From d6b6dc4bd5f1d5af9b39c7e58fad77d2064128ca Mon Sep 17 00:00:00 2001 From: keshav kumar Date: Mon, 24 Apr 2023 14:52:10 +0530 Subject: [PATCH 01/75] [ELY-2548] BasicAuthenticationMechanism should return FORBIDDEN instead of UNAUTHORIZED --- .../http/basic/BasicAuthenticationMechanism.java | 3 ++- .../http/basic/BasicAuthenticationMechanismTest.java | 11 +++++++++++ .../security/http/impl/AbstractBaseHttpTest.java | 5 ++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/http/basic/src/main/java/org/wildfly/security/http/basic/BasicAuthenticationMechanism.java b/http/basic/src/main/java/org/wildfly/security/http/basic/BasicAuthenticationMechanism.java index be1ce0e9688..25dc84b08ae 100644 --- a/http/basic/src/main/java/org/wildfly/security/http/basic/BasicAuthenticationMechanism.java +++ b/http/basic/src/main/java/org/wildfly/security/http/basic/BasicAuthenticationMechanism.java @@ -42,6 +42,7 @@ import org.wildfly.common.iteration.ByteIterator; import org.wildfly.security.auth.callback.AvailableRealmsCallback; import org.wildfly.security.http.HttpAuthenticationException; +import org.wildfly.security.http.HttpConstants; import org.wildfly.security.http.HttpServerRequest; import org.wildfly.security.http.HttpServerResponse; import org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism; @@ -170,7 +171,7 @@ public void evaluateRequest(final HttpServerRequest request) throws HttpAuthenti httpBasic.debugf("User %s authorization failed.", username); fail(); - request.authenticationFailed(httpBasic.authorizationFailed(username), response -> prepareResponse(request, displayRealmName, response)); + request.authenticationFailed(httpBasic.authorizationFailed(username), response -> response.setStatusCode(HttpConstants.FORBIDDEN)); return; } diff --git a/tests/base/src/test/java/org/wildfly/security/http/basic/BasicAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/basic/BasicAuthenticationMechanismTest.java index 3bcea70c47c..b3e00b3ea09 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/basic/BasicAuthenticationMechanismTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/basic/BasicAuthenticationMechanismTest.java @@ -99,4 +99,15 @@ public void testStatefulBasicRFC7617Examples() throws Exception { testStatefulBasic("Aladdin", "WallyWorld", "open sesame", "basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="); testStatefulBasic("test", "foo", "123\u00A3", "BASIC dGVzdDoxMjPCow=="); } + + @Test + public void testBasicUnauthorizedUser() throws Exception { + HttpServerAuthenticationMechanism mechanism = basicFactory.createAuthenticationMechanism(HttpConstants.BASIC_NAME, + Collections.singletonMap(HttpConstants.CONFIG_REALM, "test-realm"), getCallbackHandler("unauthorizedUser", "test-realm", "password")); + TestingHttpServerRequest request = new TestingHttpServerRequest(new String[] {"Basic dW5hdXRob3JpemVkVXNlcjpwYXNzd29yZA=="}); + mechanism.evaluateRequest(request); + Assert.assertEquals(Status.FAILED, request.getResult()); + TestingHttpServerResponse response = request.getResponse(); + Assert.assertEquals(HttpConstants.FORBIDDEN, response.getStatusCode()); + } } diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java index 52c7bde6181..392ee2f7fe1 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java @@ -471,7 +471,10 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri Assert.assertNotNull(clearPwdCredential); Assert.assertArrayEquals(password.toCharArray(), clearPwdCredential.getPassword()); } else if (callback instanceof AuthorizeCallback) { - if(username.equals(((AuthorizeCallback) callback).getAuthenticationID()) && + if(username.equalsIgnoreCase("unauthorizedUser")){ + ((AuthorizeCallback) callback).setAuthorized(false); + } + else if(username.equals(((AuthorizeCallback) callback).getAuthenticationID()) && username.equals(((AuthorizeCallback) callback).getAuthorizationID())) { ((AuthorizeCallback) callback).setAuthorized(true); } else { From 7242ebe048d4b5bbe114dd61db3a10b4d4fe2d74 Mon Sep 17 00:00:00 2001 From: lvydra Date: Fri, 9 Jun 2023 14:51:44 +0200 Subject: [PATCH 02/75] [ELY-2547] Add Elytron Tool option to overwrite CLI script --- .../org/wildfly/security/tool/Command.java | 1 + .../security/tool/ElytronToolMessages.java | 3 + .../tool/FileSystemEncryptRealmCommand.java | 45 +++++++--- .../tool/FileSystemRealmIntegrityCommand.java | 42 ++++++--- .../FileSystemEncryptRealmCommandTest.java | 50 +++++++++++ .../FileSystemRealmIntegrityCommandTest.java | 86 +++++++++++++++++++ .../fsRealmAl/a/l/alice-MFWGSY3F.xml | 8 ++ 7 files changed, 215 insertions(+), 20 deletions(-) create mode 100644 tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml diff --git a/tool/src/main/java/org/wildfly/security/tool/Command.java b/tool/src/main/java/org/wildfly/security/tool/Command.java index 4b29a26b881..4f06b917fe7 100644 --- a/tool/src/main/java/org/wildfly/security/tool/Command.java +++ b/tool/src/main/java/org/wildfly/security/tool/Command.java @@ -498,6 +498,7 @@ class Params { static final String SILENT_PARAM = "silent"; static final String STORE_LOCATION_PARAM = "location"; static final String SUMMARY_PARAM = "summary"; + static final String OVERWRITE_SCRIPT_FILE = "overwrite-script-file"; // Other constants static final Pattern BOOLEAN_ARG_REGEX = Pattern.compile("(true|false)", Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE); diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java index 6a023c4f1d2..a2642533d51 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java @@ -589,6 +589,9 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Provides a detailed summary of all operations performed, once the command finishes.") String cmdFileSystemRealmSummaryDesc(); + @Message(id = NONE, value = "Whether the cli script file will be overwritten, if attempting to write to an existing file.") + String cmdFileSystemRealmOverwriteCliScriptFileDesc(); + @Message(id = NONE, value = "No users file specified. Please use either --bulk-convert or specify a users file using --users-file ") MissingOptionException missingUsersFile(); diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java index c5e858827a4..e568fcfc7a9 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java @@ -17,6 +17,7 @@ */ package org.wildfly.security.tool; +import static org.wildfly.security.tool.Params.BOOLEAN_PARAM; import static org.wildfly.security.tool.Params.BULK_CONVERT_PARAM; import static org.wildfly.security.tool.Params.CREATE_CREDENTIAL_STORE_PARAM; import static org.wildfly.security.tool.Params.CREDENTIAL_STORE_LOCATION_PARAM; @@ -38,6 +39,7 @@ import static org.wildfly.security.tool.Params.LINE_SEPARATOR; import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; +import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -173,6 +175,10 @@ class FileSystemEncryptRealmCommand extends Command { option.setArgName(FILE_PARAM); options.addOption(option); + option = new Option("w", OVERWRITE_SCRIPT_FILE, true, ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()); + option.setArgName(BOOLEAN_PARAM); + options.addOption(option); + option = Option.builder().longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()).build(); options.addOption(option); @@ -205,6 +211,7 @@ private static final class Descriptor { private Boolean encoded; private Boolean createCredentialStore; private Boolean populate; + private Boolean overwriteScriptFile; Descriptor() { } @@ -227,6 +234,7 @@ private static final class Descriptor { this.createCredentialStore = descriptor.createCredentialStore; this.secretKeyAlias = descriptor.secretKeyAlias; this.populate = descriptor.populate; + this.overwriteScriptFile = descriptor.overwriteScriptFile; } public Encoding getHashEncoding() { @@ -359,6 +367,14 @@ void setKeyPairAlias(String keyPairAlias) { this.keyPairAlias = keyPairAlias; } + public Boolean getOverwriteScriptFile() { + return overwriteScriptFile; + } + + public void setOverwriteScriptFile(Boolean overwriteScriptFile) { + this.overwriteScriptFile = overwriteScriptFile; + } + void reset() { this.inputRealmLocation = null; this.outputRealmLocation = null; @@ -376,6 +392,7 @@ void reset() { this.encoded = null; this.levels = null; this.populate = null; + this.overwriteScriptFile = null; } } @@ -421,6 +438,7 @@ public void execute(String[] args) throws Exception { String encodedOption = cmdLine.getOptionValue("f"); String bulkConvert = cmdLine.getOptionValue("b"); String populateOption = cmdLine.getOptionValue("p"); + String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvert == null) { if (realmNameOption == null) { @@ -470,6 +488,9 @@ public void execute(String[] args) throws Exception { } else { descriptor.setPopulate(Boolean.valueOf(populateOption)); } + if (overwriteScriptFileOption != null) { + descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); + } if (levelsOption == null) { descriptor.setLevels(DEFAULT_LEVELS); @@ -923,6 +944,7 @@ private void createWildFlyScript() throws Exception { String keyStoreType = descriptor.getKeyStoreType(); char[] password = descriptor.getPassword(); String keyPairAlias = descriptor.getKeyPairAlias(); + Boolean overwriteScript = descriptor.getOverwriteScriptFile(); if (hashCharset == null) { hashCharset = StandardCharsets.UTF_8; @@ -937,17 +959,20 @@ private void createWildFlyScript() throws Exception { Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmLocation, fileSystemRealmName)); - if (scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + if (overwriteScript == null) { + if (scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + } + + overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); } - boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { // Generate a random file for the CLI script do { scriptPath = Paths.get(String.format("%s/%s.cli", @@ -1001,7 +1026,7 @@ private void createWildFlyScript() throws Exception { if (overwriteScript) { // Create a new script file, or overwrite the existing one Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); } else { - Files.write(scriptPath, scriptLines, StandardOpenOption.APPEND); + Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE); } counter++; } diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java