Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AbortedException when decrypting dataKey #79

Closed
pbt31 opened this issue Oct 19, 2018 · 3 comments
Closed

AbortedException when decrypting dataKey #79

pbt31 opened this issue Oct 19, 2018 · 3 comments

Comments

@pbt31
Copy link

pbt31 commented Oct 19, 2018

Hi, i'm working on a Java 8 application hosted on Amazon and sometimes (not all the times) i'm getting the following exception when decrypting a secret:

com.amazonaws.AbortedException: 
	at com.amazonaws.internal.SdkFilterInputStream.abortIfNeeded(SdkFilterInputStream.java:53)
	at com.amazonaws.internal.SdkFilterInputStream.markSupported(SdkFilterInputStream.java:117)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1012)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
	at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:3202)
	at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:3178)
	at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:835)
	at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:810)
	at com.amazonaws.encryptionsdk.kms.KmsMasterKey.decryptDataKey(KmsMasterKey.java:171)
	at com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.decryptDataKey(KmsMasterKeyProvider.java:561)
	... 22 common frames omitted
Wrapped by: com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys
	at com.amazonaws.encryptionsdk.MasterKeyProvider.buildCannotDecryptDksException(MasterKeyProvider.java:106)
	at com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.decryptDataKey(KmsMasterKeyProvider.java:567)
	at com.amazonaws.encryptionsdk.multi.MultipleProviderFactory$MultiProvider.decryptDataKey(MultipleProviderFactory.java:150)
	... 21 common frames omitted
	Suppressed: com.amazonaws.AbortedException: 
		at com.amazonaws.internal.SdkFilterInputStream.abortIfNeeded(SdkFilterInputStream.java:53)
		at com.amazonaws.internal.SdkFilterInputStream.markSupported(SdkFilterInputStream.java:117)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1012)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
		at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
		at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:3202)
		at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:3178)
		at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:835)
		at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:810)
		at com.amazonaws.encryptionsdk.kms.KmsMasterKey.decryptDataKey(KmsMasterKey.java:171)
		at com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.decryptDataKey(KmsMasterKeyProvider.java:561)
		... 22 common frames omitted
	Suppressed: com.amazonaws.AbortedException: 
		at com.amazonaws.internal.SdkFilterInputStream.abortIfNeeded(SdkFilterInputStream.java:53)
		at com.amazonaws.internal.SdkFilterInputStream.markSupported(SdkFilterInputStream.java:117)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1012)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
		at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
		at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
		at com.amazonaws.services.kms.AWSKMSClient.doInvoke(AWSKMSClient.java:3202)
		at com.amazonaws.services.kms.AWSKMSClient.invoke(AWSKMSClient.java:3178)
		at com.amazonaws.services.kms.AWSKMSClient.executeDecrypt(AWSKMSClient.java:835)
		at com.amazonaws.services.kms.AWSKMSClient.decrypt(AWSKMSClient.java:810)
		at com.amazonaws.encryptionsdk.kms.KmsMasterKey.decryptDataKey(KmsMasterKey.java:171)
		at com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.decryptDataKey(KmsMasterKeyProvider.java:561)
		... 22 common frames omitted
Wrapped by: com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys
	at com.amazonaws.encryptionsdk.MasterKeyProvider.buildCannotDecryptDksException(MasterKeyProvider.java:106)
	at com.amazonaws.encryptionsdk.multi.MultipleProviderFactory$MultiProvider.decryptDataKey(MultipleProviderFactory.java:158)
	at com.amazonaws.encryptionsdk.DefaultCryptoMaterialsManager.decryptMaterials(DefaultCryptoMaterialsManager.java:108)
	at com.amazonaws.encryptionsdk.internal.DecryptionHandler.readHeaderFields(DecryptionHandler.java:455)
	at com.amazonaws.encryptionsdk.internal.DecryptionHandler.<init>(DecryptionHandler.java:96)
	at com.amazonaws.encryptionsdk.internal.DecryptionHandler.create(DecryptionHandler.java:185)
	at com.amazonaws.encryptionsdk.AwsCrypto.decryptData(AwsCrypto.java:380)
	at com.amazonaws.encryptionsdk.AwsCrypto.decryptData(AwsCrypto.java:357)
	at com.amazonaws.encryptionsdk.AwsCrypto.decryptString(AwsCrypto.java:430)
	at com.amazonaws.encryptionsdk.AwsCrypto.decryptString(AwsCrypto.java:412)
	at service.SecretsService.decryptConnectionSecret(SecretsService.java:158)

The secrets encrypted are of 255 chars max and we are using the version 1.3.5 of the SDK.
Looking into the stack trace it seems that we are getting a timeout on the AmazonHttpClient. If that its the case, is there a way to give this request more time though the encryption SDK or some environment variable?
@bdonlan
Copy link
Contributor

bdonlan commented Oct 22, 2018

It appears that the AWS SDK for Java throws AbortedException when the current thread is interrupted: https://github.com/aws/aws-sdk-java/blob/aaa0a6f506314d314a77774ddadd303cf6e4c354/aws-java-sdk-core/src/main/java/com/amazonaws/util/SdkRuntime.java

Thread interruption is unrelated to timeouts and would likely be coming from some other part of your application; we don't interrupt threads in the Encryption SDK itself.

@pbt31
Copy link
Author

pbt31 commented Oct 24, 2018
edited
Loading

Ok, i see. We were suspecting the scenario you mentioned also. Thanks for your response and the information about the Encryption SDK.

@pbt31
Copy link
Author

pbt31 commented Oct 26, 2018

You were right, this problem was related to some thread interruption on our side. Thanks.

@pbt31 pbt31 closed this as completed Oct 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bdonlan @pbt31