You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Shannon brought up the old development system and we confirmed my tests still worked there on the old version.
Upgrading that system to the latest software resulted as expected in a failure, as we embed the cloudhsm-1.1.1.jar artifact and it is no longer compatible.
I have uploaded the cloudhsm-3.1.1.jar to my Nexus; re-testing my hsm-playground project with that version brings things back to working with no apparent issues. Summary of outout:
Got key 85: com.cavium.key.CaviumRSAPrivateKey@55
signature time (millis): 2433
per iteration: 24.33
I don't seem to have saved off results from this from the previous version, but that doesn't seem unreasonable.
Updated my hsm-playground project to verify that this fixes the issue on the new system.
Updated the inc-mda-cloudhsm project likewise, version 1.1.0, and uploaded that to Nexus
Unpacked the resulting .zip into tools/inc-mda-cloudhsm.
Tested using the ant inc.mdq.generate.cloudhsm target.
This seems to work, in that a full set of per-entity files are generated using key 85. I will note that the spurious errors we observed in production before are still there, so the Cavium drivers are still using the log-and-throw anti-pattern. It's possible that the message generated will be different than it was before, so any filtering that was being done may need to be revised:
[java] 10:15:26.745 [main] ERROR CaviumRSAPrivateKey - Catching
[java] com.cavium.cfm2.CFM2Exception: A call to the API getRSAPrivateKeyComponents for size failed with error code ffffffff : Error: new error from underlying FW/SW, might need to upgrade to new SW to decode
...
I'm still at a bit of a loss to explain why these log lines don't appear in my hsm-playground test, which is running the same software. It may be something to do with Maven's default logging settings, which in turn might mean that there was a route to suppressing them explicitly. That's something to investigate in a new ticket, though.
This will of course all need to be verified in an upgraded clone of the production system. Nevertheless I will close this as done and if the user acceptance test fails then we can open another issue at that point.
AWS have notified us that we need to update the client libraries for use with the HSM.
We are currently using version 1.1.1 of the respective artifact, we need to move to a minimum of version 3.1 before August 30, 2020.
The text was updated successfully, but these errors were encountered: