9 Replies Latest reply on Apr 27, 2010 8:51 AM by Manik Surtani

    How to make authentication with X509Token work?

    Lin Ye Expert

      I am trying to use JGroups authentication with Infinispan. The MD5Token works fine. When I used the X509Token, I did the following:

       

      1. Run keytool to create the keystore with the following command:

      keytool -genkeypair -dname "cn=Lin Ye, ou=Energy, o=GE, c=US" -alias test -keyalg RSA -keypass password -keystore D:\User\YELI\mykeystore -storepass changeit

       

      2. Got the following content in my JGroups config file:

      <config>
          <UDP mcast_send_buf_size="32000"
              mcast_port="45566"
              ucast_recv_buf_size="64000"
              loopback="true"
              mcast_recv_buf_size="64000"
              max_bundle_size="60000"
              max_bundle_timeout="30"
              ucast_send_buf_size="32000"
              ip_ttl="32"
              enable_bundling="false"/>
          <PING timeout="2000"
              num_initial_members="3"/>
          <MERGE2 max_interval="10000"
              min_interval="5000"/>
          <FD timeout="2000"
              max_tries="3"
              />
          <VERIFY_SUSPECT timeout="1500"/>
          <pbcast.NAKACK
              use_mcast_xmit="false"
              gc_lag="50"
              retransmit_timeout="600,1200,2400,4800"/>
          <UNICAST timeout="1200,2400,3600"/>
          <pbcast.STABLE stability_delay="1000"
              desired_avg_gossip="20000"
              max_bytes="0"/>
          <FRAG frag_size="8192"/>
          <AUTH auth_class="org.jgroups.auth.X509Token"
              auth_value="test"
              keystore_path="D:\Users\YELI\mykeystore"
              keystore_password="changeit"
              cert_password="password"
              cert_alias="test"
              cipher_type="RSA"/>
          <pbcast.GMS print_local_addr="true"
              join_timeout="3000"
              />
          <pbcast.STREAMING_STATE_TRANSFER />
          <!-- <pbcast.STATE_TRANSFER/> -->
          <pbcast.FLUSH timeout="0"/>
      </config>

       

      The first instance in a cluster started correctly. (And I noticed if I delete the cert_password entry in AUTH or make the password wrong, I got the "Cannot recover key" exception message for the first instance, so it seems it read the keystore and retrieved the key properly for the first instance when the password is correct.) However, when I started the second instance, I got the following exception:

      3063 [main] WARN  org.jgroups.protocols.pbcast.FLUSH  - T00514970-61789: waiting
      for UNBLOCK timed out after 2000 ms
      3063 [main] DEBUG org.jgroups.protocols.UDP  - closing sockets and stopping thre
      ads
      3063 [main] DEBUG org.jgroups.protocols.UDP  - multicast socket closed
      3063 [multicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.
      UDP  - receiver socket is closed, exception=java.net.SocketException: socket clo
      sed
      3063 [multicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.
      UDP  - multicast receiver thread terminated
      3079 [unicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.UD
      P  - receiver socket is closed, exception=java.net.SocketException: socket close
      d
      3079 [unicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.UD
      P  - unicast receiver thread terminated
      org.infinispan.CacheException: Unable to invoke method public abstract void org.
      infinispan.remoting.transport.Transport.start() on object
              at org.infinispan.util.ReflectionUtil.invokeAccessibly(ReflectionUtil.ja
      va:173)
              at org.infinispan.factories.AbstractComponentRegistry$PrioritizedMethod.
      invoke(AbstractComponentRegistry.java:852)
              at org.infinispan.factories.AbstractComponentRegistry.internalStart(Abst
      ractComponentRegistry.java:672)
              at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComp
      onentRegistry.java:574)
              at org.infinispan.factories.GlobalComponentRegistry.start(GlobalComponen
      tRegistry.java:131)
              at org.infinispan.factories.ComponentRegistry.start(ComponentRegistry.ja
      va:135)
              at org.infinispan.CacheDelegate.start(CacheDelegate.java:311)
              at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheMa
      nager.java:507)
              at org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManag
      er.java:473)
              at ge.energy.smartgrid.applications.omtest.controllers.InfinispanCacheCo
      ntroller.connect(InfinispanCacheController.java:50)
              at ge.energy.smartgrid.applications.omtest.controllers.InfinispanCacheCo
      ntroller.connect(InfinispanCacheController.java:38)
              at ge.energy.smartgrid.applications.omtest.drivers.ReadUpdateTestDriver.
      startUp(ReadUpdateTestDriver.java:76)
              at ge.energy.smartgrid.applications.omtest.LaunchSlave.main(LaunchSlave.
      java:16)
      Caused by: java.lang.reflect.InvocationTargetException
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.lang.reflect.Method.invoke(Unknown Source)
              at org.infinispan.util.ReflectionUtil.invokeAccessibly(ReflectionUtil.ja
      va:170)
              ... 12 more
      Caused by: org.infinispan.CacheException: Unable to start JGroups Channel
              at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGrou
      psChannelIfNeeded(JGroupsTransport.java:168)
              at org.infinispan.remoting.transport.jgroups.JGroupsTransport.start(JGro
      upsTransport.java:155)
              ... 17 more
      Caused by: org.jgroups.ChannelException: connect() failed
              at org.jgroups.JChannel.connect(JChannel.java:422)
              at org.jgroups.JChannel.connect(JChannel.java:380)
              at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGrou
      psChannelIfNeeded(JGroupsTransport.java:166)
              ... 18 more
      Caused by: java.lang.SecurityException: Authentication failed
              at org.jgroups.protocols.pbcast.ClientGmsImpl.joinInternal(ClientGmsImpl
      .java:152)
              at org.jgroups.protocols.pbcast.ClientGmsImpl.join(ClientGmsImpl.java:38
      )
              at org.jgroups.protocols.pbcast.GMS.down(GMS.java:924)
              at org.jgroups.protocols.pbcast.STREAMING_STATE_TRANSFER.down(STREAMING_
      STATE_TRANSFER.java:331)
              at org.jgroups.protocols.pbcast.FLUSH.handleConnect(FLUSH.java:309)
              at org.jgroups.protocols.pbcast.FLUSH.down(FLUSH.java:270)
              at org.jgroups.stack.ProtocolStack.down(ProtocolStack.java:836)
              at org.jgroups.JChannel.downcall(JChannel.java:1652)
              at org.jgroups.JChannel.connect(JChannel.java:417)
              ... 20 more

       

      Could you please suggest what I did wrong?

       

      Thanks,

      Lin