How to make authentication with X509Token work?
yelin66 Apr 7, 2010 4:56 PMI am trying to use JGroups authentication with Infinispan. The MD5Token works fine. When I used the X509Token, I did the following:
1. Run keytool to create the keystore with the following command:
keytool -genkeypair -dname "cn=Lin Ye, ou=Energy, o=GE, c=US" -alias test -keyalg RSA -keypass password -keystore D:\User\YELI\mykeystore -storepass changeit
2. Got the following content in my JGroups config file:
<config>
<UDP mcast_send_buf_size="32000"
mcast_port="45566"
ucast_recv_buf_size="64000"
loopback="true"
mcast_recv_buf_size="64000"
max_bundle_size="60000"
max_bundle_timeout="30"
ucast_send_buf_size="32000"
ip_ttl="32"
enable_bundling="false"/>
<PING timeout="2000"
num_initial_members="3"/>
<MERGE2 max_interval="10000"
min_interval="5000"/>
<FD timeout="2000"
max_tries="3"
/>
<VERIFY_SUSPECT timeout="1500"/>
<pbcast.NAKACK
use_mcast_xmit="false"
gc_lag="50"
retransmit_timeout="600,1200,2400,4800"/>
<UNICAST timeout="1200,2400,3600"/>
<pbcast.STABLE stability_delay="1000"
desired_avg_gossip="20000"
max_bytes="0"/>
<FRAG frag_size="8192"/>
<AUTH auth_class="org.jgroups.auth.X509Token"
auth_value="test"
keystore_path="D:\Users\YELI\mykeystore"
keystore_password="changeit"
cert_password="password"
cert_alias="test"
cipher_type="RSA"/>
<pbcast.GMS print_local_addr="true"
join_timeout="3000"
/>
<pbcast.STREAMING_STATE_TRANSFER />
<!-- <pbcast.STATE_TRANSFER/> -->
<pbcast.FLUSH timeout="0"/>
</config>
The first instance in a cluster started correctly. (And I noticed if I delete the cert_password entry in AUTH or make the password wrong, I got the "Cannot recover key" exception message for the first instance, so it seems it read the keystore and retrieved the key properly for the first instance when the password is correct.) However, when I started the second instance, I got the following exception:
3063 [main] WARN org.jgroups.protocols.pbcast.FLUSH - T00514970-61789: waiting
for UNBLOCK timed out after 2000 ms
3063 [main] DEBUG org.jgroups.protocols.UDP - closing sockets and stopping thre
ads
3063 [main] DEBUG org.jgroups.protocols.UDP - multicast socket closed
3063 [multicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.
UDP - receiver socket is closed, exception=java.net.SocketException: socket clo
sed
3063 [multicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.
UDP - multicast receiver thread terminated
3079 [unicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.UD
P - receiver socket is closed, exception=java.net.SocketException: socket close
d
3079 [unicast receiver,omCluster,T00514970-61789] DEBUG org.jgroups.protocols.UD
P - unicast receiver thread terminated
org.infinispan.CacheException: Unable to invoke method public abstract void org.
infinispan.remoting.transport.Transport.start() on object
at org.infinispan.util.ReflectionUtil.invokeAccessibly(ReflectionUtil.ja
va:173)
at org.infinispan.factories.AbstractComponentRegistry$PrioritizedMethod.
invoke(AbstractComponentRegistry.java:852)
at org.infinispan.factories.AbstractComponentRegistry.internalStart(Abst
ractComponentRegistry.java:672)
at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComp
onentRegistry.java:574)
at org.infinispan.factories.GlobalComponentRegistry.start(GlobalComponen
tRegistry.java:131)
at org.infinispan.factories.ComponentRegistry.start(ComponentRegistry.ja
va:135)
at org.infinispan.CacheDelegate.start(CacheDelegate.java:311)
at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheMa
nager.java:507)
at org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManag
er.java:473)
at ge.energy.smartgrid.applications.omtest.controllers.InfinispanCacheCo
ntroller.connect(InfinispanCacheController.java:50)
at ge.energy.smartgrid.applications.omtest.controllers.InfinispanCacheCo
ntroller.connect(InfinispanCacheController.java:38)
at ge.energy.smartgrid.applications.omtest.drivers.ReadUpdateTestDriver.
startUp(ReadUpdateTestDriver.java:76)
at ge.energy.smartgrid.applications.omtest.LaunchSlave.main(LaunchSlave.
java:16)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.infinispan.util.ReflectionUtil.invokeAccessibly(ReflectionUtil.ja
va:170)
... 12 more
Caused by: org.infinispan.CacheException: Unable to start JGroups Channel
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGrou
psChannelIfNeeded(JGroupsTransport.java:168)
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.start(JGro
upsTransport.java:155)
... 17 more
Caused by: org.jgroups.ChannelException: connect() failed
at org.jgroups.JChannel.connect(JChannel.java:422)
at org.jgroups.JChannel.connect(JChannel.java:380)
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGrou
psChannelIfNeeded(JGroupsTransport.java:166)
... 18 more
Caused by: java.lang.SecurityException: Authentication failed
at org.jgroups.protocols.pbcast.ClientGmsImpl.joinInternal(ClientGmsImpl
.java:152)
at org.jgroups.protocols.pbcast.ClientGmsImpl.join(ClientGmsImpl.java:38
)
at org.jgroups.protocols.pbcast.GMS.down(GMS.java:924)
at org.jgroups.protocols.pbcast.STREAMING_STATE_TRANSFER.down(STREAMING_
STATE_TRANSFER.java:331)
at org.jgroups.protocols.pbcast.FLUSH.handleConnect(FLUSH.java:309)
at org.jgroups.protocols.pbcast.FLUSH.down(FLUSH.java:270)
at org.jgroups.stack.ProtocolStack.down(ProtocolStack.java:836)
at org.jgroups.JChannel.downcall(JChannel.java:1652)
at org.jgroups.JChannel.connect(JChannel.java:417)
... 20 more
Could you please suggest what I did wrong?
Thanks,
Lin