index 176b824dfd1..9bf69bf19c9 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java @@ -39,6 +39,7 @@ import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.NUMBER_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; +import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -157,6 +158,9 @@ public class FileSystemRealmIntegrityCommand extends Command { options.addOption(Option.builder("b").longOpt(BULK_CONVERT_PARAM).desc(ElytronToolMessages.msg.cmdFileSystemRealmIntegrityBulkConvertDesc()) .hasArg().argName(FILE_PARAM) .build()); + options.addOption(Option.builder("w").longOpt(OVERWRITE_SCRIPT_FILE).desc(ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()) + .hasArg().argName(BOOLEAN_PARAM) + .build()); // General options options.addOption(Option.builder("h").longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()) @@ -185,6 +189,7 @@ private static final class Descriptor { private Encoding hashEncoding; private Charset hashCharset; private Boolean encoded; + private Boolean overwriteScriptFile; private Boolean upgradeInPlace; private Boolean missingRequiredValue; @@ -212,6 +217,7 @@ private static final class Descriptor { this.hashEncoding = descriptor.hashEncoding; this.hashCharset = descriptor.hashCharset; this.encoded = descriptor.encoded; + this.overwriteScriptFile = descriptor.overwriteScriptFile; this.upgradeInPlace = descriptor.upgradeInPlace; this.missingRequiredValue = descriptor.missingRequiredValue; @@ -322,6 +328,9 @@ public Boolean getMissingRequiredValue() { public Boolean getRealmUpgraded() { return realmUpgraded; } + public Boolean getOverwriteScriptFile() { + return overwriteScriptFile; + } public void setInputRealmPath(String inputRealmPath) { setInputRealmPath(Paths.get(inputRealmPath).normalize().toAbsolutePath()); @@ -410,6 +419,9 @@ public void setMissingRequiredValue() { public void setRealmUpgraded() { this.realmUpgraded = true; } + public void setOverwriteScriptFile(Boolean overwriteScriptFile) { + this.overwriteScriptFile = overwriteScriptFile; + } void reset(boolean resetMissingValues) { // Required values are set to null if contents are null, or equal "MISSING" @@ -428,6 +440,7 @@ void reset(boolean resetMissingValues) { hashEncoding = null; hashCharset = null; encoded = null; + overwriteScriptFile = null; upgradeInPlace = false; realmUpgraded = false; @@ -476,6 +489,7 @@ public void execute(String[] args) throws Exception { String hashCharsetOption = cmdLine.getOptionValue("u"); String encodedOption = cmdLine.getOptionValue("f"); String bulkConvertOption = cmdLine.getOptionValue("b"); + String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvertOption == null) { if (summaryMode) { @@ -574,6 +588,10 @@ public void execute(String[] args) throws Exception { descriptor.setEncoded(Boolean.parseBoolean(encodedOption)); } + if (overwriteScriptFileOption != null) { + descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); + } + descriptors.add(descriptor); findMissingRequiredValuesAndSetValues(0, descriptor); } else if (nonBulkConvertOptionSet(inputRealmPathOption, outputRealmPathOption, realmNameOption, keyStorePathOption, @@ -950,22 +968,26 @@ private void createWildFlyScript() throws Exception { String fileSystemRealmName = descriptor.getFileSystemRealmName(); Path outputRealmPath = descriptor.getOutputRealmPath(); boolean upgradeInPlace = descriptor.getUpgradeInPlace(); + Boolean overwriteScript = descriptor.getOverwriteScriptFile(); String createScriptCheck = ""; Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmPath, fileSystemRealmName)); - // Ask to overwrite CLI script, if already exists - if(scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + if (overwriteScript == null) { + // Ask to overwrite CLI script, if already exists + if(scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + } + + overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); } - boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { do { scriptPath = Paths.get(String.format("%s/%s.cli", diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java index 6f698df14ff..98854e8b7fd 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java @@ -17,6 +17,8 @@ */ package org.wildfly.security.tool; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.ELYTRON_KS_PASS_PROVIDERS; @@ -62,6 +64,12 @@ private void runCommand(String inputLocation, String outputLocation, String file executeCommandAndCheckStatus(requiredArgs, expectedStatus); } + private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, String encoded, boolean create, int expectedStatus, boolean overwriteScriptFile) { + String[] requiredArgs; + requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH, "--overwrite-script-file", String.valueOf(overwriteScriptFile)}; + executeCommandAndCheckStatus(requiredArgs, expectedStatus); + } + private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, int levels, String encoded, boolean create, int expectedStatus) { String[] requiredArgs; requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--levels", String.valueOf(levels), "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH}; @@ -155,6 +163,48 @@ public void testSingleUser() throws Exception { } } + @Test + public void testOverwritingScriptFileTrue() throws Exception { + String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; + String fileSystemRealmName = "overwrite-script-true"; + String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-true.cli"; + + String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); + + assertTrue(fileExists(file)); + File scriptFile = new File(file); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, true); + + Long modifiedAfter = scriptFile.lastModified(); + + assertNotEquals(modifiedBefore, modifiedAfter); + } + + @Test + public void testOverwritingScriptFileFalse() throws Exception { + String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; + String fileSystemRealmName = "overwrite-script-false"; + String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-false.cli"; + + String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); + + assertTrue(fileExists(file)); + File scriptFile = new File(file); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, false); + + Long modifiedAfter = scriptFile.lastModified(); + + assertEquals(modifiedBefore, modifiedAfter); + } + @Test public void testSingleUserMissingParam() throws Exception { String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java index 2d134d31d7f..7db8da89604 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java @@ -17,6 +17,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.GENERAL_CONFIGURATION_ERROR; @@ -36,6 +37,7 @@ import static org.wildfly.security.tool.Params.KEY_PAIR_ALIAS_PARAM; import static org.wildfly.security.tool.Params.LEVELS_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; +import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -116,6 +118,90 @@ public void testSingleUserRealmWithJCEKS() throws IOException { validateScript(params, FS_REALM_SIGNED_PATH.resolve(realmName + ".cli")); } + @Test + public void testScriptFileOverwriteFalse() throws IOException { + String realmName = "scriptOverwriteFalse"; + Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); + String keyStoreType = "JCEKS"; + String keyPairAlias = "curveKeyPair"; + + Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); + String[] firstRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD + }; + + runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); + + File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); + String[] secondRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, + "--" + OVERWRITE_SCRIPT_FILE, "false" + }; + + runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); + + Long modifiedAfter = scriptFile.lastModified(); + + assertEquals(modifiedBefore, modifiedAfter); + } + + @Test + public void testScriptFileOverwriteTrue() throws IOException { + String realmName = "scriptOverwriteTrue"; + Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); + String keyStoreType = "JCEKS"; + String keyPairAlias = "curveKeyPair"; + + Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); + String[] firstRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD + }; + + runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); + + File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); + String[] secondRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, + "--" + OVERWRITE_SCRIPT_FILE, "true" + }; + + runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); + + Long modifiedAfter = scriptFile.lastModified(); + + assertNotEquals(modifiedBefore, modifiedAfter); + } + @Test public void testMultiUserRealmWithSummary() throws IOException { String realmName = "fsRealmMultiUser"; diff --git a/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml b/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml new file mode 100644 index 00000000000..3e94e6776f9 --- /dev/null +++ b/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file From 3815d3baf1c68bd69a8b54b9dd9a1e86d8eb9e34 Mon Sep 17 00:00:00 2001 From: petrberan Date: Tue, 17 Jan 2023 19:40:51 +0100 Subject: [PATCH 03/75] [ELY-489] Add JavaDoc for the 'org.wildfly.security.mechanism' package and sub packages --- .../AuthenticationMechanismException.java | 8 ++ .../security/mechanism/MechanismUtil.java | 2 + .../mechanism/ScramServerErrorCode.java | 18 ++++ .../mechanism/ScramServerException.java | 5 ++ .../mechanism/_private/MechanismUtil.java | 2 + .../mechanism/digest/DigestQuote.java | 18 +++- .../security/mechanism/digest/DigestUtil.java | 51 +++++++++-- .../digest/PasswordDigestObtainer.java | 50 ++++++++++- .../gssapi/GSSCredentialSecurityFactory.java | 71 ++++++++++++++- ...ernamePasswordAuthenticationMechanism.java | 32 ++++++- .../mechanism/oauth2/OAuth2Client.java | 24 ++++- .../oauth2/OAuth2InitialClientMessage.java | 29 ++++++ .../mechanism/oauth2/OAuth2Server.java | 37 +++++++- .../security/mechanism/scram/ScramClient.java | 81 +++++++++++++++++ .../scram/ScramFinalClientMessage.java | 57 ++++++++++++ .../scram/ScramFinalServerMessage.java | 28 ++++++ .../scram/ScramInitialClientMessage.java | 90 +++++++++++++++++++ .../scram/ScramInitialServerMessage.java | 56 ++++++++++++ .../scram/ScramInitialServerResult.java | 18 ++++ .../mechanism/scram/ScramMechanism.java | 57 +++++++++++- .../security/mechanism/scram/ScramServer.java | 70 +++++++++++++++ .../security/mechanism/scram/ScramUtil.java | 23 +++++ 22 files changed, 807 insertions(+), 20 deletions(-) diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java index 525fd9fdba3..e5a82cb2d03 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java @@ -102,6 +102,14 @@ public static AuthenticationMechanismException fromException(final Exception sou return copyContents(source, new AuthenticationMechanismException(source.getMessage(), source.getCause())); } + /** + * Copies the stack trace and suppressed exceptions from a source exception to a specified throwable. + * + * @param source the source exception from which the stack trace and suppressed exceptions should be copied. + * @param throwable the throwable to which the contents should be copied. + * @param the type of throwable to which the contents should be copied. + * @return the throwable that was passed in as a parameter, with the contents copied from the source exception. + */ private static T copyContents(final Exception source, final T throwable) { throwable.setStackTrace(source.getStackTrace()); final Throwable[] suppressed = source.getSuppressed(); diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java index 622a53c1f1b..c845093aeef 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java @@ -57,6 +57,7 @@ private MechanismUtil() {} * @param providers the security providers to use with the {@link PasswordFactory} * @param the password type * @return the password + * @throws AuthenticationMechanismException if there is an error retrieving the password */ @Deprecated public static S getPasswordCredential(String userName, CallbackHandler callbackHandler, Class passwordType, String passwordAlgorithm, AlgorithmParameterSpec matchParameters, AlgorithmParameterSpec generateParameters, Supplier providers) throws AuthenticationMechanismException { @@ -78,6 +79,7 @@ public static S getPasswordCredential(String userName, Call * @param the password type * @param log mechanism specific logger * @return the password + * @throws AuthenticationMechanismException if there is an error retrieving the password */ @Deprecated public static S getPasswordCredential(String userName, CallbackHandler callbackHandler, Class passwordType, String passwordAlgorithm, AlgorithmParameterSpec matchParameters, AlgorithmParameterSpec generateParameters, Supplier providers, ElytronMessages log) throws AuthenticationMechanismException { diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java index f1659f2dcef..111a4c2a340 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java @@ -45,6 +45,9 @@ public enum ScramServerErrorCode { private final String text; private final byte[] messageBytes; + /** + * Creates an error code instance with a String representation and a byte array for error message. + */ ScramServerErrorCode() { text = name().replace('_', '-').toLowerCase(Locale.US); final int length = text.length(); @@ -54,14 +57,29 @@ public enum ScramServerErrorCode { messageBytes = msg; } + /** + * Returns the String representation of the error code. + * + * @return String representation of the error code. + */ public String getText() { return text; } + /** + * Returns the copy of the byte array representing the error message. + * + * @return copy of the byte array representing the error message. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } + /** + * Returns the byte array representing the error message. + * + * @return the byte array representing the error message. + */ byte[] getRawMessageBytes() { return messageBytes; } diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java index a0594f69c42..7e7057ad1d2 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java @@ -83,6 +83,11 @@ public String getMessage() { return super.getMessage() + ": " + error.getText(); } + /** + * Returns the error code of the exception. + * + * @return the error code of the exception. + */ public ScramServerErrorCode getError() { return error; } diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java index 74e7b99e85c..32192d27f85 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java @@ -67,6 +67,7 @@ private MechanismUtil() {} * @param the password type * @param log mechanism specific logger * @return the password + * @throws AuthenticationMechanismException if there is an error retrieving the password */ public static S getPasswordCredential(String userName, CallbackHandler callbackHandler, Class passwordType, String passwordAlgorithm, AlgorithmParameterSpec matchParameters, AlgorithmParameterSpec generateParameters, Supplier providers, ElytronMessages log) throws AuthenticationMechanismException { Assert.checkNotNullParam("userName", userName); @@ -168,6 +169,7 @@ public static void handleCallbacks(ElytronMessages log, CallbackHandler callback * @param scope the HTTP scope to store computed value (must not be {@code null}) * @param key the key to retrieve (must not be {@code null}) * @param mappingFunction the function to apply to acquire the value (must not be {@code null}) + * @param the type of returned value * @return the stored or new value (not {@code null}) */ public static R computeIfAbsent(HttpScope scope, String key, Function mappingFunction) { diff --git a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java index 0f6cc400572..da81adc1fb7 100644 --- a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java +++ b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java @@ -21,7 +21,7 @@ import org.wildfly.common.bytes.ByteStringBuilder; /** - * Utility class used to convert string to quoted strings + * Utility class used to convert string to quoted strings. * * @author Peter Skopek * @@ -33,6 +33,12 @@ public class DigestQuote { private DigestQuote() { } + /** + * Checks if a given character needs to be quoted. + * + * @param ch the character to check. + * @return {@code true} if the character needs to be quoted, {@code false} otherwise. + */ private static boolean quoteNeeded(char ch) { return ch == '"' || // escape char @@ -46,8 +52,8 @@ private static boolean quoteNeeded(char ch) { /** * Creates new String quoted by SASL rules. * - * @param inputStr String to be quoted - * @return + * @param inputStr String to be quoted. + * @return new String with quoted characters. */ public static String quote(String inputStr) { int len = inputStr.length(); @@ -64,6 +70,12 @@ public static String quote(String inputStr) { return sb.toString(); } + /** + * Creates new Array quoted by SASL rules. + * + * @param input Byte array to be quoted. + * @return new byte array with quoted bytes. + */ public static byte[] quote(byte[] input) { ByteStringBuilder bsb = new ByteStringBuilder(); for (int i = 0; i < input.length; i++) { diff --git a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java index fc4e4399638..c277abd51d1 100644 --- a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java +++ b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java @@ -30,8 +30,6 @@ import java.util.HashMap; import java.util.function.Supplier; -import javax.security.sasl.SaslException; - import org.wildfly.common.bytes.ByteStringBuilder; import org.wildfly.security.mechanism._private.ElytronMessages; import org.wildfly.security.mechanism.AuthenticationMechanismException; @@ -52,9 +50,12 @@ public class DigestUtil { /** * Client side method to parse challenge sent by server. * - * @param challenge - * @return - * @throws AuthenticationMechanismException + * @param challenge the byte array representing the authentication challenge to be parsed. + * @param charset the charset to decide which whitespace separator is used. + * @param multiRealm {@code true} if there are multiple realms in the challenge, {@code false} otherwise + * @param log the logger to use. + * @return A new HashMap representing response for the parsed challenge + * @throws AuthenticationMechanismException if there is an error parsing the challenge */ public static HashMap parseResponse(byte [] challenge, Charset charset, boolean multiRealm, ElytronMessages log) throws AuthenticationMechanismException { @@ -170,6 +171,15 @@ else if (expectSeparator) { return response; } + /** + * Adds a key-value pair to a HashMap representing a parsed challenge. + * + * @param response the HashMap to add the key-value pair to. + * @param keyBuilder the StringBuilder containing the key. + * @param valueBuilder the ByteStringBuilder containing the value. + * @param realmNumber the current number of realms in the parsed challenge. + * @return the updated number of realms in the parsed challenge. + */ private static int addToParsedChallenge(HashMap response, StringBuilder keyBuilder, ByteStringBuilder valueBuilder, int realmNumber) { String k = keyBuilder.toString(); byte[] v = valueBuilder.toArray(); @@ -183,6 +193,13 @@ private static int addToParsedChallenge(HashMap response, String return realmNumber; } + /** + * Finds the next non-whitespace character in a byte array. + * + * @param buffer the byte array to search in. + * @param startPoint the starting point in the buffer to begin the search. + * @return the index of the next non-whitespace character. + */ private static int skipWhiteSpace(byte[] buffer, int startPoint) { int i = startPoint; while (i < buffer.length && isWhiteSpace(buffer[i])) { @@ -191,6 +208,12 @@ private static int skipWhiteSpace(byte[] buffer, int startPoint) { return i; } + /** + * Checks if a given byte is a whitespace character. + * + * @param b the byte to check. + * @return {@code true} if the byte is a whitespace character, {@code false} otherwise. + */ private static boolean isWhiteSpace(byte b) { if (b == 13) // CR return true; @@ -204,6 +227,15 @@ else if (b == 32) // SPACE return false; } + /** + * Digests the concatenated username, realm and password. + * + * @param messageDigest the message digest algorithm to use when computing the digest. + * @param username the username to use when concatenating. + * @param realm the realm to use when concatenating. + * @param password the password in the form of a char array to use when concatenating. + * @return byte array of the digested password. + */ public static byte[] userRealmPasswordDigest(MessageDigest messageDigest, String username, String realm, char[] password) { CharsetEncoder latin1Encoder = StandardCharsets.ISO_8859_1.newEncoder(); latin1Encoder.reset(); @@ -232,10 +264,13 @@ public static byte[] userRealmPasswordDigest(MessageDigest messageDigest, String } /** - * Get array of password chars from TwoWayPassword + * Get array of password chars from TwoWayPassword. * - * @return - * @throws SaslException + * @param password the TwoWayPassword that needs to be processed. + * @param providers the supplier for the providers to be used for processing. + * @param log the logger to use. + * @throws AuthenticationMechanismException if there is an error retrieving the encoded password. + * @return encoded password in the form of a char array. */ public static char[] getTwoWayPasswordChars(TwoWayPassword password, Supplier providers, ElytronMessages log) throws AuthenticationMechanismException { if (password == null) { diff --git a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java index b876af7ad2c..7af037bd6ba 100644 --- a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java +++ b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java @@ -45,7 +45,7 @@ import static org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest; /** - * Utility class used to obtain username+realm+password using SASL/HTTP mechanism callbacks + * Utility class used to obtain username+realm+password using SASL/HTTP mechanism callbacks. * * @author Jan Kalina */ @@ -67,6 +67,20 @@ public class PasswordDigestObtainer { private RealmCallback realmCallback; private NameCallback nameCallback; + /** + * Constructs a new {@code PasswordDigestObtainer} instance. + * + * @param callbackHandler the callbackHandler to handle the callbacks required to obtain the username and password. + * @param defaultUsername the default username to use if a callback is not provided. + * @param defaultRealm the default realm to use if a callback is not provided. + * @param log the logger to use. + * @param credentialAlgorithm the name of the algorithm for obtaining the credential. + * @param messageDigest the {@link MessageDigest} used for digesting the password. + * @param passwordFactoryProviders the supplier of the providers to use when creating a {@code PasswordFactory} instance. + * @param realms the realms to check for a user and password. + * @param readOnlyRealmUsername {@code true} if the username passed in the callback can be modified, {@code false} otherwise. + * @param skipRealmCallbacks {@code true} if realm callbacks should be skipped, {@code false} otherwise. + */ public PasswordDigestObtainer(CallbackHandler callbackHandler, String defaultUsername, String defaultRealm, ElytronMessages log, String credentialAlgorithm, MessageDigest messageDigest, Supplier passwordFactoryProviders, String[] realms, @@ -83,14 +97,30 @@ public PasswordDigestObtainer(CallbackHandler callbackHandler, String defaultUse this.skipRealmCallbacks = skipRealmCallbacks; } + /** + * Returns the username obtained from callback or the default one. + * + * @return the username obtained from callback or the default one. + */ public String getUsername() { return username; } + /** + * Returns the realm obtained from callback or the default one. + * + * @return the realm obtained from callback or the default one. + */ public String getRealm() { return realm; } + /** + * Handles callbacks for user and password information. + * + * @return the salted password. + * @throws AuthenticationMechanismException if the callback handler does not support credential acquisition. + */ public byte[] handleUserRealmPasswordCallbacks() throws AuthenticationMechanismException { realmChoiceCallBack = skipRealmCallbacks || realms == null || realms.length <= 1 ? null : @@ -115,6 +145,12 @@ public byte[] handleUserRealmPasswordCallbacks() throws AuthenticationMechanismE throw log.mechCallbackHandlerDoesNotSupportCredentialAcquisition(null); } + /** + * Obtains the pre-digested salted password for the {@code username} in the {@code realm}. + * + * @return the pre-digested salted password if obtained, {@code null} otherwise. + * @throws AuthenticationMechanismException if an exception occurs while handling the callbacks. + */ private byte[] getPredigestedSaltedPassword() throws AuthenticationMechanismException { if (realmChoiceCallBack != null) { try { @@ -180,6 +216,12 @@ private byte[] getPredigestedSaltedPassword() throws AuthenticationMechanismExce return null; } + /** + * Obtains the salted password from a two-way callback. + * + * @return the byte array of the salted password if obtained, {@code null} otherwise. + * @throws AuthenticationMechanismException if an error occurs during the process of handling callbacks or obtaining the password. + */ private byte[] getSaltedPasswordFromTwoWay() throws AuthenticationMechanismException { if (realmChoiceCallBack != null) { try { @@ -253,6 +295,12 @@ private byte[] getSaltedPasswordFromTwoWay() throws AuthenticationMechanismExcep return null; } + /** + * Obtains the salted password from a password callback. + * + * @return the byte array of the salted password. + * @throws AuthenticationMechanismException if an error occurs during the process of handling callbacks or obtaining the password. + */ private byte[] getSaltedPasswordFromPasswordCallback() throws AuthenticationMechanismException { PasswordCallback passwordCallback = new PasswordCallback("User password: ", false); diff --git a/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java b/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java index 03566163be3..2322b9ede25 100644 --- a/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java +++ b/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java @@ -87,12 +87,25 @@ public final class GSSCredentialSecurityFactory implements SecurityFactory credentialOperator; + /** + * Constructs a new {@code GSSCredentialSecurityFactory} instance. + * + * @param minimumRemainingLifetime the minimum remaining lifetime for a {@link GSSCredential} in seconds. + * @param rawSupplier the supplier of raw credentials. + */ GSSCredentialSecurityFactory(final int minimumRemainingLifetime, final ExceptionSupplier rawSupplier) { this.minimumRemainingLifetime = minimumRemainingLifetime; this.rawSupplier = rawSupplier; credentialOperator = this::update; } + /** + * Updates the {@link GSSKerberosCredential}. If the original is not valid, it gets a new {@code GSSKerberosCredential} + * from the {@code rawSupplier}, otherwise returns the original. + * + * @param original the original {@code GSSKerberosCredential} to be updated. + * @return the original if still valid, new {@code GSSKerberosCredential} otherwise. + */ private GSSKerberosCredential update(GSSKerberosCredential original) { GSSKerberosCredential result = null; try { @@ -116,6 +129,13 @@ private GSSKerberosCredential update(GSSKerberosCredential original) { return result; } + /** + * Checks if the GSSCredential is still valid. + * + * @param gssCredential the GSSCredential to check. + * @return {@code true} if the GSSCredential is valid, {@code false} otherwise. + * @throws GeneralSecurityException if an error occurs during the validation. + */ private boolean testIsValid(GSSCredential gssCredential) throws GeneralSecurityException { checkNotNullParam("gssCredential", gssCredential); boolean stillValid; @@ -131,6 +151,12 @@ private boolean testIsValid(GSSCredential gssCredential) throws GeneralSecurityE return stillValid; } + /** + * Checks if the Kerberos ticket is still valid. If not, attempts to refresh it. + * + * @param ticket the Kerberos ticket to be checked. + * @return {@code true} if the ticket is valid, {@code false} otherwise. + */ private boolean testIsValid(KerberosTicket ticket) { if (ticket == null) { log.trace("No cached KerberosTicket"); @@ -231,9 +257,9 @@ public Builder setIsServer(final boolean isServer) { } /** - * Set if the KerberosTicket should also be obtained and associated with the Credential/ + * Set if the KerberosTicket should also be obtained and associated with the Credential. * - * @param obtainKerberosTicket if the KerberosTicket should also be obtained and associated with the Credential/ + * @param obtainKerberosTicket if the KerberosTicket should also be obtained and associated with the Credential. * @return {@code this} to allow chaining. */ public Builder setObtainKerberosTicket(final boolean obtainKerberosTicket) { @@ -297,7 +323,7 @@ public Builder setPrincipal(final String principal) { } /** - * Set if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential} + * Set if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential}. * * @param debug if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential} * @return {@code this} to allow chaining. @@ -336,7 +362,7 @@ public Builder setCheckKeyTab(final boolean value) { } /** - * Set other configuration options for {@code Krb5LoginModule} + * Set other configuration options for {@code Krb5LoginModule}. * * @param options the configuration options which will be appended to options passed into {@code Krb5LoginModule} * @return {@code this} to allow chaining. @@ -380,6 +406,14 @@ public SecurityFactory build() throws IOException { return new GSSCredentialSecurityFactory(minimumRemainingLifetime > 0 ? minimumRemainingLifetime : 0, () -> createGSSCredential(configuration)); } + /** + * Creates an instance of the {@link GSSKerberosCredential} class, which represents a Kerberos credential + * that can be used for authentication using the GSS-API. + * + * @param configuration the configuration used for creating the {@link LoginContext}. + * @return the {@code GSSKerberosCredential} - the GSSCredential object and Kerberos Ticket (if {@code obtainKerberosTicket} is {@code true}. + * @throws GeneralSecurityException