Uploaded image for project: 'JBoss Marshalling'
  1. JBoss Marshalling
  2. JBMAR-159

Read past end of file while marshalling PrivateKey in SAMLAccessFilter

    Details

      Description

      After moving from glassfish (3.1.2 and 4.0) to WildFly, I get the following stacktrace when reading an object (EvoteSAMLCredentials) containing an instance of org.bouncycastle.jce.provider.JCERSAPrivateKey (found in bcprov-jdk14-1.38.jar or bcprov-jdk16-1.46.jar):

      2014-01-30 11:08:14,639 ERROR [io.undertow.request] (default task-7) UT005023: Exception handling request to /secure/index.xhtml: javax.ejb.EJBException: java.io.EOFException: Read past end of file
      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:236) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at $Proxy277.getDIFICredential(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05]
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
      at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
      at no.evote.service.cache.ServiceInvocationHandler.invoke(ServiceInvocationHandler.java:84) [classes:]
      at no.evote.service.cache.ServiceInvocationHandler.invoke(ServiceInvocationHandler.java:115) [classes:]
      at $Proxy277.getDIFICredential(Unknown Source) at no.evote.service.security.saml.SAMLAccessFilter.doAuthenticationRedirect(SAMLAccessFilter.java:90) [classes:]
      at no.evote.service.security.saml.SAMLAccessFilter.doFilter(SAMLAccessFilter.java:69) [classes:]
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at no.evote.lifecycle.LifecycleFilter.doFilter(LifecycleFilter.java:50) [classes:]
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at no.evote.presentation.util.filters.IEModeFilter.doFilter(IEModeFilter.java:45) [classes:]
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at no.evote.presentation.util.filters.ForceLocaleFilter.doFilter(ForceLocaleFilter.java:56) [classes:]
      at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:70)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:67) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:70) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.server.Connectors.executeRootHandler(Connectors.java:164) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:654) [undertow-core-1.0.0.Beta30.jar:1.0.0.Beta30]
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_05]
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_05]
      at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_05]
      Caused by: java.io.EOFException: Read past end of file
      at org.jboss.marshalling.SimpleDataInput.eofOnRead(SimpleDataInput.java:155)
      at org.jboss.marshalling.SimpleDataInput.readUnsignedByteDirect(SimpleDataInput.java:298)
      at org.jboss.marshalling.SimpleDataInput.readIntDirect(SimpleDataInput.java:347)
      at org.jboss.marshalling.SimpleDataInput.readInt(SimpleDataInput.java:320)
      at org.jboss.marshalling.river.RiverObjectInputStream.readFields(RiverObjectInputStream.java:120)
      at java.math.BigInteger.readObject(BigInteger.java:3096) [rt.jar:1.7.0_05]
      at sun.reflect.GeneratedMethodAccessor458.invoke(Unknown Source) [:1.7.0_05]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
      at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
      at org.jboss.marshalling.reflect.SerializableClass.callReadObject(SerializableClass.java:311)
      at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1612)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadNewObject(RiverUnmarshaller.java:1273)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:276)
      at org.jboss.marshalling.river.BlockUnmarshaller.readObject(BlockUnmarshaller.java:153)
      at org.jboss.marshalling.river.BlockUnmarshaller.readObject(BlockUnmarshaller.java:139)
      at org.jboss.marshalling.MarshallerObjectInputStream.readObjectOverride(MarshallerObjectInputStream.java:57)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:363) [rt.jar:1.7.0_05]
      at org.bouncycastle.jce.provider.JCERSAPrivateKey.readObject(Unknown Source) [bcprov-jdk14-1.38.jar:1.38.0]
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05]
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05]
      at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05]
      at org.jboss.marshalling.reflect.SerializableClass.callReadObject(SerializableClass.java:311)
      at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1612)
      at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1595)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadNewObject(RiverUnmarshaller.java:1273)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:276)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:213)
      at org.jboss.marshalling.river.RiverUnmarshaller.readFields(RiverUnmarshaller.java:1715)
      at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1631)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadNewObject(RiverUnmarshaller.java:1273)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:276)
      at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:213)
      at org.jboss.marshalling.AbstractObjectInput.readObject(AbstractObjectInput.java:45)
      at org.jboss.ejb.client.remoting.MethodInvocationResponseHandler$MethodInvocationResultProducer.getResult(MethodInvocationResponseHandler.java:103) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:272) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBObjectInterceptor.handleInvocationResult(EJBObjectInterceptor.java:64) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBHomeInterceptor.handleInvocationResult(EJBHomeInterceptor.java:88) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:46) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:274) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.ReceiverInterceptor.handleInvocationResult(ReceiverInterceptor.java:129) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:262) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:437) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:202) [jboss-ejb-client-2.0.0.Beta5.jar:2.0.0.Beta5]
      ... 48 more
      Caused by: an exception which occurred:
      in field signum
      in object of type java.math.BigInteger
      in object of type org.bouncycastle.jce.provider.JCERSAPrivateCrtKey
      in field privateKey
      in object of type no.evote.util.EvoteSAMLCredentials
      

