Asynchronous API with TLS support


#1

Hi,

I’m trying aerospike with TLS feature. I’m using java client 4.0.8, and following node snippet to create the AerospikeClient:

           EventPolicy eventPolicy = new EventPolicy();
           EventLoopGroup group = new NioEventLoopGroup(4);
           EventLoops eventLoops = new NettyEventLoops(eventPolicy, group);
           ClientPolicy clientPolicy = new ClientPolicy();
           clientPolicy.eventLoops = eventLoops;
           AerospikeClient client = new AerospikeClient(clientPolicy, hosts);   // TLS is enabled, and the hosts here have 4333 port

Then, I can successfully write data to aerospike:

           client.put(putPolicy, key, bins);

But failed with AerospikeException when invoking (exception stacktrace is attached):

           client.put(eventLoops.next(), callback, putPolicy, key, bins);

My question is:

  1. Is AerospikeClient Asynchronous APIs supported when TLS is enabled? If it is supported, could you share your comments that anything incorrect in my sample?

  2. I haven’t tried NettyEventLoops with EpollEventLoopGroup, is AerospikeClient Asynchronous API supported when NettyEventLoops is EpollEventLoopGroup based (instead of NioEventLoopGroup based as in my above sample.)?

Below is the exception details in my sample:

com.aerospike.client.AerospikeException: TLS connect failed: General SSLEngine problem at com.aerospike.client.async.NettyCommand$InboundHandler.userEventTriggered(NettyCommand.java:790) at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:329) at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:315) at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:307) at io.netty.handler.ssl.SslUtils.notifyHandshakeFailure(SslUtils.java:246) at io.netty.handler.ssl.SslHandler.notifyHandshakeFailure(SslHandler.java:1415) at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1406) at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1380) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1088) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.paypal.infra.ssl.jsse.Handshaker.checkThrown(Handshaker.java:1424) at com.paypal.infra.ssl.jsse.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:538) at com.paypal.infra.ssl.jsse.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:816) at com.paypal.infra.ssl.jsse.SSLEngineImpl.unwrap(SSLEngineImpl.java:784) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:254) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1156) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1078) … 17 more Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.paypal.infra.ssl.jsse.Alerts.getSSLException(Alerts.java:192) at com.paypal.infra.ssl.jsse.SSLEngineImpl.fatal(SSLEngineImpl.java:1740) at com.paypal.infra.ssl.jsse.Handshaker.fatalSE(Handshaker.java:297) at com.paypal.infra.ssl.jsse.Handshaker.fatalSE(Handshaker.java:289) at com.paypal.infra.ssl.jsse.ClientHandshaker.serverCertificate(ClientHandshaker.java:1503) at com.paypal.infra.ssl.jsse.ClientHandshaker.processMessage(ClientHandshaker.java:213) at com.paypal.infra.ssl.jsse.Handshaker.processLoop(Handshaker.java:972) at com.paypal.infra.ssl.jsse.Handshaker$1.run(Handshaker.java:912) at com.paypal.infra.ssl.jsse.Handshaker$1.run(Handshaker.java:909) at java.security.AccessController.doPrivileged(Native Method) at com.paypal.infra.ssl.jsse.Handshaker$DelegatedTask.run(Handshaker.java:1362) at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1295) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1208) … 18 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at com.paypal.infra.ssl.jsse.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at com.paypal.infra.ssl.jsse.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) at com.paypal.infra.ssl.jsse.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) at com.paypal.infra.ssl.jsse.ClientHandshaker.serverCertificate(ClientHandshaker.java:1490) … 26 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) … 32 more


#2

The issue reported in the first post is because the security cert was not correctly setup for Netty.