if an error occurs during the creation of {@code GSSKerberosCredential}. + */ private GSSKerberosCredential createGSSCredential(Configuration configuration) throws GeneralSecurityException { if (failCache != 0 && System.currentTimeMillis() - lastFailTime < failCache * 1000) { throw log.initialLoginSkipped(failCache); @@ -445,10 +479,24 @@ private GSSKerberosCredential createGSSCredential(Configuration configuration) t } } + /** + * Performs a privileged action. If a security manager is set, the action will be executed via + * {@link AccessController#doPrivileged(PrivilegedAction)}. If no security manager is set, + * the action will be executed directly. + * + * @param action the action do be executed. + * @param the type of the action. + * @return the result of the executed action. + */ private static T doPrivileged(final PrivilegedAction action) { return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run(); } + /** + * Checks if the keytab exists and if it contains any keys for the specified principal. + * + * @throws IOException if the keytab does not exist or if it does not contain any keys for the specified principal. + */ private void checkKeyTab() throws IOException { KeyTab kt = KeyTab.getInstance(keyTab); if (!kt.exists()) { @@ -459,6 +507,12 @@ private void checkKeyTab() throws IOException { } } + /** + * Creates a {@link Configuration} that is used to initiate a {@link LoginContext}. + * + * @return a {@code Configuration} for initiating a {@code LoginContext}. + * @throws IOException if the keyTab does not exist or there are no keys for the principal in the keyTab. + */ private Configuration createConfiguration() throws IOException { Map options = new HashMap<>(); if (debug) { @@ -491,6 +545,9 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name) { }; } + /** + * Asserts that the builder has not yet been built. + */ private void assertNotBuilt() { if (built) { throw log.builderAlreadyBuilt(); @@ -499,6 +556,12 @@ private void assertNotBuilt() { } + /** + * Wraps the given {@link GSSCredential} and prevents it from being disposed. + * + * @param credential the {@code GSSCredential} to be wrapped. + * @return the wrapped {@code GSSCredential}. + */ private static GSSCredential wrapCredential(final GSSCredential credential) { return new GSSCredential() { diff --git a/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java b/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java index 328ef1cd200..413848192c5 100644 --- a/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java +++ b/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java @@ -49,13 +49,24 @@ public abstract class UsernamePasswordAuthenticationMechanism implements HttpSer protected final CallbackHandler callbackHandler; /** - * @param callbackHandler + * Constructs a new {@code UsernamePasswordAuthenticationMechanism} instance. + * + * @param callbackHandler the CallbackHandler used for authentication. */ protected UsernamePasswordAuthenticationMechanism(CallbackHandler callbackHandler) { super(); this.callbackHandler = callbackHandler; } + /** + * Authenticates the user for provided realm using their username and password. + * + * @param realmName the realm for which the user is authenticating. + * @param username the username of the authenticating user. + * @param password the password of the authenticating user. + * @return {@code true} if the user is authenticated for the realm, {@code false} otherwise. + * @throws HttpAuthenticationException if there was an IOException caused by the CallbackHandler. + */ protected boolean authenticate(String realmName, String username, char[] password) throws HttpAuthenticationException { RealmCallback realmCallback = realmName != null ? new RealmCallback("User realm", realmName) : null; NameCallback nameCallback = new NameCallback("Remote Authentication Name", username); @@ -94,6 +105,13 @@ protected boolean authenticate(String realmName, String username, char[] passwor } } + /** + * Checks if the user is authorized. + * + * @param username the username to authorize. + * @return {@code true} if the user is authorized, {@code false} otherwise. + * @throws HttpAuthenticationException if there was an IOException caused by the CallbackHandler. + */ protected boolean authorize(String username) throws HttpAuthenticationException { httpUserPass.debugf("Username authorization. Username: [%s].", username); @@ -111,10 +129,22 @@ protected boolean authorize(String username) throws HttpAuthenticationException } } + /** + * Sends the information to the callbackHandler that the authorization succeeded. + * + * @throws IOException if an input or output error occurs. + * @throws UnsupportedCallbackException if the implementation of callbackHandler does not support the specified Callback type. + */ protected void succeed() throws IOException, UnsupportedCallbackException { callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED }); } + /** + * Sends the information to the callbackHandler that the authorization failed. + * + * @throws IOException if an input or output error occurs. + * @throws UnsupportedCallbackException if the implementation of callbackHandler does not support the specified Callback type. + */ protected void fail() throws IOException, UnsupportedCallbackException { callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.FAILED }); } diff --git a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java index 315b9c1ee8e..ec78a73eeaa 100644 --- a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java +++ b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java @@ -33,6 +33,8 @@ import static org.wildfly.common.Assert.assertTrue; /** + * Implementation of the client side of the OAuth2 SASL mechanism. + * * @author Pedro Igor */ public class OAuth2Client { @@ -43,12 +45,26 @@ public class OAuth2Client { private final String authorizationId; private ElytronMessages log; + /** + * Constructs a new {@code OAuth2Client} instance. + * + * @param authorizationId the ID of the user to be authorized. + * @param callbackHandler the callback handler for verifying the Bearer token. + * @param log the logger to use. + */ public OAuth2Client(String authorizationId, CallbackHandler callbackHandler, ElytronMessages log) { this.authorizationId = authorizationId; this.callbackHandler = callbackHandler; this.log = log; } + /** + * Gets the initial response message from the client that will be sent to the server. + * It retrieves the Bearer token from a callback and constructs an encoded message that includes the token. + * + * @return encoded message that includes the Bearer token. + * @throws AuthenticationMechanismException if an error occurs during the callback or the token is {@code null}. + */ public OAuth2InitialClientMessage getInitialResponse() throws AuthenticationMechanismException { final CredentialCallback credentialCallback = new CredentialCallback(BearerTokenCredential.class); @@ -80,13 +96,19 @@ public OAuth2InitialClientMessage getInitialResponse() throws AuthenticationMech return new OAuth2InitialClientMessage(null, null, encoded.toArray()); } + /** + * Handles the server's response to the initial client message. + * + * @param serverMessage the byte array containing the server's response. + * @return {@code null} if the response was successful, aborting the authentication otherwise. + */ public byte[] handleServerResponse(byte[] serverMessage) { // got a successful response if (serverMessage.length == 0) { return null; } - // otherwise, server responded with a error message + // otherwise, server responded with an error message try { String errorMessage = ByteIterator.ofBytes(serverMessage).asUtf8String().base64Decode().asUtf8String().drainToString(); log.debugf("Got error message from server [%s].", errorMessage); diff --git a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java index f5b6d6014a4..c244b043213 100644 --- a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java +++ b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java @@ -19,6 +19,8 @@ package org.wildfly.security.mechanism.oauth2; /** + * Represents the initial client message for OAuth2 protocol. + * * @author Pedro Igor */ public class OAuth2InitialClientMessage { @@ -27,24 +29,51 @@ public class OAuth2InitialClientMessage { private final byte[] messageBytes; private final String authorizationId; + /** + * Constructs a new {@code OAuth2InitialClientMessage} instance. + * + * @param authorizationId the ID of the user to be authorized. + * @param auth the authorization information in form of a String. + * @param messageBytes the byte array containing the message. + */ public OAuth2InitialClientMessage(String authorizationId, String auth, byte[] messageBytes) { this.authorizationId = authorizationId; this.auth = auth; this.messageBytes = messageBytes; } + /** + * Returns the ID of the user to be authorized. + * + * @return the ID of the user to be authorized. + */ public String getAuthorizationId() { return this.authorizationId; } + /** + * Returns the byte array containing the message. + * + * @return the byte array containing the message. + */ public byte[] getMessage() { return this.messageBytes; } + /** + * Returns the authorization information in form of a String. + * + * @return the authorization information in form of a String. + */ public String getAuth() { return auth; } + /** + * Returns whether the client provides a Bearer token. + * + * @return {@code True} if the authorization information contains "Bearer", {@code false} otherwise. + */ public boolean isBearerToken() { return this.auth.startsWith("Bearer"); } diff --git a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java index c1c3e52324f..306771e6fc8 100644 --- a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java +++ b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java @@ -40,7 +40,7 @@ import org.wildfly.security.mechanism.AuthenticationMechanismException; /** - * An OAuth2 Sasl Server based on RFC-7628. + * An OAuth2 Server based on RFC-7628. * * @author Pedro Igor */ @@ -53,12 +53,26 @@ public class OAuth2Server { private final Map serverConfig; private