Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

javax.net.ssl.SSLException: Connection reset on long running applications #213

Open
r00ta opened this issue Mar 3, 2022 · 2 comments
Open

javax.net.ssl.SSLException: Connection reset on long running applications #213

r00ta opened this issue Mar 3, 2022 · 2 comments

Comments

@r00ta
Copy link

r00ta commented Mar 3, 2022

We hit javax.net.ssl.SSLException: Connection reset multiple times on our long running application and we found a bug with the following scenario:

  1. the application makes a call
  2. the application keeps running for minutes without making any call
  3. the application makes another call but it gets a Connection reset exception

We found out that the step 3 was reusing the connection created at step one (from the connection pool) but it was closed on server side. This means that the sdk is set up with different values for the timeout.

Here's a reproducer

package com.redhat.cloud;

import java.util.HashMap;
import java.util.Map;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.openshift.cloud.api.kas.auth.AclsApi;
import com.openshift.cloud.api.kas.auth.invoker.ApiClient;
import com.openshift.cloud.api.kas.auth.invoker.ApiException;
import com.openshift.cloud.api.kas.auth.invoker.Configuration;
import com.openshift.cloud.api.kas.auth.invoker.auth.OAuth;
import com.openshift.cloud.api.kas.auth.models.AclBinding;
import com.openshift.cloud.api.kas.auth.models.AclOperation;
import com.openshift.cloud.api.kas.auth.models.AclPatternType;
import com.openshift.cloud.api.kas.auth.models.AclPermissionType;
import com.openshift.cloud.api.kas.auth.models.AclResourceType;
import org.junit.jupiter.api.Test;

import static io.restassured.RestAssured.given;

public class KafkaInstanceIT {

    @Test
    public void testCreateExample() throws InterruptedException, ApiException {

        AclBinding aclBinding = new AclBinding()
                .resourceType(AclResourceType.TOPIC)
                .resourceName("ob-351b2b55-deb9-47cb-b535-35bf20ae09f1")
                .patternType(AclPatternType.LITERAL)
                .principal("User:srvc-acct-3a46e8f6-5a39-42d4-959f-857b5e0f944b")
                .operation(AclOperation.DESCRIBE)
                .permission(AclPermissionType.ALLOW);

        ApiClient defaultClient = Configuration.getDefaultApiClient();
        defaultClient.setBasePath("https://admin-server-**REDACTED**:443/rest");

        AclsApi apiInstance = new AclsApi(defaultClient);

        System.out.println("First shot");
        setToken(defaultClient, getAccessToken());
        apiInstance.createAcl(aclBinding);

        Thread.sleep(1000 * 60 * 10); // Sleep 10 minutes

        System.out.println("Second shot");
        setToken(defaultClient, getAccessToken());
        apiInstance.createAcl(aclBinding);
    }

    private void setToken(ApiClient apiClient, String token) {
        System.out.println(token);
        OAuth oauth = (OAuth) apiClient.getAuthentication("Bearer");
        oauth.setAccessToken(token);
    }

    private String getAccessToken() {
        return given().param("grant_type", "client_credentials")
                .param("client_secret", "**REDACTED**")
                .param("client_id", "**REDACTED**")
                .param("scope", "email")
                .when()
                .post("https://identity.api.openshift.com/auth/realms/rhoas/protocol/openid-connect/token")
                .as(AccessTokenResponse.class)
                .getToken();
    }

    public static class AccessTokenResponse {

        @JsonProperty("access_token")
        protected String token;
        @JsonProperty("expires_in")
        protected long expiresIn;
        @JsonProperty("refresh_expires_in")
        protected long refreshExpiresIn;
        @JsonProperty("refresh_token")
        protected String refreshToken;
        @JsonProperty("token_type")
        protected String tokenType;
        @JsonProperty("id_token")
        protected String idToken;
        @JsonProperty("not-before-policy")
        protected int notBeforePolicy;
        @JsonProperty("session_state")
        protected String sessionState;
        protected Map<String, Object> otherClaims = new HashMap<>();
        @JsonProperty("scope")
        protected String scope;
        @JsonProperty("error")
        protected String error;
        @JsonProperty("error_description")
        protected String errorDescription;
        @JsonProperty("error_uri")
        protected String errorUri;

        public AccessTokenResponse() {
        }

        public String getToken() {
            return this.token;
        }
    }
}

The execution of it leads to

javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request: javax.net.ssl.SSLException: Connection reset
@wtrocki
Copy link
Collaborator

wtrocki commented Mar 12, 2022

I confirm that this issue happens in the generated code. I think we should log that on openapi generator repository instead. Since other requirements might need us to move out of this client I think we can

move to native client only for connectors.
Let your team test it properly

@wtrocki
Copy link
Collaborator

wtrocki commented Jul 6, 2022

See https://github.com/redhat-developer/app-services-sdk-java/pull/339/files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wtrocki @r00ta