Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1428

Elytron provider has to be installed manually for key-store-ssl-certificate

XMLWordPrintable

      Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider.

      Security.addProvider(new WildFlyElytronProvider());
      

      Specifying this in wildfly-config.xml doesn't help:

      <providers>
                  <use-service-loader/>
      </providers>
      

      Example of wildfly-config.xml where I need this when using it with EJB client:

      <configuration>
          <authentication-client xmlns="urn:elytron:1.0">
              <authentication-rules>
                  <rule use-configuration="default"/>
              </authentication-rules>
              <authentication-configurations>
                  <configuration name="default">
                      <credentials>
                          <key-store-reference key-store-name="client-keystore" alias="joe">
                              <key-store-clear-password password="abcdef"/>
                          </key-store-reference>
                      </credentials>
                  </configuration>
              </authentication-configurations>
              <key-stores>
                  <key-store name="client-keystore" type="JKS">
                      <file name="${keystore.path:src/main/resources/client.keystore}"/>
                      <key-store-clear-password password="abcdef"/>
                  </key-store>
                  <key-store name="client-truststore" type="JKS">
                      <file name="${truststore.path:src/main/resources/client.truststore}"/>
                  </key-store>
              </key-stores>
              <ssl-contexts>
                  <ssl-context name="client-ssl-context">
                      <trust-store key-store-name="client-truststore"/>
                      <key-store-ssl-certificate key-store-name="client-keystore" alias="joe">
                          <key-store-clear-password password="abcdef"/>
                      </key-store-ssl-certificate>
                  </ssl-context>
              </ssl-contexts>
              <ssl-context-rules>
                  <rule use-ssl-context="client-ssl-context"/>
              </ssl-context-rules>
          </authentication-client>
      </configuration>
      

      Without installing the Elytron provider, the client will fail with this error:

      Exception in thread "main" java.lang.ExceptionInInitializerError
      	at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
      	at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
      	at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
      	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
      	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
      	at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
      	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
      	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
      	at com.sun.proxy.$Proxy2.hello(Unknown Source)
      	at client.Client.main(Client.java:21)
      Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
      	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
      	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
      	... 10 more
      Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
      	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
      	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
      	... 12 more
      Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear"
      	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
      	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
      	... 24 more
      

      Using credential-store-reference clear-text cause similar error.

      There is example of clear passwords which works, so it will be problem of this specific elements:

      <authentication-client xmlns="urn:elytron:1.0">
              <authentication-rules>
                  <rule use-configuration="default"/>
              </authentication-rules>
              <authentication-configurations>
                  <configuration name="default">
                      <sasl-mechanism-selector selector="DIGEST-MD5"/>
                      <set-user-name name="joe"/>
                      <credentials>
                          <clear-password password="joeIsAwesome2013!"/>
                      </credentials>
                  </configuration>
              </authentication-configurations>
          </authentication-client>	
      

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: