Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0036909
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajorsometimes2017-09-21 12:252017-09-27 16:03
ReporterjavietxeView Statuspublic 
Assigned Toalostale 
PrioritynormalResolutionfixedFixed in Version3.0PR17Q4
StatusclosedFix in branchFixed in SCM revisiond05376400994
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0036909: SERQA 3303 Error decrypting password

DescriptionSometimes trying to decipher the password taken from the database, we get an error with the stacktrace included in the file CipherError.txt. The stacktrace is taken from the logs of production in BUT
Steps To ReproduceExecute attached ConcurrentCrypto test case which uses encryption and decryption concurrently by 4 threads 10 times each. Error ratio is typically 20%-50%.
Proposed SolutionThe problem is caused because a single instance of javax.crypto.Cipher is being used concurrently. Cipher is not thread-safe so it must be ensured same instance is not in use concurrently [1].

[1] https://stackoverflow.com/a/6957496/2834815 [^]
TagsNo tags attached.
Attached Filestxt file icon CipherError.txt [^] (9,652 bytes) 2017-09-21 12:25 [Show Content]
? file icon StringWsClient.java [^] (3,006 bytes) 2017-09-21 12:26
? file icon WsClient.java [^] (4,335 bytes) 2017-09-21 12:26
? file icon ConcurrentCrypto.java [^] (2,097 bytes) 2017-09-21 16:55

- Relationships Relation Graph ] Dependency Graph ]
blocks design defect 0034664 acknowledgedplatform multi thread unsafeties 

-  Notes
(0099477)
hgbot (developer)
2017-09-22 12:16

Repository: erp/devel/pi
Changeset: e61b4971479955b2edd9d83f5f4fd4f559b974ed
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Sep 22 11:53:37 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/e61b4971479955b2edd9d83f5f4fd4f559b974ed [^]

related to bug 36909: added test cases

  which prove that using CryptoUtility methods concurrently fail

---
M src-test/src/org/openbravo/test/AllAntTaskTests.java
A src-test/src/org/openbravo/test/system/CryptoUtilities.java
---
(0099478)
hgbot (developer)
2017-09-22 12:16

Repository: erp/devel/pi
Changeset: d0537640099463a01b733f59f32eadb90ddc31e9
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Sep 22 11:56:54 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/d0537640099463a01b733f59f32eadb90ddc31e9 [^]

fixed bug 36909: encryption/decryption utils were not thread safe

  They could fail when used concurrently because they were sharing an static instance
  of a no-thread-safe javax.crypto.Cipher.

  Fixed by creating a new Cipher instance whenver it's required to be used.

---
M src-core/src/org/openbravo/utils/CryptoUtility.java
---
(0099549)
hudsonbot (developer)
2017-09-25 14:30

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d8fd6d1ecc14 [^]
Maturity status: Test
(0099550)
hudsonbot (developer)
2017-09-25 14:30

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d8fd6d1ecc14 [^]
Maturity status: Test
(0099618)
hgbot (developer)
2017-09-27 10:13

Repository: erp/devel/pi
Changeset: 9d9df9af05c4b7da05415888d49277a4116b78b1
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Wed Sep 27 09:54:45 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/9d9df9af05c4b7da05415888d49277a4116b78b1 [^]

related to issue 36909: minor code review improvements

 - Created new private TRANSFORMATION constant
 - Moved the array designator from the variable to the type

---
M src-core/src/org/openbravo/utils/CryptoUtility.java
---
(0099619)
caristu (developer)
2017-09-27 10:14

Code reviewed + tested OK.
(0099634)
hudsonbot (developer)
2017-09-27 16:03

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/a2ee31f89feb [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2017-09-21 12:25 javietxe New Issue
2017-09-21 12:25 javietxe Assigned To => platform
2017-09-21 12:25 javietxe File Added: CipherError.txt
2017-09-21 12:25 javietxe Modules => Core
2017-09-21 12:25 javietxe Triggers an Emergency Pack => No
2017-09-21 12:26 javietxe File Added: StringWsClient.java
2017-09-21 12:26 javietxe File Added: WsClient.java
2017-09-21 12:28 javietxe Steps to Reproduce Updated View Revisions
2017-09-21 16:35 alostale Relationship added blocks 0034664
2017-09-21 16:55 alostale File Added: ConcurrentCrypto.java
2017-09-21 17:05 alostale Steps to Reproduce Updated View Revisions
2017-09-21 17:05 alostale Proposed Solution updated
2017-09-22 12:10 alostale Assigned To platform => alostale
2017-09-22 12:10 alostale Review Assigned To => caristu
2017-09-22 12:10 alostale Summary SERQA 3303 Error decripting password => SERQA 3303 Error decrypting password
2017-09-22 12:16 hgbot Checkin
2017-09-22 12:16 hgbot Note Added: 0099477
2017-09-22 12:16 hgbot Checkin
2017-09-22 12:16 hgbot Note Added: 0099478
2017-09-22 12:16 hgbot Status new => resolved
2017-09-22 12:16 hgbot Resolution open => fixed
2017-09-22 12:16 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/d0537640099463a01b733f59f32eadb90ddc31e9 [^]
2017-09-25 14:30 hudsonbot Checkin
2017-09-25 14:30 hudsonbot Note Added: 0099549
2017-09-25 14:30 hudsonbot Checkin
2017-09-25 14:30 hudsonbot Note Added: 0099550
2017-09-27 10:13 hgbot Checkin
2017-09-27 10:13 hgbot Note Added: 0099618
2017-09-27 10:14 caristu Note Added: 0099619
2017-09-27 10:14 caristu Status resolved => closed
2017-09-27 10:14 caristu Fixed in Version => 3.0PR17Q4
2017-09-27 16:03 hudsonbot Checkin
2017-09-27 16:03 hudsonbot Note Added: 0099634


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker