Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0036909Openbravo ERPA. Platformpublic2017-09-21 12:252017-09-27 16:03
javietxe 
alostale 
normalmajorsometimes
closedfixed 
5
 
3.0PR17Q4 
caristu
Core
No
0036909: SERQA 3303 Error decrypting password
Sometimes trying to decipher the password taken from the database, we get an error with the stacktrace included in the file CipherError.txt. The stacktrace is taken from the logs of production in BUT
Execute attached ConcurrentCrypto test case which uses encryption and decryption concurrently by 4 threads 10 times each. Error ratio is typically 20%-50%.
The problem is caused because a single instance of javax.crypto.Cipher is being used concurrently. Cipher is not thread-safe so it must be ensured same instance is not in use concurrently [1].

[1] https://stackoverflow.com/a/6957496/2834815 [^]
No tags attached.
blocks design defect 0034664 acknowledged Triage Platform Base multi thread unsafeties 
txt CipherError.txt (9,652) 2017-09-21 12:25
https://issues.openbravo.com/file_download.php?file_id=11085&type=bug
? StringWsClient.java (3,006) 2017-09-21 12:26
https://issues.openbravo.com/file_download.php?file_id=11086&type=bug
? WsClient.java (4,335) 2017-09-21 12:26
https://issues.openbravo.com/file_download.php?file_id=11087&type=bug
? ConcurrentCrypto.java (2,097) 2017-09-21 16:55
https://issues.openbravo.com/file_download.php?file_id=11089&type=bug
Issue History
2017-09-21 12:25javietxeNew Issue
2017-09-21 12:25javietxeAssigned To => platform
2017-09-21 12:25javietxeFile Added: CipherError.txt
2017-09-21 12:25javietxeModules => Core
2017-09-21 12:25javietxeResolution time => 1506549600
2017-09-21 12:25javietxeTriggers an Emergency Pack => No
2017-09-21 12:26javietxeFile Added: StringWsClient.java
2017-09-21 12:26javietxeFile Added: WsClient.java
2017-09-21 12:28javietxeSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=15957#r15957
2017-09-21 16:35alostaleRelationship addedblocks 0034664
2017-09-21 16:55alostaleFile Added: ConcurrentCrypto.java
2017-09-21 17:05alostaleSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=15966#r15966
2017-09-21 17:05alostaleProposed Solution updated
2017-09-22 12:10alostaleAssigned Toplatform => alostale
2017-09-22 12:10alostaleReview Assigned To => caristu
2017-09-22 12:10alostaleSummarySERQA 3303 Error decripting password => SERQA 3303 Error decrypting password
2017-09-22 12:16hgbotCheckin
2017-09-22 12:16hgbotNote Added: 0099477
2017-09-22 12:16hgbotCheckin
2017-09-22 12:16hgbotNote Added: 0099478
2017-09-22 12:16hgbotStatusnew => resolved
2017-09-22 12:16hgbotResolutionopen => fixed
2017-09-22 12:16hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/d0537640099463a01b733f59f32eadb90ddc31e9 [^]
2017-09-25 14:30hudsonbotCheckin
2017-09-25 14:30hudsonbotNote Added: 0099549
2017-09-25 14:30hudsonbotCheckin
2017-09-25 14:30hudsonbotNote Added: 0099550
2017-09-27 10:13hgbotCheckin
2017-09-27 10:13hgbotNote Added: 0099618
2017-09-27 10:14caristuNote Added: 0099619
2017-09-27 10:14caristuStatusresolved => closed
2017-09-27 10:14caristuFixed in Version => 3.0PR17Q4
2017-09-27 16:03hudsonbotCheckin
2017-09-27 16:03hudsonbotNote Added: 0099634

Notes
(0099477)
hgbot   
2017-09-22 12:16   
Repository: erp/devel/pi
Changeset: e61b4971479955b2edd9d83f5f4fd4f559b974ed
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Sep 22 11:53:37 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/e61b4971479955b2edd9d83f5f4fd4f559b974ed [^]

related to bug 36909: added test cases

  which prove that using CryptoUtility methods concurrently fail

---
M src-test/src/org/openbravo/test/AllAntTaskTests.java
A src-test/src/org/openbravo/test/system/CryptoUtilities.java
---
(0099478)
hgbot   
2017-09-22 12:16   
Repository: erp/devel/pi
Changeset: d0537640099463a01b733f59f32eadb90ddc31e9
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Sep 22 11:56:54 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/d0537640099463a01b733f59f32eadb90ddc31e9 [^]

fixed bug 36909: encryption/decryption utils were not thread safe

  They could fail when used concurrently because they were sharing an static instance
  of a no-thread-safe javax.crypto.Cipher.

  Fixed by creating a new Cipher instance whenver it's required to be used.

---
M src-core/src/org/openbravo/utils/CryptoUtility.java
---
(0099549)
hudsonbot   
2017-09-25 14:30   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d8fd6d1ecc14 [^]
Maturity status: Test
(0099550)
hudsonbot   
2017-09-25 14:30   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d8fd6d1ecc14 [^]
Maturity status: Test
(0099618)
hgbot   
2017-09-27 10:13   
Repository: erp/devel/pi
Changeset: 9d9df9af05c4b7da05415888d49277a4116b78b1
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Wed Sep 27 09:54:45 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/9d9df9af05c4b7da05415888d49277a4116b78b1 [^]

related to issue 36909: minor code review improvements

 - Created new private TRANSFORMATION constant
 - Moved the array designator from the variable to the type

---
M src-core/src/org/openbravo/utils/CryptoUtility.java
---
(0099619)
caristu   
2017-09-27 10:14   
Code reviewed + tested OK.
(0099634)
hudsonbot   
2017-09-27 16:03   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/a2ee31f89feb [^]
Maturity status: Test