[
https://issues.redhat.com/browse/ELY-1428?page=com.atlassian.jira.plugin....
]
Sonia Zaldana updated ELY-1428:
-------------------------------
Description:
Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting
"Invalid algorithm "clear" without use of programatically registering
Elytron provider.
{noformat}
Security.addProvider(new WildFlyElytronProvider());
{noformat}
Specifying this in {{wildfly-config.xml}} doesn't help:
{noformat}
<providers>
<use-service-loader/>
</providers>
{noformat}
Example of {{wildfly-config.xml}} where I need this when using it with EJB client:
{code:xml}
<configuration>
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<credentials>
<key-store-reference key-store-name="client-keystore"
alias="joe">
<key-store-clear-password password="abcdef"/>
</key-store-reference>
</credentials>
</configuration>
</authentication-configurations>
<key-stores>
<key-store name="client-keystore" type="JKS">
<file
name="${keystore.path:src/main/resources/client.keystore}"/>
<key-store-clear-password password="abcdef"/>
</key-store>
<key-store name="client-truststore" type="JKS">
<file
name="${truststore.path:src/main/resources/client.truststore}"/>
</key-store>
</key-stores>
<ssl-contexts>
<ssl-context name="client-ssl-context">
<trust-store key-store-name="client-truststore"/>
<key-store-ssl-certificate key-store-name="client-keystore"
alias="joe">
<key-store-clear-password password="abcdef"/>
</key-store-ssl-certificate>
</ssl-context>
</ssl-contexts>
<ssl-context-rules>
<rule use-ssl-context="client-ssl-context"/>
</ssl-context-rules>
</authentication-client>
</configuration>
{code}
Without installing the Elytron provider, the client will fail with this error:
{noformat}
Exception in thread "main" java.lang.ExceptionInInitializerError
at
org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
at
org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
at
org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
at com.sun.proxy.$Proxy2.hello(Unknown Source)
at client.Client.main(Client.java:21)
Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException:
org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
at
file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
at java.security.AccessController.doPrivileged(Native Method)
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
... 10 more
Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load
keystore data
at
file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
... 12 more
Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm
"clear"
at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
... 24 more
{noformat}
Using credential-store-reference clear-text cause similar error.
There is example of clear passwords which works, so it will be problem of this specific
elements:
{code:xml}
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<sasl-mechanism-selector selector="DIGEST-MD5"/>
<set-user-name name="joe"/>
<credentials>
<clear-password password="joeIsAwesome2013!"/>
</credentials>
</configuration>
</authentication-configurations>
</authentication-client>
{code}
was:
Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting
"Invalid algorithm "clear" without use of programatically registering
Elytron provider.
{noformat}
Security.addProvider(new WildFlyElytronProvider());
{noformat}
Specifying this in {{wildfly-config.xml}} doesn't help:
{noformat}
<providers>
<use-service-loader/>
</providers>
{noformat}
Example of {{wildfly-config.xml}} where I need this when using it with EJB client:
{code:xml}
<configuration>
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<credentials>
<key-store-reference key-store-name="client-keystore"
alias="joe">
<key-store-clear-password password="abcdef"/>
</key-store-reference>
</credentials>
</configuration>
</authentication-configurations>
<key-stores>
<key-store name="client-keystore" type="JKS">
<file
name="${keystore.path:src/main/resources/client.keystore}"/>
<key-store-clear-password password="abcdef"/>
</key-store>
<key-store name="client-truststore" type="JKS">
<file
name="${truststore.path:src/main/resources/client.truststore}"/>
</key-store>
</key-stores>
<ssl-contexts>
<ssl-context name="client-ssl-context">
<trust-store key-store-name="client-truststore"/>
<key-store-ssl-certificate key-store-name="client-keystore"
alias="joe">
<key-store-clear-password password="abcdef"/>
</key-store-ssl-certificate>
</ssl-context>
</ssl-contexts>
<ssl-context-rules>
<rule use-ssl-context="client-ssl-context"/>
</ssl-context-rules>
</authentication-client>
</configuration>
{code}
Without installing the Elytron provider, the client will fail with this error:
{noformat}
Exception in thread "main" java.lang.ExceptionInInitializerError
at
org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
at
org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
at
org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
at com.sun.proxy.$Proxy2.hello(Unknown Source)
at client.Client.main(Client.java:21)
Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException:
org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
at
file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
at java.security.AccessController.doPrivileged(Native Method)
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
... 10 more
Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load
keystore data
at
file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
... 12 more
Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm
"clear"
at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
... 24 more
{noformat}
Using credential-store-reference clear-text cause similar error.
There is example of clear passwords which works, so it will be problem of this specific
elements:
{code:xml}
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<sasl-mechanism-selector selector="DIGEST-MD5"/>
<set-user-name name="joe"/>
<credentials>
<clear-password password="joeIsAwesome2013!"/>
</credentials>
</configuration>
</authentication-configurations>
</authentication-client>
{code}
The problem seems to be in PasswordFactory.getInstance() in KeyStoreCredentialStore where
we aren't setting the providers we have configured. Instead, it seems to use
INSTALLED_PROVIDERS which does not have the Elytron providers.
Elytron provider has to be installed manually for
key-store-ssl-certificate
---------------------------------------------------------------------------
Key: ELY-1428
URL:
https://issues.redhat.com/browse/ELY-1428
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Client
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Fix For: 1.1.9.Final, 1.2.0.Beta11
Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting
"Invalid algorithm "clear" without use of programatically registering
Elytron provider.
{noformat}
Security.addProvider(new WildFlyElytronProvider());
{noformat}
Specifying this in {{wildfly-config.xml}} doesn't help:
{noformat}
<providers>
<use-service-loader/>
</providers>
{noformat}
Example of {{wildfly-config.xml}} where I need this when using it with EJB client:
{code:xml}
<configuration>
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<credentials>
<key-store-reference key-store-name="client-keystore"
alias="joe">
<key-store-clear-password password="abcdef"/>
</key-store-reference>
</credentials>
</configuration>
</authentication-configurations>
<key-stores>
<key-store name="client-keystore" type="JKS">
<file
name="${keystore.path:src/main/resources/client.keystore}"/>
<key-store-clear-password password="abcdef"/>
</key-store>
<key-store name="client-truststore" type="JKS">
<file
name="${truststore.path:src/main/resources/client.truststore}"/>
</key-store>
</key-stores>
<ssl-contexts>
<ssl-context name="client-ssl-context">
<trust-store key-store-name="client-truststore"/>
<key-store-ssl-certificate key-store-name="client-keystore"
alias="joe">
<key-store-clear-password password="abcdef"/>
</key-store-ssl-certificate>
</ssl-context>
</ssl-contexts>
<ssl-context-rules>
<rule use-ssl-context="client-ssl-context"/>
</ssl-context-rules>
</authentication-client>
</configuration>
{code}
Without installing the Elytron provider, the client will fail with this error:
{noformat}
Exception in thread "main" java.lang.ExceptionInInitializerError
at
org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
at
org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
at
org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
at com.sun.proxy.$Proxy2.hello(Unknown Source)
at client.Client.main(Client.java:21)
Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException:
org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
at
file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
at java.security.AccessController.doPrivileged(Native Method)
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
... 10 more
Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load
keystore data
at
file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
at
org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
at
org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
... 12 more
Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm
"clear"
at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
at
org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
... 24 more
{noformat}
Using credential-store-reference clear-text cause similar error.
There is example of clear passwords which works, so it will be problem of this specific
elements:
{code:xml}
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<sasl-mechanism-selector selector="DIGEST-MD5"/>
<set-user-name name="joe"/>
<credentials>
<clear-password password="joeIsAwesome2013!"/>
</credentials>
</configuration>
</authentication-configurations>
</authentication-client>
{code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)