      I have tried to reproduce this in a unit test by adding

      	public static class MyKey extends JCERSAPrivateKey {
      
      		public MyKey() {
      			this.modulus = BigInteger.ONE;
      			this.privateExponent = BigInteger.TEN;
      		}
      	}
      
      	@Test
      	public void testMyKey() throws Throwable {
      		final Serializable serializable = new MyKey();
      		runReadWriteTest(new ReadWriteTest() {
      			public void runWrite(final Marshaller marshaller) throws Throwable {
      				marshaller.writeObject(serializable);
      			}
      
      			public void runRead(final Unmarshaller unmarshaller) throws Throwable {
      				assertEquals(serializable, unmarshaller.readObject());
      				assertEOF(unmarshaller);
      			}
      		});
      	}
      

      to org.jboss.test.marshalling.SimpleMarshallerTests with the following output:

      Read Configuration = org.jboss.marshalling.MarshallingConfiguration@7da5b607: instanceCount=256 classCount=64 bufferSize=512 version=3
      Marshaller = org.jboss.marshalling.river.RiverMarshaller@71aeef97 (version set to 3)
      java.io.NotActiveException: Fields were never written
      	at org.jboss.marshalling.river.RiverObjectOutputStream.finish(RiverObjectOutputStream.java:175)
      	at org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1012)
      	at org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1001)
      	at org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:888)
      	at org.jboss.marshalling.AbstractObjectOutput.writeObject(AbstractObjectOutput.java:62)
      	at org.jboss.marshalling.AbstractMarshaller.writeObject(AbstractMarshaller.java:115)
      	at org.jboss.test.marshalling.SimpleMarshallerTests$5.runWrite(SimpleMarshallerTests.java:248)
      	at org.jboss.test.marshalling.TestBase.runReadWriteTest(TestBase.java:109)
      	at org.jboss.test.marshalling.SimpleMarshallerTests.testMyKey(SimpleMarshallerTests.java:246)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:601)
      	at org.testng.internal.MethodHelper.invokeMethod(MethodHelper.java:643)
      	at org.testng.internal.Invoker.invokeMethod(Invoker.java:559)
      	at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:723)
      	at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1027)
      	at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:137)
      	at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:121)
      	at org.testng.TestRunner.runWorkers(TestRunner.java:1030)
      	at org.testng.TestRunner.privateRun(TestRunner.java:709)
      	at org.testng.TestRunner.run(TestRunner.java:579)
      	at org.testng.SuiteRunner.runTest(SuiteRunner.java:331)
      	at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:326)
      	at org.testng.SuiteRunner.privateRun(SuiteRunner.java:288)
      	at org.testng.SuiteRunner.run(SuiteRunner.java:193)
      	at org.testng.TestNG.createAndRunSuiteRunners(TestNG.java:910)
      	at org.testng.TestNG.runSuitesLocally(TestNG.java:879)
      	at org.testng.TestNG.run(TestNG.java:787)
      	at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:75)
      	at org.testng.RemoteTestNGStarter.main(RemoteTestNGStarter.java:120)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:601)
      	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
      Caused by: an exception which occurred:
      	in object org.jboss.test.marshalling.SimpleMarshallerTests$MyKey@b
      

      The sourcecode for EvoteSAMLCredentials is available here:
      https://sourcecode.valg.no/websvn/filedetails.php?repname=Admin&path=%2Fadmin-common%2Fsrc%2Fmain%2Fjava%2Fno%2Fevote%2Futil%2FEvoteSAMLCredentials.java

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dmlloyd David Lloyd
                  Reporter:
                  runeks2 Rune Steinseth
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: