Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13648

(7.1.z) ELY-1428 - Elytron provider has to be installed manually for key-store-ssl-certificate

XMLWordPrintable

    • Workaround Exists
    • Hide

      Use this in the application

      Security.addProvider(new WildFlyElytronProvider());
      Show
      Use this in the application Security.addProvider(new WildFlyElytronProvider());

      Trying to configure ejb client 2-way TLS authentication with Elytron. I am getting "Invalid algorithm "clear" without use of programatically registering Elytron provider.

      Security.addProvider(new WildFlyElytronProvider());

      Specifying this in wildfly-config.xml doesn't help:

      <providers>
            <use-service-loader/>
</providers>

      Example of wildfly-config.xml where I need this when using it with EJB client:

      <configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="default"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="default">
                <credentials>
                    <key-store-reference key-store-name="client-keystore" alias="joe">
                        <key-store-clear-password password="abcdef"/>
                    </key-store-reference>
                </credentials>
            </configuration>
        </authentication-configurations>
        <key-stores>
            <key-store name="client-keystore" type="JKS">
                <file name="${keystore.path:src/main/resources/client.keystore}"/>
                <key-store-clear-password password="abcdef"/>
            </key-store>
            <key-store name="client-truststore" type="JKS">
                <file name="${truststore.path:src/main/resources/client.truststore}"/>
            </key-store>
        </key-stores>
        <ssl-contexts>
            <ssl-context name="client-ssl-context">
                <trust-store key-store-name="client-truststore"/>
                <key-store-ssl-certificate key-store-name="client-keystore" alias="joe">
                    <key-store-clear-password password="abcdef"/>
                </key-store-ssl-certificate>
            </ssl-context>
        </ssl-contexts>
        <ssl-context-rules>
            <rule use-ssl-context="client-ssl-context"/>
        </ssl-context-rules>
    </authentication-client>
</configuration>

      Without installing the Elytron provider, the client will fail with this error:

      Exception in thread "main" java.lang.ExceptionInInitializerError
	at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
	at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
	at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:89)
	at org.wildfly.naming.client.ProviderEnvironment$1.get(ProviderEnvironment.java:87)
	at org.jboss.ejb.client.EJBClientInvocationContext.<init>(EJBClientInvocationContext.java:87)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:154)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
	at com.sun.proxy.$Proxy2.hello(Unknown Source)
	at client.Client.main(Client.java:21)
Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
	... 10 more
Caused by: org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data
	at file:/home/jmartisk/Workspace/mock-artifacts/ejbclient/eap7.1-elytron-certificate-auth-with-two-way-ssl/client/target/classes/META-INF/wildfly-config.xml:9:87
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1410)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$28(ElytronXmlParser.java:952)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$36(ElytronXmlParser.java:997)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$21(ElytronXmlParser.java:733)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$26(ElytronXmlParser.java:939)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$25(ElytronXmlParser.java:781)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$10(ElytronXmlParser.java:613)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$11(ElytronXmlParser.java:639)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:337)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:214)
	at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:175)
	at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38)
	... 12 more
Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear"
	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121)
	at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75)
	at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$44(ElytronXmlParser.java:1376)
	... 24 more

      Using credential-store-reference clear-text cause similar error.

      There is example of clear passwords which works, so it will be problem of this specific elements:

      <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="default"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="default">
                <sasl-mechanism-selector selector="DIGEST-MD5"/>
                <set-user-name name="joe"/>
                <credentials>
                    <clear-password password="joeIsAwesome2013!"/>
                </credentials>
            </configuration>
        </authentication-configurations>
    </authentication-client>

              thofman Tomas Hofman
              jmartisk@redhat.com Jan Martiska
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: