Major We hit issue with PasswordFactory on client side when WildflyElytronProvider is not used, because plain Security::getProviders is used in implementation.
Therefore I have checked whole Elytron codebase and these are occurences which are suspicious to me.
Suspicious occurences of Security::getProviders usage
./src/main/java/org/wildfly/security/password/PasswordFactory.java: return getInstance(algorithm, Security::getProviders); ./src/main/java/org/wildfly/security/credential/Credential.java: return verify(Security::getProviders, evidence); ./src/main/java/org/wildfly/security/credential/store/CredentialStore.java: return getInstance(algorithm, Security::getProviders); ./src/main/java/org/wildfly/security/sasl/digest/DigestClientFactory.java: providers = Security::getProviders; ./src/main/java/org/wildfly/security/sasl/scram/ScramSaslClientFactory.java: providers = Security::getProviders;
These are often classes which occures on server and client side at the same time. I understand on server side Security::getProviders is OK, because Elytron provider is registered globally by subsystem. But my understanding is this has to be changed to reflect client side as well. It means to be able to use providers from service loader mechanism as well.
Not sure occurences of Security::getProviders usage
./src/main/java/org/wildfly/security/sasl/util/SaslFactories.java: private static final SecurityProviderSaslClientFactory providerSaslClientFactory = new SecurityProviderSaslClientFactory(Security::getProviders);
Full list of Security::getProviders usage
[mchoma@localhost wildfly-elytron]$ grep -r "Security::getProviders" --include=*.java . ./src/main/java/org/wildfly/security/password/spec/BasicPasswordSpecEncoding.java: return encode(password, Security::getProviders); ./src/main/java/org/wildfly/security/password/PasswordFactory.java: return getInstance(algorithm, Security::getProviders); ./src/main/java/org/wildfly/security/ssl/SSLContextBuilder.java: * <li>The provider supplier defaults to {@link Security#getProviders() Security::getProviders}</li> ./src/main/java/org/wildfly/security/ssl/SSLContextBuilder.java: private Supplier<Provider[]> providerSupplier = Security::getProviders; ./src/main/java/org/wildfly/security/auth/realm/jdbc/JdbcSecurityRealmBuilder.java: private Supplier<Provider[]> providers = Security::getProviders; ./src/main/java/org/wildfly/security/auth/realm/KeyStoreBackedSecurityRealm.java: this(keyStore, Security::getProviders); ./src/main/java/org/wildfly/security/auth/realm/LegacyPropertiesSecurityRealm.java: private Supplier<Provider[]> providers = Security::getProviders; ./src/main/java/org/wildfly/security/auth/realm/ldap/LdapSecurityRealmBuilder.java: private Supplier<Provider[]> providers = Security::getProviders; ./src/main/java/org/wildfly/security/auth/realm/SimpleMapBackedSecurityRealm.java: this(rewriter, Security::getProviders); ./src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java: this.providerSupplier = ProviderUtil.aggregate(new ServiceLoaderSupplier<>(Provider.class, AuthenticationConfiguration.class.getClassLoader()), Security::getProviders); ./src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java: return providerSupplier == null ? Security::getProviders : providerSupplier; ./src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java: return useProviders(ProviderUtil.aggregate(new ServiceLoaderSupplier<>(Provider.class, AuthenticationConfiguration.class.getClassLoader()), Security::getProviders)); ./src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java: private static final Supplier<Provider[]> DEFAULT_PROVIDER_SUPPLIER = ProviderUtil.aggregate(new ServiceLoaderSupplier<>(Provider.class, ElytronXmlParser.class.getClassLoader()), Security::getProviders); ./src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java: providerSupplier = providerSupplier == null ? Security::getProviders : ProviderUtil.aggregate(providerSupplier, Security::getProviders); ./src/main/java/org/wildfly/security/credential/Credential.java: return verify(Security::getProviders, evidence); ./src/main/java/org/wildfly/security/credential/store/CredentialStore.java: return getInstance(algorithm, Security::getProviders); ./src/main/java/org/wildfly/security/http/util/SecurityProviderServerMechanismFactory.java: this(Security::getProviders); ./src/main/java/org/wildfly/security/http/impl/ServerMechanismFactoryImpl.java: providers = Security::getProviders; ./src/main/java/org/wildfly/security/sasl/util/SaslFactories.java: private static final SecurityProviderSaslClientFactory providerSaslClientFactory = new SecurityProviderSaslClientFactory(Security::getProviders); ./src/main/java/org/wildfly/security/sasl/util/SaslFactories.java: private static final SecurityProviderSaslServerFactory providerSaslServerFactory = new SecurityProviderSaslServerFactory(Security::getProviders); ./src/main/java/org/wildfly/security/sasl/util/SecurityProviderSaslClientFactory.java: this(Security::getProviders); ./src/main/java/org/wildfly/security/sasl/util/SecurityProviderSaslServerFactory.java: this(Security::getProviders); ./src/main/java/org/wildfly/security/sasl/otp/OTPSaslServerFactory.java: providers = Security::getProviders; ./src/main/java/org/wildfly/security/sasl/digest/DigestServerFactory.java: providers = Security::getProviders; ./src/main/java/org/wildfly/security/sasl/digest/DigestClientFactory.java: providers = Security::getProviders; ./src/main/java/org/wildfly/security/sasl/scram/ScramSaslServerFactory.java: providers = Security::getProviders; ./src/main/java/org/wildfly/security/sasl/scram/ScramSaslClientFactory.java: providers = Security::getProviders;
- relates to
-
JBEAP-11692 Elytron client configuration file throws ConfigXMLParseException when credential key-store-reference is used
-
- Closed
-
-
-
- Closed
-