[jboss-jira] [JBoss JIRA] (ELY-1428) Elytron provider has to be installed manually for key-store-ssl-certificate

Martin Choma (JIRA) issues at jboss.org
Mon Oct 30 05:51:00 EDT 2017 

     [ https://issues.jboss.org/browse/ELY-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma updated ELY-1428:
------------------------------
    Summary: Elytron provider has to be installed manually for key-store-ssl-certificate  (was: Elytron provider has to be installed manually in some client scenarios)


> Elytron provider has to be installed manually for key-store-ssl-certificate
> ---------------------------------------------------------------------------
>
>                 Key: ELY-1428
>                 URL: https://issues.jboss.org/browse/ELY-1428
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Critical
>
> Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider.
> {noformat}
> Security.addProvider(new WildFlyElytronProvider());
> {noformat}
> Specifying this in {{wildfly-config.xml}} doesn't help:
> {noformat}
> <providers>
>             <use-service-loader/>
> </providers>
> {noformat}
> Example of {{wildfly-config.xml}} where I need this when using it with EJB client:
> {code:xml}
> <configuration>
>     <authentication-client xmlns="urn:elytron:1.0">
>         <authentication-rules>
>             <rule use-configuration="default"/>
>         </authentication-rules>
>         <authentication-configurations>
>             <configuration name="default">
>                 <credentials>
>                     <key-store-reference key-store-name="client-keystore" alias="joe">
>                         <key-store-clear-password password="abcdef"/>
>                     </key-store-reference>
>                 </credentials>
>             </configuration>
>         </authentication-configurations>
>         <key-stores>
>             <key-store name="client-keystore" type="JKS">
>                 <file name="${keystore.path:src/main/resources/client.keystore}"/>
>                 <key-store-clear-password password="abcdef"/>
>             </key-store>
>             <key-store name="client-truststore" type="JKS">
>                 <file name="${truststore.path:src/main/resources/client.truststore}"/>
>             </key-store>
>         </key-stores>
>         <ssl-contexts>
>             <ssl-context name="client-ssl-context">
>                 <trust-store key-store-name="client-truststore"/>
>                 <key-store-ssl-certificate key-store-name="client-keystore" alias="joe">
>                     <key-store-clear-password password="abcdef"/>
>                 </key-store-ssl-certificate>
>             </ssl-context>
>         </ssl-contexts>
>         <ssl-context-rules>
>             <rule use-ssl-context="client-ssl-context"/>
>         </ssl-context-rules>
>     </authentication-client>
> </configuration>
> {code}
> Without installing the Elytron provider, the client will fail with this error:
> {noformat}
> Exception in thread "main" java.lang.ExceptionInInitializerError
> 	at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
> 	at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
> 	at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
> 	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
> 	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
> 	at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
> 	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
> 	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
> 	at com.sun.proxy.$Proxy2.hello(Unknown Source)
> 	at client.Client.main(Client.java:21)
> Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
> 	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
> 	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
> 	... 10 more
> Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
> 	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
> 	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
> 	... 12 more
> Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear"
> 	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
> 	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
> 	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
> 	... 24 more
> {noformat}
> Using credential-store-reference clear-text cause similar error.
> There is example of clear passwords which works, so it will be problem of this specific elements:
> {code:xml}
> <authentication-client xmlns="urn:elytron:1.0">
>         <authentication-rules>
>             <rule use-configuration="default"/>
>         </authentication-rules>
>         <authentication-configurations>
>             <configuration name="default">
>                 <sasl-mechanism-selector selector="DIGEST-MD5"/>
>                 <set-user-name name="joe"/>
>                 <credentials>
>                     <clear-password password="joeIsAwesome2013!"/>
>                 </credentials>
>             </configuration>
>         </authentication-configurations>
>     </authentication-client>	
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list