[jira] [Created] (DIRMINA-1065) Stuck on the SSL request

[Dawid Kulig (JIRA)]

Dawid Kulig created DIRMINA-1065:
------------------------------------

             Summary: Stuck on the SSL request
                 Key: DIRMINA-1065
                 URL: https://issues.apache.org/jira/browse/DIRMINA-1065
             Project: MINA
          Issue Type: Bug
    Affects Versions: 2.0.16
         Environment: java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

Linux 8d9ad913fa03 4.4.39-34.54.amzn1.x86_64 #1 SMP Fri Dec 30 19:11:28 UTC 
2016 x86_64 x86_64 x86_64 GNU/Linux
            Reporter: Dawid Kulig


I am having troubles with Apache MINA core library. When I deploy my 
application to a remote server some of the requests are not processed (around 
2%). It looks like there might be a problem with SSL.

When request is not being processed, it is always stuck on:

{code}org.apache.mina.filter.ssl.SslFilter  - Session Server[40](ssl...): 
Processing the SSL Data{code}

{code:title=full request log tail}
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,081 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslFilter  - 
Adding the SSL Filter sslFilter to the chain
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,081 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](no sslEngine) Initializing the SSL Handler
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,082 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](no sslEngine) SSL Handler Initialization done.
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,082 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslFilter  - 
Session Server[40](ssl...) : Starting the first handshake
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,082 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](ssl...) processing the NEED_UNWRAP state
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,082 [pool-7-thread-10] DEBUG 
org.apache.mina.core.filterchain.IoFilterEvent  - Firing a SESSION_OPENED event 
for session 40
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,082 [pool-7-thread-10] INFO com.myapp.Handler  - Session opened for ip 
/x.x.x.x:59558. There are 1 online clients now
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,082 [pool-7-thread-10] DEBUG 
org.apache.mina.core.filterchain.IoFilterEvent  - Event SESSION_OPENED has been 
fired for session 40
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,087 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslFilter  - 
Session Server[40](ssl...): Message received : HeapBuffer[pos=0 lim=200 
cap=2048: 16 03 03 00 C3 01 00 00 BF 03 03 58 B5 86 A4 02...]
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,087 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](ssl...) Processing the received message
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,087 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](ssl...) processing the NEED_UNWRAP state
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,087 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](ssl...) processing the NEED_TASK state
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,096 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](ssl...) processing the NEED_WRAP state
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,096 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslFilter  - 
Session Server[40](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 
lim=1327 cap=2115: 16 03 03 05 2A 02 00 00 4D 03 03 58 B5 86 A4 A6...]
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,096 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslHandler  - 
Session Server[40](ssl...) processing the NEED_UNWRAP state
Feb 28 14:18:12 ip-172-31-55-130 docker/56215cf75435[2788]: 2017-02-28 
14:18:12,096 [NioProcessor-5] DEBUG org.apache.mina.filter.ssl.SslFilter  - 
Session Server[40](ssl...): Processing the SSL Data
{code}

My application was recently using apache-mina 2.0.7. I thought upgrading the 
MINA core to 2.0.16 might help, but it didn't. 
My another observation is that, this is not happening on my local environment 
(MacOS) only on the remote Amazon server. 

Please find below part of the server-side code: 

{code}
@Provides
    ProtocolCodecFilter providesCodecFilter(ResponseProtoEncoder encoder, 
RequestProtoDecoder decoder) {
        return new ProtocolCodecFilter(encoder, decoder);
    }

    @Provides
    KeyStore providesKeyStore() throws NoSuchProviderException, 
NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        if(keystoreName == null)
            return null;
        KeyStoreFactory f = new KeyStoreFactory();
        
f.setDataUrl(this.getClass().getClassLoader().getResource(keystoreName));
        f.setPassword(keystorePassword);
        return f.newInstance();
    }

    @Provides
    SSLContext providesSslContext(KeyStore keyStore) throws Exception {
        if(keyStore == null)
            return null;
        SslContextFactory f = new SslContextFactory();
        
f.setKeyManagerFactoryAlgorithm(KeyManagerFactory.getDefaultAlgorithm());
        
f.setTrustManagerFactory(TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()));
        f.setTrustManagerFactoryKeyStore(keyStore);
        f.setKeyManagerFactoryKeyStore(keyStore);
        f.setKeyManagerFactoryKeyStorePassword(keyPassword);
        return f.newInstance();
    }

    @Provides @Singleton
    SslFilter providesSslFilter(SSLContext sslContext) {
        if(sslContext == null)
            return null;
        SslFilter sslFilter = new SslFilter(sslContext);
        if(needClientAuth)
            sslFilter.setNeedClientAuth(true);
        return sslFilter;
    }

    @Provides
    IoFilterChainBuilder 
providesDefaultIoFilterChainBuilder(ProtocolCodecFilter codecFilter, SslFilter 
sslFilter) {
        DefaultIoFilterChainBuilder res = new DefaultIoFilterChainBuilder();
        Map<String, IoFilter> filters = new LinkedHashMap<String, IoFilter>();
        if(sslFilter != null)
            filters.put("sslFilter", sslFilter);
        filters.put("codecFilter", codecFilter);
        filters.put("executorFilter", new ExecutorFilter(new 
UnorderedThreadPoolExecutor()));
        res.setFilters(filters);
        return res;
    }

    @Provides @Singleton
    SocketAcceptor providesSocketAcceptor(InetSocketAddress addr, IoHandler 
handler, IoFilterChainBuilder filterChainBuilder) throws IOException {
        SocketAcceptor res = new NioSocketAcceptor();
        res.setDefaultLocalAddress(addr);
        res.setFilterChainBuilder(filterChainBuilder);
        res.setHandler(handler);
        res.setReuseAddress(true);
        res.setCloseOnDeactivation(true);
        res.bind();
        return res;
    }
{code}
Any kind of help would be much appreciated!





--
This message was sent by Atlassian JIRA
(v6.3.15#6346)