Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13648

(7.1.z) ELY-1428 - Elytron provider has to be installed manually for key-store-ssl-certificate

    Details

      Description

      Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider.

      Security.addProvider(new WildFlyElytronProvider());
      

      Specifying this in wildfly-config.xml doesn't help:

      <providers>
                  <use-service-loader/>
      </providers>
      

      Example of wildfly-config.xml where I need this when using it with EJB client:

      <configuration>
          <authentication-client xmlns="urn:elytron:1.0">
              <authentication-rules>
                  <rule use-configuration="default"/>
              </authentication-rules>
              <authentication-configurations>
                  <configuration name="default">
                      <credentials>
                          <key-store-reference key-store-name="client-keystore" alias="joe">
                              <key-store-clear-password password="abcdef"/>
                          </key-store-reference>
                      </credentials>
                  </configuration>
              </authentication-configurations>
              <key-stores>
                  <key-store name="client-keystore" type="JKS">
                      <file name="${keystore.path:src/main/resources/client.keystore}"/>
                      <key-store-clear-password password="abcdef"/>
                  </key-store>
                  <key-store name="client-truststore" type="JKS">
                      <file name="${truststore.path:src/main/resources/client.truststore}"/>
                  </key-store>
              </key-stores>
              <ssl-contexts>
                  <ssl-context name="client-ssl-context">
                      <trust-store key-store-name="client-truststore"/>
                      <key-store-ssl-certificate key-store-name="client-keystore" alias="joe">
                          <key-store-clear-password password="abcdef"/>
                      </key-store-ssl-certificate>
                  </ssl-context>
              </ssl-contexts>
              <ssl-context-rules>
                  <rule use-ssl-context="client-ssl-context"/>
              </ssl-context-rules>
          </authentication-client>
      </configuration>
      

      Without installing the Elytron provider, the client will fail with this error:

      Exception in thread "main" java.lang.ExceptionInInitializerError
      	at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
      	at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
      	at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
      	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
      	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
      	at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
      	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
      	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
      	at com.sun.proxy.$Proxy2.hello(Unknown Source)
      	at client.Client.main(Client.java:21)
      Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
      	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
      	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
      	... 10 more
      Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
      	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
      	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
      	... 12 more
      Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear"
      	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
      	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
      	... 24 more
      

      Using credential-store-reference clear-text cause similar error.

      There is example of clear passwords which works, so it will be problem of this specific elements:

      <authentication-client xmlns="urn:elytron:1.0">
              <authentication-rules>
                  <rule use-configuration="default"/>
              </authentication-rules>
              <authentication-configurations>
                  <configuration name="default">
                      <sasl-mechanism-selector selector="DIGEST-MD5"/>
                      <set-user-name name="joe"/>
                      <credentials>
                          <clear-password password="joeIsAwesome2013!"/>
                      </credentials>
                  </configuration>
              </authentication-configurations>
          </authentication-client>	
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  thofman Tomas Hofman
                  Reporter:
                  jmartisk Jan Martiska
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: