Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11620

Elytron client configuration file throws ConfigXMLParseException when crypt-password is used

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Blocker Blocker
    • None
    • 7.1.0.ER1
    • Security
    • None

      When Elytron client configuration file includes configuration.authentication-client.authentication-configurations.configuration.credentials.crypt-password element then ConfigXMLParseException is thrown during parsing of configuration file. It seems it is caused by $ char in crypt value. It does not work even if this symbol is escaped.

      For following configuration file:

      <configuration>
          <authentication-client xmlns="urn:elytron:1.0">
              <authentication-rules>
                  <rule use-configuration="default"/>
              </authentication-rules>
              <authentication-configurations>
                  <configuration name="default">
                      <sasl-mechanism-selector selector="DIGEST-MD5"/>
                      <credentials>
                          <crypt-password crypt="$1$somesalt$W.KCTbPSiFDGffAGOjcBc."/>
                      </credentials>
                  </configuration>
              </authentication-configurations>
          </authentication-client>
      </configuration>
      

      following exception is thrown:

      org.wildfly.client.config.ConfigXMLParseException: CONF0020: Failed to parse expression value of attribute "crypt"
      	at org.wildfly.common.expression.Expression.invalidExpressionSyntax(Expression.java:659)
      	at org.wildfly.common.expression.Expression.parseString(Expression.java:509)
      	at org.wildfly.common.expression.Expression.compile(Expression.java:203)
      	at org.wildfly.common.expression.Expression.compile(Expression.java:183)
      	at org.wildfly.client.config.ConfigurationXMLStreamReader.getExpressionAttributeValue(ConfigurationXMLStreamReader.java:683)
      	at org.wildfly.client.config.ConfigurationXMLStreamReader.getAttributeValueResolved(ConfigurationXMLStreamReader.java:330)
      	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$requireSingleAttribute$44(ElytronXmlParser.java:2361)
      	at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2380)
      	at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2361)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseCryptPassword(ElytronXmlParser.java:1059)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseCredentialsType(ElytronXmlParser.java:951)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationType(ElytronXmlParser.java:714)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationsType(ElytronXmlParser.java:341)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:273)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:185)
      	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:164)
      	...
      

      It does not work even if dollar sign is escaped:

      <crypt-password crypt="\$1\$somesalt\$W.KCTbPSiFDGffAGOjcBc."/>
      

      Value of crypt was created in the same way as in UnixMD5CryptUtilTest [1].

      We request blocker flag since using hashed password is not possible in Elytron client configuration file which breaks feature in RFE EAP7-567 Client Side Security (Elytron Client).

      [1] https://github.com/wildfly-security/wildfly-elytron/blob/371c1334fde7527dedb626232260e6a3f5a988d3/src/test/java/org/wildfly/security/password/impl/UnixMD5CryptUtilTest.java#L69

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: