my Mac OS X system.

        I have sent the affected JAR file to Sonia in hopes that she can try a single quick test on her system.

        Show
        Tim Quinn added a comment - I have a fix in my workspace that works on my Mac OS X system. I have sent the affected JAR file to Sonia in hopes that she can try a single quick test on her system.
        Hide
        sonialiu added a comment -

        Thanks Tim for looking at the issue.
        We only set the JAVA_HOME as env. variable when running the SQE test, we don't set the AS_JAVA in the asenv.conf.

        Show
        sonialiu added a comment - Thanks Tim for looking at the issue. We only set the JAVA_HOME as env. variable when running the SQE test, we don't set the AS_JAVA in the asenv.conf.

          People

          • Assignee:
            Tim Quinn
            Reporter:
            sonialiu
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: