[ https://issues.redhat.com/browse/ELY-1428?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1428: ------------------------------- Description: Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. {noformat} Security.addProvider(new WildFlyElytronProvider()); {noformat} Specifying this in {{wildfly-config.xml}} doesn't help: {noformat} <providers> <use-service-loader/> </providers> {noformat} Example of {{wildfly-config.xml}} where I need this when using it with EJB client: {code:xml} <configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <credentials> <key-store-reference key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-reference> </credentials> </configuration> </authentication-configurations> <key-stores> <key-store name="client-keystore" type="JKS"> <file name="${keystore.path:src/main/resources/client.keystore}"/> <key-store-clear-password password="abcdef"/> </key-store> <key-store name="client-truststore" type="JKS"> <file name="${truststore.path:src/main/resources/client.truststore}"/> </key-store> </key-stores> <ssl-contexts> <ssl-context name="client-ssl-context"> <trust-store key-store-name="client-truststore"/> <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-ssl-certificate> </ssl-context> </ssl-contexts> <ssl-context-rules> <rule use-ssl-context="client-ssl-context"/> </ssl-context-rules> </authentication-client> </configuration> {code} Without installing the Elytron provider, the client will fail with this error: {noformat} Exception in thread "main" java.lang.ExceptionInInitializerError at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:21) Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) ... 10 more Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) ... 12 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) ... 24 more {noformat} Using credential-store-reference clear-text cause similar error. There is example of clear passwords which works, so it will be problem of this specific elements: {code:xml} <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <set-user-name name="joe"/> <credentials> <clear-password password="joeIsAwesome2013!"/> </credentials> </configuration> </authentication-configurations> </authentication-client> {code} The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where we aren't setting the providers we have configured. Instead, it seems to use INSTALLED_PROVIDERS which does not have the Elytron providers. was: Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider. {noformat} Security.addProvider(new WildFlyElytronProvider()); {noformat} Specifying this in {{wildfly-config.xml}} doesn't help: {noformat} <providers> <use-service-loader/> </providers> {noformat} Example of {{wildfly-config.xml}} where I need this when using it with EJB client: {code:xml} <configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <credentials> <key-store-reference key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-reference> </credentials> </configuration> </authentication-configurations> <key-stores> <key-store name="client-keystore" type="JKS"> <file name="${keystore.path:src/main/resources/client.keystore}"/> <key-store-clear-password password="abcdef"/> </key-store> <key-store name="client-truststore" type="JKS"> <file name="${truststore.path:src/main/resources/client.truststore}"/> </key-store> </key-stores> <ssl-contexts> <ssl-context name="client-ssl-context"> <trust-store key-store-name="client-truststore"/> <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-ssl-certificate> </ssl-context> </ssl-contexts> <ssl-context-rules> <rule use-ssl-context="client-ssl-context"/> </ssl-context-rules> </authentication-client> </configuration> {code} Without installing the Elytron provider, the client will fail with this error: {noformat} Exception in thread "main" java.lang.ExceptionInInitializerError at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:21) Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) ... 10 more Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) ... 12 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) ... 24 more {noformat} Using credential-store-reference clear-text cause similar error. There is example of clear passwords which works, so it will be problem of this specific elements: {code:xml} <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <set-user-name name="joe"/> <credentials> <clear-password password="joeIsAwesome2013!"/> </credentials> </configuration> </authentication-configurations> </authentication-client> {code} -- This message was sent by Atlassian Jira (v7.13.8#713008)