Hello all
One of my services is consume a security service which relays some calls to other services depending on the operation requested.
I will try to include all the code involved in the path because I am not yet experienced enough to rule anything out as “this is definitely not it” . Also keep in mind, this is mostly POC work to get used to the framework, so maybe some things are unnecessarily complicated.
One of the operations this security service is offering is like this:
ServiceCall<Source<ByteString, ?>, SignatureResponse> sign(String keyName);
The implementation is very simple, it simply relays it to a software signature service:
@Override
public ServiceCall<Source<ByteString, ?>, SignatureResponse> sign(String keyName) {
return req -> softwareSignatureService.sign(keyName).invoke(req);
}
The software signature service in return is forwarding it to a class in its module:
@Override
public ServiceCall<Source<ByteString, ?>, SignatureResponse> sign(String keyName) {
return req -> signatureService.sign(keyName, req);
}
The implementation of the signature operation:
public CompletionStage<SignatureResponse> sign(String keyName, Source<ByteString, ?> inputSource) {
logger.info("Got SIGN request for key {}", keyName);
Signature signature;
try {
PrivateKey key = keyRepository.getKeyByName(keyName);
signature = Signature.getInstance("SHA256withDSA");
signature.initSign(key, RANDOM);
} catch (GeneralSecurityException ex) {
return completedFuture(new SignatureResponse(false, ex.getLocalizedMessage(), null));
}
return inputSource
.map(ByteString::asByteBuffer)
.map(ByteBuffer::array)
.runForeach(signature::update, materializer)
.thenApply(done -> {
byte[] digest;
try {
digest = signature.sign();
} catch (GeneralSecurityException ex) {
return new SignatureResponse(false, ex.getLocalizedMessage(), null);
}
logger.debug("Finished signature: {} bytes", digest == null ? "null" : digest.length);
return new SignatureResponse(true, null, Base64.getEncoder().encodeToString(digest));
});
}
The initial call to the security service with the sign
operation is built from an Alpakka initiated stream:
private CompletionStage<Pair<FileCopyItemState, SignatureResponse>> signFile(FileCopyItemState item) {
logger.info("Calling signature service for file {}", item.getOutputPath());
return securityService.sign("mykey").invoke(FileIO.fromPath(item.getOutputPath()))
.thenApply(response -> new Pair<>(item, response));
}
For a simple file that is resulting in an issue:
2018-10-31T14:33:53.643Z [error] security-service [] - Exception in PathCallId{pathPattern='/sign/:keyName'}
io.netty.handler.codec.CorruptedFrameException: control frame with payload length > 125 octets
At first I assumed it has something to do with the size of the files, however the ‘control frame’ seems to indicate, that this is not related to the data size but an internal protocol issue in the websockets.
What could be the cause for this?
BR
Yanick