newInbox hangs on ubuntu trusty after several iterations

[aldenpeterson-wf]

The following code:

package com.mvce;

import io.nats.client.Connection;
import io.nats.client.ConnectionFactory;

public class Main {
    public static void main(String [] args) throws Exception {
        ConnectionFactory cf = new ConnectionFactory();
        Connection conn = cf.createConnection();

        String s = "";
        long startingMs = System.currentTimeMillis();
        s = conn.newInbox();
        System.out.println("newInbox complete, took " + (System.currentTimeMillis() - startingMs) + " ms to complete");
        System.exit(0);
    }
}

run on ubuntu/trusty (via docker from OS:X) repeatedly begins taking 2+ minutes to execute newInbox. The first several executions do not take this amount of time - however subsequent attempts do. This is normally 2-5 total executions before the failure behavior begins occurring.

I was using the following scripts to test this:

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.mcve</groupId>
    <artifactId>mvce</artifactId>
    <version>0.0.0</version>

    <name>mvce</name>
    <properties>
        <java.version>1.8</java.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

    </properties>

    <dependencies>

        <dependency>
            <groupId>io.nats</groupId>
            <artifactId>jnats</artifactId>
            <version>0.4.1</version>
        </dependency>
    </dependencies>

</project>

Configuring the environment: setup_mvce_linux.sh

#!/usr/bin/env bash

wget -O gnatsd.zip https://github.com/nats-io/gnatsd/releases/download/v0.9.4/gnatsd-v0.9.4-linux-amd64.zip
unzip gnatsd.zip
mv gnatsd-v0.9.4-linux-amd64/gnatsd gnats
chmod 0755 gnats
./gnats -D &

mvn clean compile -U

Running the example: run_mvce.sh

#!/usr/bin/env bash

time mvn exec:java "-Dexec.mainClass=com.mvce.Main" -f="pom.xml"

mvce.zip

[wallyqs]

curious but wonder what happens if setting JAVA_OPTS to use something like java.security.egd=file:///dev/urandom ? Think in jnats we're using SHA1PRNG which can possibly block on some occasions afaik... maybe could try using NativePRNGNonBlocking too as well as an alternative if that is the case.

[mcqueary]

@wallyqs Great suggestion. As I was saying to @aldenpeterson-wf via Slack, I'm pretty sure it has to be something entropy pool-related on Linux, so we can definitely give that a shot.

[mcqueary]

@aldenpeterson-wf - Confirmed the behavior you observed on my local precise64 vagrant box.
@wallyqs - I passed -Djava.security.egd=file:///dev/urandom to Alden's mvce and that seemed to solve the problem. I will try integrating NativePRNGNonBlocking (i.e. SecureRandom.getInstanceStrong()) and see if this solves the problem overall.

[aldenpeterson-wf]

@mcqueary looks like that flag will get us past the issues we were running into as well.

[mcqueary]

I have no better solution than -Djava.security.egd=file:///dev/urandom, which seems to be the accepted answer. Closing this for now, and will add something to the README. More info here:

http://security.stackexchange.com/questions/14386/what-do-i-need-to-configure-to-make-sure-my-software-uses-dev-urandom