Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5678

Remote Crowd directory does not timeout when using SSL tunnel via forward proxy

    XMLWordPrintable

Details

    Description

      Issue Summary

      Remote Crowd directory does not timeout when using SSL tunnel via forward proxy.

      Requests that do not timeout (have infinite timeout):

      • HTTP CONNECT request from Crowd to forward proxy
      • SSL/TLS handshake after tunnel has been created

      Steps to Reproduce

      These are steps for HTTP CONNECT request as it's simpler to reproduce:

      1. Run `nc -k -l 8881` to simulate not responding forward proxy on port 8881
      2. Add Remote Crowd directory with the following config:
        1. URL: https://localhost - It's crucial that it's HTTP*S* so that Crowd will try to open a SSL tunnel via proxy. Host name doesn't matter as we won't make any request to this host anyways because proxy is being simulated
        2. Application name: anything
        3. Application password: anything
        4. Proxy host: localhost (the host on which we're running netcat)
        5. Proxy port: 8881
      3. Click Test connection

      Expected Results

      Request testing connection will eventually timeout.

      Actual Results

      Request never times out. Getting thread dump of Crowd java process shows that the thread is stuck at socketRead within createTunnelToTarget or createLayeredSocket and startHandshake

      "http-nio-8095-exec-1" #108 daemon prio=5 os_prio=31 tid=0x00007fc0bfc35000 nid=0xd503 runnable [0x000070000914d000]
   java.lang.Thread.State: RUNNABLE
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
        at java.net.SocketInputStream.read(SocketInputStream.java:171)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137)
        at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153)
        at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:280)
        at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138)
        at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:56)
        at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259)
        at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163)
        at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:157)
        at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273)
        at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
        at org.apache.http.impl.execchain.MainClientExec.createTunnelToTarget(MainClientExec.java:485)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:410)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
        at org.apache.http.impl.client.cache.CachingExec.callBackend(CachingExec.java:592)
        at org.apache.http.impl.client.cache.CachingExec.execute(CachingExec.java:269)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.executeCrowdServiceMethod(RestExecutor.java:498)
        at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:370)
        at com.atlassian.crowd.integration.rest.service.RestCrowdClient.searchUsers(RestCrowdClient.java:514)
        at com.atlassian.crowd.integration.rest.service.RestCrowdClient.testConnection(RestCrowdClient.java:504)
        at com.atlassian.crowd.directory.RemoteCrowdDirectory.testConnection(RemoteCrowdDirectory.java:616)
        at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:88)

      This thread will be stuck forever.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. BAM-21195 No read timeout for socket operations such as CONNECT and SSL handshake when communicating with Crowd can cause long running HTTP threads

          • Low - Low priority issues
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. CWD-5709 Crowd directory does not timeout when using SSL tunnel via forward proxy unless Connection Timeout is explicitly configured

          • Low - Low priority issues
          • Closed
          is duplicated by

          KRAK-4013 Loading...

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              dowoc@atlassian.com Dawid Owoc
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: