Details
-
Bug
-
Resolution: Done
-
Critical
-
7.1.0.CR3
-
Workaround Exists
-
Description
Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider.
Security.addProvider(new WildFlyElytronProvider());
Specifying this in wildfly-config.xml doesn't help:
<providers>
<use-service-loader/>
</providers>
Example of wildfly-config.xml where I need this when using it with EJB client:
<configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <credentials> <key-store-reference key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-reference> </credentials> </configuration> </authentication-configurations> <key-stores> <key-store name="client-keystore" type="JKS"> <file name="${keystore.path:src/main/resources/client.keystore}"/> <key-store-clear-password password="abcdef"/> </key-store> <key-store name="client-truststore" type="JKS"> <file name="${truststore.path:src/main/resources/client.truststore}"/> </key-store> </key-stores> <ssl-contexts> <ssl-context name="client-ssl-context"> <trust-store key-store-name="client-truststore"/> <key-store-ssl-certificate key-store-name="client-keystore" alias="joe"> <key-store-clear-password password="abcdef"/> </key-store-ssl-certificate> </ssl-context> </ssl-contexts> <ssl-context-rules> <rule use-ssl-context="client-ssl-context"/> </ssl-context-rules> </authentication-client> </configuration>
Without installing the Elytron provider, the client will fail with this error:
Exception in thread "main" java.lang.ExceptionInInitializerError at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49) at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282) at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89) at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy2.hello(Unknown Source) at client.Client.main(Client.java:21) Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) ... 10 more Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87 at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214) at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175) at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) ... 12 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376) ... 24 more
Using credential-store-reference clear-text cause similar error.
There is example of clear passwords which works, so it will be problem of this specific elements:
<authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="default"/> </authentication-rules> <authentication-configurations> <configuration name="default"> <sasl-mechanism-selector selector="DIGEST-MD5"/> <set-user-name name="joe"/> <credentials> <clear-password password="joeIsAwesome2013!"/> </credentials> </configuration> </authentication-configurations> </authentication-client>
Attachments
Issue Links
- is cloned by
-
-
- Resolved
-
- is incorporated by
-
JBEAP-14210 (7.1.z) Upgrade Elytron from 1.1.8 to 1.1.9.Final
-
- Closed
-