How to know when both ends authenticated and it is safe to call method

asked 2015-08-10 03:46:57 -0700

jonitis gravatar image

updated 2015-08-11 13:36:26 -0700

Hello,

I have problem with application that is at the same time both AllJoyn provider and consumer. Each instance maintains the list of sessions to all other peers and should be able to make method calls. Something like mesh communication between nodes. Secure interfaces with ALLJOYN_SRP_LOGON auth mechanism are used.

  1. When BusListener::FoundAdvertisedName founds new instance of application it makes JoinSessionAsync() call to connect to peer.
  2. The next step would be to call some method(e.g. Test() ) on ProxyBusObject.

I get UnmarshalArgs failed: ER_BUS_NOT_AUTHORIZED after RequestCredentials() and successfull AuthenticationComplete() with ALLJOYN_SRP_LOGON authentication mechanism. All errors come from _Message::UnmarshalArgs(), when checking PeerState::IsAuthorized() for MESSAGE_METHOD_CALL or MESSAGE_ERROR. I've also seen PeerState::GetKey() to fail within UnmarshalArgs().

It makes me think that it is some kind of race condition when Peer authorization is still happening during the ProxyBusObject.MethodCall() for secure interface. There were also Debug asserts in _PeerState::UpdateHash() during org.alljoyn.Bus.Peer.Authentication.GenSessionKey(). When secure interfaces are disabled everything works as expected.

I've tried to make this work by explicitly calling SecureConnection(). Did not help. With SecureConnectionAsync() I get crashes in AllJoyn code where some uninitialized memory is accessed (address 0xffffffff).

I do not see what I am doing wrong.

  • Provided samples in alljoyn_core/samples/secure/ do the same things. They are simpler because they act only as consumer or as provider.
  • Also my program works as expected if it only connects to peer and does not make method call. Or only one instance is making call, instead each calling each other.
  • Without secure interfaces everything works, because authentication code is not involved.
  • Same problem with 15.04, 15.04a, and trunk build
  • I've tested with ALLJOYN_SRP_KEYX mechanism and there are no problems observed. Now that looks even more like bug! (Added 2015-08-10 15:33)

Is it safe to make method calls after AuthenticationComplete() event? Or there are some additional conditions? Why there is difference in behaviour between ALLJOYN_SRP_LOGON and ALLJOYN_SRP_KEYX?

I just want to get some feedback whether I am using AllJoyn in wrong way or it is bug.

Full c++11 source code of test application to recreate the behaviour. https://github.com/jonitis/ajmesh

Edit: 2015-08-11: Opened ticket: https://jira.allseenalliance.org/brow...

Please advise,

Dainis

edit retag flag offensive close merge delete

Comments

you might try on the core mailing list. https://lists.allseenalliance.org/mailman/listinfo/allseen-core

ry.jones ( 2015-08-10 12:16:44 -0700 )edit