[
https://issues.apache.org/jira/browse/RATIS-852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mukul Kumar Singh updated RATIS-852:
------------------------------------
Attachment: RATIS-852.001.patch
> GrpcSslTest fails with CertificateExpiredException
> --------------------------------------------------
>
> Key: RATIS-852
> URL: https://issues.apache.org/jira/browse/RATIS-852
> Project: Ratis
> Issue Type: Bug
> Components: thirdparty
> Reporter: Mukul Kumar Singh
> Assignee: Mukul Kumar Singh
> Priority: Major
> Attachments: RATIS-852.001.patch
>
>
> GrpcSslTest fails with CertificateExpiredException
> {code}
> [INFO] Running org.apache.ratis.thirdparty.demo.GrpcSslTest
> 2020-04-16 11:40:30,624 [Thread-0] INFO demo.GrpcSslTest
> (GrpcSslTest.java:getResource(37)) - Getting Resource:
> /Users/mukul/code/apache/ratis/thirdparty/test/target/test-classes/ssl/server.pem
> 2020-04-16 11:40:30,624 [main] INFO demo.GrpcSslTest
> (GrpcSslTest.java:getResource(37)) - Getting Resource:
> /Users/mukul/code/apache/ratis/thirdparty/test/target/test-classes/ssl/client.pem
> 2020-04-16 11:40:30,627 [Thread-0] INFO demo.GrpcSslTest
> (GrpcSslTest.java:getResource(37)) - Getting Resource:
> /Users/mukul/code/apache/ratis/thirdparty/test/target/test-classes/ssl/server.crt
> 2020-04-16 11:40:30,629 [main] INFO demo.GrpcSslTest
> (GrpcSslTest.java:getResource(37)) - Getting Resource:
> /Users/mukul/code/apache/ratis/thirdparty/test/target/test-classes/ssl/ca.crt
> 2020-04-16 11:40:30,629 [Thread-0] INFO demo.GrpcSslTest
> (GrpcSslTest.java:getResource(37)) - Getting Resource:
> /Users/mukul/code/apache/ratis/thirdparty/test/target/test-classes/ssl/client.crt
> 2020-04-16 11:40:30,630 [main] INFO demo.GrpcSslTest
> (GrpcSslTest.java:getResource(37)) - Getting Resource:
> /Users/mukul/code/apache/ratis/thirdparty/test/target/test-classes/ssl/client.crt
> 2020-04-16 11:40:31,224 [Thread-0] INFO demo.GrpcServer
> (GrpcSslServer.java:start(69)) - GrpcSslServer started, listening on 50005
> 2020-04-16 11:40:31,454 [main] WARN demo.GrpcSslClient
> (GrpcSslClient.java:greet(86)) - RPC failed: {0}
> org.apache.ratis.thirdparty.io.grpc.StatusRuntimeException: UNAVAILABLE: io
> exception
> Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0,
> WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]
> at
> org.apache.ratis.thirdparty.io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:235)
> at
> org.apache.ratis.thirdparty.io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:216)
> at
> org.apache.ratis.thirdparty.io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:141)
> at
> org.apache.ratis.thirdparty.demo.GreeterGrpc$GreeterBlockingStub.hello(GreeterGrpc.java:156)
> at
> org.apache.ratis.thirdparty.demo.GrpcSslClient.greet(GrpcSslClient.java:82)
> at
> org.apache.ratis.thirdparty.demo.GrpcSslTest.testSslClientServer(GrpcSslTest.java:73)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
> at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:365)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159)
> at
> org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:383)
> at
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:344)
> at
> org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:125)
> at
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:417)
> Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1735)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:775)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:509)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1052)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:943)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1401)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1233)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1280)
> at
> org.apache.ratis.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:498)
> at
> org.apache.ratis.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:437)
> at
> org.apache.ratis.thirdparty.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
> at
> org.apache.ratis.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377)
> at
> org.apache.ratis.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363)
> at
> org.apache.ratis.thirdparty.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355)
> at
> org.apache.ratis.thirdparty.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
> at
> org.apache.ratis.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377)
> at
> org.apache.ratis.thirdparty.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363)
> at
> org.apache.ratis.thirdparty.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
> at
> org.apache.ratis.thirdparty.io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
> at
> org.apache.ratis.thirdparty.io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
> at
> org.apache.ratis.thirdparty.io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
> at
> org.apache.ratis.thirdparty.io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
> at
> org.apache.ratis.thirdparty.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
> at
> org.apache.ratis.thirdparty.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
> at
> org.apache.ratis.thirdparty.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
> at
> org.apache.ratis.thirdparty.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: sun.security.validator.ValidatorException: PKIX path validation
> failed: java.security.cert.CertPathValidatorException: validity check failed
> at
> sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
> at sun.security.validator.Validator.validate(Validator.java:262)
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:289)
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.OpenSslTlsv13X509ExtendedTrustManager.checkServerTrusted(OpenSslTlsv13X509ExtendedTrustManager.java:223)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:255)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:701)
> at
> org.apache.ratis.thirdparty.io.netty.internal.tcnative.SSL.readFromSSL(Native
> Method)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData(ReferenceCountedOpenSslEngine.java:594)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1179)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1296)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:200)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1338)
> ... 21 more
> Caused by: java.security.cert.CertPathValidatorException: validity check
> failed
> at
> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
> at
> java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
> at
> sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)
> ... 35 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Dec
> 03 11:16:38 IST 2019
> at
> sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
> at
> org.apache.ratis.thirdparty.io.netty.handler.ssl.OpenSslX509Certificate.checkValidity(OpenSslX509Certificate.java:57)
> at
> sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190)
> at
> sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
> at
> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
> ... 40 more
> 2020-04-16 11:40:31,459 [main] INFO demo.GrpcSslTest
> (GrpcSslTest.java:testSslClientServer(74)) - Greet result:
> [ERROR] Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.975
> s <<< FAILURE! - in org.apache.ratis.thirdparty.demo.GrpcSslTest
> [ERROR] testSslClientServer(org.apache.ratis.thirdparty.demo.GrpcSslTest)
> Time elapsed: 0.863 s <<< FAILURE!
> java.lang.AssertionError
> at
> org.apache.ratis.thirdparty.demo.GrpcSslTest.testSslClientServer(GrpcSslTest.java:75)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