ElytronMessages log; + /** + * Constructs a new {@code OAuth2Server} instance. + * + * @param callbackHandler the callback handler for verifying the Bearer token. + * @param serverConfig the server configuration. + * @param log the logger to use. + */ public OAuth2Server(CallbackHandler callbackHandler, Map serverConfig, ElytronMessages log) { this.callbackHandler = callbackHandler; this.serverConfig = serverConfig; this.log = log; } + /** + * Parses the initial client's message in OAuth2 protocol. + * + * @param fromBytes the initial client's message. + * @return parsed client's message. + * @throws AuthenticationMechanismException if an error occurs during the parsing or the message is invalid. + */ public OAuth2InitialClientMessage parseInitialClientMessage(byte[] fromBytes) throws AuthenticationMechanismException { byte[] messageBytes = fromBytes.clone(); ByteIterator byteIterator = ByteIterator.ofBytes(fromBytes.clone()); @@ -98,6 +112,13 @@ public OAuth2InitialClientMessage parseInitialClientMessage(byte[] fromBytes) th } } + /** + * Returns the value associated with a key from an OAuth2 message. + * + * @param key the key for which the value is extracted. + * @param keyValuesPart the String containing key-value pairs in form of OAuth2 message. + * @return the value of the key-value pair, {@code null} if the key is not found. + */ private String getValue(String key, String keyValuesPart) { for (String current : keyValuesPart.split(KV_DELIMITER)) { String[] keyValue = current.split("="); @@ -110,6 +131,14 @@ private String getValue(String key, String keyValuesPart) { return null; } + /** + * Evaluates the initial response sent by the client and verifies if the Bearer token is valid. + * If so, authorizes the user. + * + * @param initialClientMessage the initial client's message containing the Bearer token. + * @return an empty byte array if the token was authorized, error message otherwise. + * @throws AuthenticationMechanismException if an error occurs during the evaluation or the message doesn't contain the Bearer token. + */ public byte[] evaluateInitialResponse(OAuth2InitialClientMessage initialClientMessage) throws AuthenticationMechanismException { if (initialClientMessage.isBearerToken()) { String auth = initialClientMessage.getAuth(); @@ -153,6 +182,12 @@ public byte[] evaluateInitialResponse(OAuth2InitialClientMessage initialClientMe throw log.mechInvalidClientMessage(); } + /** + * Creates an error message in the format of a json object. + * + * @return The error message containing a "status" field with the value "invalid_token" + * and an optional field "openid-configuration" with {@code CONFIG_OPENID_CONFIGURATION_URL} value. + */ private byte[] createErrorMessage() { JsonObjectBuilder objectBuilder = Json.createObjectBuilder(); diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java index 0531242c362..c6cb67e86b9 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java @@ -48,6 +48,8 @@ import org.wildfly.security.sasl.util.StringPrep; /** + * A client-side implementation for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramClient { @@ -61,6 +63,19 @@ public final class ScramClient { private final int minimumIterationCount; private final int maximumIterationCount; + /** + * Constructs a new {@code ScramClient} instance. + * + * @param mechanism the SCRAM mechanism used for the authentication. + * @param authorizationId the ID of the user to be authorized. + * @param callbackHandler the callbackHandler used for the authentication. + * @param secureRandom an optional secure RNG to use. + * @param bindingData the binding data for the "PLUS" channel binding option. + * @param bindingType the binding type for the "PLUS" channel binding option. + * @param minimumIterationCount the minimum number of iterations for password hashing. + * @param maximumIterationCount the maximum number of iterations for password hashing. + * @param providers the security providers. + */ ScramClient(final ScramMechanism mechanism, final String authorizationId, final CallbackHandler callbackHandler, final SecureRandom secureRandom, final byte[] bindingData, final String bindingType, final int minimumIterationCount, final int maximumIterationCount, final Supplier providers) { this.mechanism = mechanism; this.authorizationId = authorizationId; @@ -73,26 +88,56 @@ public final class ScramClient { this.providers = providers; } + /** + * Returns the secure RNG used for the authentication. + * + * @return the secure RNG used for the authentication. + */ Random getRandom() { return secureRandom != null ? secureRandom : ThreadLocalRandom.current(); } + /** + * Returns the SCRAM mechanism used for the authentication. + * + * @return the SCRAM mechanism used for the authentication. + */ public ScramMechanism getMechanism() { return mechanism; } + /** + * Returns the ID of the user to be authorized. + * + * @return the ID of the user to be authorized. + */ public String getAuthorizationId() { return authorizationId; } + /** + * Returns the binding type for the "PLUS" channel binding option. + * + * @return the binding type for the "PLUS" channel binding option. + */ public String getBindingType() { return bindingType; } + /** + * Returns the binding data for the "PLUS" channel binding option. + * + * @return the binding data for the "PLUS" channel binding option. + */ byte[] getRawBindingData() { return bindingData; } + /** + * Returns a copy of the binding data for the "PLUS" channel binding option. + * + * @return a copy of the binding data for the "PLUS" channel binding option. + */ public byte[] getBindingData() { final byte[] bindingData = this.bindingData; return bindingData == null ? null : bindingData.clone(); @@ -146,6 +191,15 @@ public ScramInitialClientMessage getInitialResponse() throws AuthenticationMecha return new ScramInitialClientMessage(this, name, binding, nonce, initialPartIndex, encoded.toArray()); } + /** + * Parses the initial server message and creates {@link ScramInitialServerMessage} from parsed information. + * Also checks if the message have all necessary properties. + * + * @param initialResponse the initial client response for the server. + * @param bytes the byte array containing the initial server message to parse. + * @return the initial server message. + * @throws AuthenticationMechanismException if an error occurs during the parsing. + */ public ScramInitialServerMessage parseInitialServerMessage(final ScramInitialClientMessage initialResponse, final byte[] bytes) throws AuthenticationMechanismException { final byte[] challenge = bytes.clone(); final ByteIterator bi = ByteIterator.ofBytes(challenge); @@ -190,6 +244,18 @@ public ScramInitialServerMessage parseInitialServerMessage(final ScramInitialCli return new ScramInitialServerMessage(initialResponse, serverNonce, salt, iterationCount, challenge); } + /** + * Handles the initial challenge from the server and create a response from the client. + * The method uses a password credential obtained from the callback handler to derive a salted password, + * which is then used to generate a client key, stored key, and client proof. + * + * @param initialResponse the initial client message. + * @param initialChallenge the initial server message. + * @return the final client message. + * @throws AuthenticationMechanismException if an error occurs while obtaining the password, + * creating the {@link ScramFinalClientMessage} or the mechanism in the initial response or challenge message + * does not match the mechanism expected by the server + */ public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage initialResponse, ScramInitialServerMessage initialChallenge) throws AuthenticationMechanismException { boolean trace = saslScram.isTraceEnabled(); @@ -288,6 +354,14 @@ public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage } } + /** + * Parses the final server message and creates {@link ScramFinalServerMessage} from parsed information. + * Also checks if the message have all necessary properties. + * + * @param messageBytes the byte array of the final server message. + * @return the final server message. + * @throws AuthenticationMechanismException if an error occurs during the parsing or the server rejected the authentication request. + */ public ScramFinalServerMessage parseFinalServerMessage(final byte[] messageBytes) throws AuthenticationMechanismException { final ByteIterator bi = ByteIterator.ofBytes(messageBytes); final byte[] sig; @@ -312,6 +386,13 @@ public ScramFinalServerMessage parseFinalServerMessage(final byte[] messageBytes return new ScramFinalServerMessage(sig, messageBytes); } + /** + * Verifies the final challenge received from the server. + * + * @param finalResponse the final client message. + * @param finalChallenge the final server message. + * @throws AuthenticationMechanismException if an error occurs during the verification or the server signature is invalid. + */ public void verifyFinalChallenge(final ScramFinalClientMessage finalResponse, final ScramFinalServerMessage finalChallenge) throws AuthenticationMechanismException { boolean trace = saslScram.isTraceEnabled(); diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java index ed77a508121..066f1ff8bde 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java @@ -21,6 +21,8 @@ import org.wildfly.security.password.interfaces.ScramDigestPassword; /** + * Final client message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramFinalClientMessage { @@ -32,6 +34,16 @@ public final class ScramFinalClientMessage { private final byte[] messageBytes; private final int proofOffset; + /** + * Constructs a new {@code ScramFinalClientMessage} instance. + * + * @param initialResponse the initial client message. + * @param initialChallenge the initial server message. + * @param password the password used for authentication. + * @param clientProof the client proof sent to the server. + * @param messageBytes the byte array of the message. + * @param proofOffset the proof location in the {@code messageBytes}. + */ ScramFinalClientMessage(final ScramInitialClientMessage initialResponse, final ScramInitialServerMessage initialChallenge, final ScramDigestPassword password, final byte[] clientProof, final byte[] messageBytes, final int proofOffset) { this.initialResponse = initialResponse; this.initialChallenge = initialChallenge; @@ -41,38 +53,83 @@ public final class ScramFinalClientMessage { this.proofOffset = proofOffset; } + /** + * Returns the initial client message. + * + * @return the initial client message. + */ public ScramInitialClientMessage getInitialResponse() { return initialResponse; } + /** + * Returns the initial server message. + * + * @return the initial server message. + */ public ScramInitialServerMessage getInitialChallenge() { return initialChallenge; } + /** + * Returns the password used for authentication. + * + * @return the password used for authentication. + */ public ScramDigestPassword getPassword() { return password; } + /** + * Returns the client proof sent to the server. + * + * @return the client proof sent to the server. + */ byte[] getRawClientProof() { return clientProof; } + /** + * Returns the byte array of the message. + * + * @return the byte array of the message. + */ byte[] getRawMessageBytes() { return messageBytes; } + /** + * Returns a copy of the client proof sent to the server. + * + * @return a copy of the client proof sent to the server. + */ public byte[] getClientProof() { return clientProof.clone(); } + /** + * Returns a copy of the byte array of the message. + * + * @return a copy of the byte array of the message. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } + /** + * Returns the SCRAM mechanism in the initial client message. + * + * @return the SCRAM mechanism in the initial client message. + */ public ScramMechanism getMechanism() { return initialResponse.getMechanism(); } + /** + * Returns the proof location in the message. + * + * @return the proof location in the message. + */ int getProofOffset() { return proofOffset; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java index c8b77f2c922..1a4470ac7a7 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java @@ -19,29 +19,57 @@ package org.wildfly.security.mechanism.scram; /** + * Final server message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramFinalServerMessage { private final byte[] serverSignature; private final byte[] messageBytes; + /** + * Constructs a new {@code ScramFinalServerMessage} instance. + * + * @param serverSignature the server signature sent to the client in form of the byte array. + * @param messageBytes the final server message in form of byte array. + */ ScramFinalServerMessage(final byte[] serverSignature, final byte[] messageBytes) { this.serverSignature = serverSignature; this.messageBytes = messageBytes; } + /** + * Returns the server signature sent to the client in form of the byte array. + * + * @return the server signature sent to the client in form of the byte array. + */ byte[] getRawServerSignature() { return serverSignature; } + /** + * Returns the final server message in form of byte array. + * + * @return the final server message in form of byte array. + */ byte[] getRawMessageBytes() { return messageBytes; } + /** + * Returns a copy of the server signature sent to the client in form of the byte array. + * + * @return a copy of the server signature sent to the client in form of the byte array. + */ public byte[] getServerSignature() { return serverSignature.clone(); } + /** + * Returns a copy of the final server message in form of byte array. + * + * @return a copy of the final server message in form of byte array. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java index 62c6eb212b0..e5e9fa0de15 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java @@ -21,6 +21,8 @@ import java.util.Arrays; /** + * Initial client message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramInitialClientMessage { @@ -34,6 +36,16 @@ public final class ScramInitialClientMessage { private final int initialPartIndex; private final byte[] messageBytes; + /** + * Constructs a new {@code ScramInitialClientMessage} instance using data from the {@code scramClient}. + * + * @param scramClient the SCRAM client providing binding type and data, SCRAM mechanism and authorization ID. + * @param authenticationName the name of the user that is authenticated. + * @param binding whether the client supports channel binding. + * @param nonce a unique value generated by the client to the server. + * @param initialPartIndex index of the initial part of the message. + * @param messageBytes the byte array of the message. + */ ScramInitialClientMessage(final ScramClient scramClient, final String authenticationName, final boolean binding, final byte[] nonce, final int initialPartIndex, final byte[] messageBytes) { this.binding = binding; this.initialPartIndex = initialPartIndex; @@ -46,6 +58,19 @@ public final class ScramInitialClientMessage { this.messageBytes = messageBytes; } + /** + * Constructs a new {@code ScramInitialClientMessage} instance. + * + * @param mechanism the SCRAM mechanism used for the authentication. + * @param authorizationId the ID of the user to be authorized. + * @param authenticationName the name of the user that is authenticated. + * @param binding whether the client supports channel binding. + * @param bindingType the binding type for the "PLUS" channel binding option. + * @param bindingData the binding data for the "PLUS" channel binding option. + * @param nonce a unique value generated by the client to the server. + * @param initialPartIndex index of the initial part of the message. + * @param messageBytes the byte array of the message. + */ ScramInitialClientMessage(final ScramMechanism mechanism, final String authorizationId, final String authenticationName, final boolean binding, final String bindingType, final byte[] bindingData, final byte[] nonce, final int initialPartIndex, final byte[] messageBytes) { this.mechanism = mechanism; this.authorizationId = authorizationId; @@ -58,54 +83,119 @@ public final class ScramInitialClientMessage { this.messageBytes = messageBytes; } + /** + * Returns the SCRAM mechanism used for the authentication. + * + * @return the SCRAM mechanism used for the authentication. + */ public ScramMechanism getMechanism() { return mechanism; } + /** + * Returns the name of the user that is authenticated. + * + * @return the name of the user that is authenticated. + */ public String getAuthenticationName() { return authenticationName; } + /** + * Returns a copy of a unique value generated by the client to the server. + * + * @return a copy of a unique value generated by the client to the server. + */ public byte[] getNonce() { return nonce.clone(); } + /** + * Returns a unique value generated by the client to the server. + * + * @return a unique value generated by the client to the server. + */ byte[] getRawNonce() { return nonce; } + /** + * Returns the initial part of the message. + * + * @return the initial part of the message up to the length of {@code initialPartIndex}. + */ public byte[] getInitialPart() { return Arrays.copyOfRange(messageBytes, 0, initialPartIndex); } + /** + * Returns a copy of the byte array of the message. + * + * @return a copy of the byte array of the message. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } + /** + * Returns the ID of the user to be authorized. + * + * @return the ID of the user to be authorized. + */ public String getAuthorizationId() { return authorizationId; } + /** + * Returns whether the client supports channel binding. + * + * @return {@code true} if the client supports channel binding, {@code false} otherwise. + */ public boolean isBinding() { return binding; } + /** + * Returns the binding type for the "PLUS" channel binding option. + * + * @return the binding type for the "PLUS" channel binding option. + */ public String getBindingType() { return bindingType; } + /** + * Returns a copy of the binding data for the "PLUS" channel binding option. + * + * @return a copy of the binding data for the "PLUS" channel binding option. + */ public byte[] getBindingData() { return bindingData == null ? null : bindingData.clone(); } + /** + * Returns the binding data for the "PLUS" channel binding option. + * + * @return the binding data for the "PLUS" channel binding option. + */ byte[] getRawBindingData() { return bindingData; } + /** + * Returns index of the initial part of the message. + * + * @return index of the initial part of the message. + */ int getInitialPartIndex() { return initialPartIndex; } + /** + * Returns the byte array of the message. + * + * @return the byte array of the message. + */ byte[] getRawMessageBytes() { return messageBytes; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java index fd0b0d9306b..8e5f24a78bf 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java @@ -19,6 +19,8 @@ package org.wildfly.security.mechanism.scram; /** + * Initial server message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramInitialServerMessage { @@ -28,6 +30,15 @@ public final class ScramInitialServerMessage { private final int iterationCount; private final byte[] messageBytes; + /** + * Constructs a new {@code ScramInitialServerMessage} instance. + * + * @param initialResponse the initial client message that this initial server message is responding to. + * @param serverNonce the server generated nonce. + * @param salt the salt used for generating salted password. + * @param iterationCount the iteration count used for generating salted password. + * @param messageBytes the message in form of byte array. + */ ScramInitialServerMessage(final ScramInitialClientMessage initialResponse, final byte[] serverNonce, final byte[] salt, final int iterationCount, final byte[] messageBytes) { this.initialResponse = initialResponse; this.serverNonce = serverNonce; @@ -36,38 +47,83 @@ public final class ScramInitialServerMessage { this.messageBytes = messageBytes; } + /** + * Returns the SCRAM mechanism in the initial client message. + * + * @return the SCRAM mechanism in the initial client message. + */ public ScramMechanism getMechanism() { return initialResponse.getMechanism(); } + /** + * Returns the initial client message. + * + * @return the initial client message. + */ public ScramInitialClientMessage getInitialResponse() { return initialResponse; } + /** + * Returns a copy of the server nonce. + * + * @return a copy of the server nonce. + */ public byte[] getServerNonce() { return serverNonce.clone(); } + /** + * Returns the server nonce. + * + * @return the server nonce. + */ byte[] getRawServerNonce() { return serverNonce; } + /** + * Returns the iteration count used for generating salted password. + * + * @return the iteration count used for generating salted password. + */ public int getIterationCount() { return iterationCount; } + /** + * Returns the salt used for generating salted password. + * + * @return the salt used for generating salted password. + */ byte[] getRawSalt() { return salt; } + /** + * Returns the initial server message in form of byte array. + * + * @return the initial server message in form of byte array. + */ byte[] getRawMessageBytes() { return messageBytes; } + /** + * Returns a copy of the salt used for generating salted password. + * + * @return a copy of the salt used for generating salted password. + */ public byte[] getSalt() { return salt.clone(); } + /** + * Returns a copy of the message in form of byte array. + * + * @return a copy of the message in form of byte array. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java index 0c0df7332c2..07ff6d4f93c 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java @@ -21,21 +21,39 @@ import org.wildfly.security.password.interfaces.ScramDigestPassword; /** + * A class for encapsulation of the initial SCRAM challenge and the digest password. + * * @author David M. Lloyd */ public final class ScramInitialServerResult { private final ScramInitialServerMessage scramInitialChallenge; private final ScramDigestPassword scramDigestPassword; + /** + * Constructs a new {@code ScramInitialServerResult}. + * + * @param scramInitialChallenge the SCRAM challenge message. + * @param scramDigestPassword the digest password for the SCRAM authentication. + */ ScramInitialServerResult(final ScramInitialServerMessage scramInitialChallenge, final ScramDigestPassword scramDigestPassword) { this.scramInitialChallenge = scramInitialChallenge; this.scramDigestPassword = scramDigestPassword; } + /** + * Returns the SCRAM challenge message. + * + * @return ScramInitialServerMessage + */ public ScramInitialServerMessage getScramInitialChallenge() { return scramInitialChallenge; } + /** + * Returns the digest password for the SCRAM authentication. + * + * @return ScramDigestPassword + */ public ScramDigestPassword getScramDigestPassword() { return scramDigestPassword; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java index 7f5ad535398..80ae5e41a93 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java @@ -30,10 +30,12 @@ import org.wildfly.security.sasl.WildFlySasl; /** + * Implementation of the SCRAM authentication mechanism. + * * @author David M. Lloyd */ public final class ScramMechanism { - /** Hash size; may be less than the output size of the MD/MAC */ + // Hash size; may be less than the output size of the MD/MAC private final int hashSize; private final String messageDigestName; private final String hmacName; @@ -41,6 +43,15 @@ public final class ScramMechanism { private final String passwordAlgorithm; private final String toString; + /** + * Constructs a new {@code ScramMechanism}. + * + * @param hashSize the size of the hash of the SCRAM mechanism. + * @param messageDigestName the name of the message digest algorithm. + * @param hmacName the name of the HMAC algorithm. + * @param plus {@code true} to use the PLUS channel binding, {@code false} otherwise. + * @param passwordAlgorithm the name of the password algorithm in {@link ScramDigestPassword}. + */ private ScramMechanism(final int hashSize, final String messageDigestName, final String hmacName, final boolean plus, final String passwordAlgorithm) { this.hashSize = hashSize; this.messageDigestName = messageDigestName; @@ -75,6 +86,7 @@ private ScramMechanism(final int hashSize, final String messageDigestName, final * @param bindingCallback the optional channel binding callback result (may be {@code null}) * @param minimumIterationCount the minimum iteration count to allow * @param maximumIterationCount the maximum iteration count to allow + * @param providers the security providers. * @return the SCRAM client, or {@code null} if the client cannot be created from this mechanism variant * @throws AuthenticationMechanismException if the mechanism fails for some reason * @see WildFlySasl#SCRAM_MIN_ITERATION_COUNT @@ -94,6 +106,18 @@ public ScramClient createClient(final String authorizationId, final CallbackHand return new ScramClient(this, authorizationId, callbackHandler, secureRandom, bindingData, bindingType, minimumIterationCount, maximumIterationCount, providers); } + /** + * Create a SCRAM server for this mechanism. + * + * @param callbackHandler the callback handler (may not be {@code null}). + * @param random an optional secure random implementation to use (may be {@code null}). + * @param bindingCallback the optional channel binding callback result (may be {@code null}). + * @param minimumIterationCount the minimum iteration count to allow. + * @param maximumIterationCount the maximum iteration count to allow. + * @param providers the security providers. + * @return the SCRAM server, or {@code null} if the server cannot be created from this mechanism variant. + * @throws AuthenticationMechanismException if the mechanism fails for some reason. + */ public ScramServer createServer(final CallbackHandler callbackHandler, final SecureRandom random, final ChannelBindingCallback bindingCallback, final int minimumIterationCount, final int maximumIterationCount, final Supplier providers) throws AuthenticationMechanismException { final byte[] bindingData; final String bindingType; @@ -108,26 +132,57 @@ public ScramServer createServer(final CallbackHandler callbackHandler, final Sec return new ScramServer(this, callbackHandler, random, bindingData, bindingType, minimumIterationCount, maximumIterationCount, providers); } + /** + * Returns the size of the hash of the SCRAM mechanism. + * + * @return the size of the hash of the SCRAM mechanism. + */ public int getHashSize() { return hashSize; } + /** + * Returns the name of the message digest algorithm. + * + * @return the name of the message digest algorithm. + */ public String getMessageDigestName() { return messageDigestName; } + /** + * Returns the name of the HMAC algorithm. + * + * @return the name of the HMAC algorithm. + */ public String getHmacName() { return hmacName; } + /** + * Returns whether the SCRAM mechanism uses the PLUS channel binding. + * + * @return {@code true} to use the PLUS channel binding, {@code false} otherwise. + */ public boolean isPlus() { return plus; } + /** + * Returns the name of the password algorithm from {@code ScramDigestPassword}. + * + * @return the name of the password algorithm. + */ public String getPasswordAlgorithm() { return passwordAlgorithm; } + /** + * Returns a String representation of the SCRAM mechanism. + * Contains the Digest name, PLUS channel binding and hash size. + * + * @return a String representation of the SCRAM mechanism. + */ public String toString() { return toString; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java index ab7360b9b50..2189a52bdb8 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java @@ -55,6 +55,8 @@ import org.wildfly.security.sasl.util.StringPrep; /** + * A server-side implementation for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramServer { @@ -67,6 +69,18 @@ public final class ScramServer { private final int minimumIterationCount; private final int maximumIterationCount; + /** + * Constructs a new {@code ScramServer}. + * + * @param mechanism the SCRAM mechanism used for the authentication. + * @param callbackHandler the callback handler for the authentication. + * @param random an optional secure RNG to use. + * @param bindingData the binding data for the "PLUS" channel binding option. + * @param bindingType the binding type for the "PLUS" channel binding option. + * @param minimumIterationCount the minimum number of iterations for password hashing. + * @param maximumIterationCount the maximum number of iterations for password hashing. + * @param providers the security providers. + */ ScramServer(final ScramMechanism mechanism, final CallbackHandler callbackHandler, final SecureRandom random, final byte[] bindingData, final String bindingType, final int minimumIterationCount, final int maximumIterationCount, final Supplier providers) { this.mechanism = mechanism; this.callbackHandler = callbackHandler; @@ -185,6 +199,14 @@ public ScramInitialClientMessage parseInitialClientMessage(ChannelBindingCallbac } } + /** + * Evaluates the initial client response message in SCRAM authentication. + * Generates a server nonce and salted password. + * + * @param clientMessage the initial client response message. + * @return the initial server result, containing the initial server message and the digest password. + * @throws AuthenticationMechanismException if an error occurs during the evaluation. + */ public ScramInitialServerResult evaluateInitialResponse(final ScramInitialClientMessage clientMessage) throws AuthenticationMechanismException { final boolean trace = saslScram.isTraceEnabled(); @@ -240,6 +262,16 @@ public ScramInitialServerResult evaluateInitialResponse(final ScramInitialClient return new ScramInitialServerResult(new ScramInitialServerMessage(clientMessage, serverNonce, salt, iterationCount, messageBytes), password); } + /** + * Parses the final client message and constructs the {@link ScramFinalClientMessage} from this parsed information. + * Also checks if the message has all necessary properties. + * + * @param initialResponse the initial client response message provided by {@link ScramServer#parseInitialClientMessage(ChannelBindingCallback, byte[])}. + * @param initialResult the initial server result provided by {@link ScramServer#evaluateInitialResponse(ScramInitialClientMessage)}. + * @param bytes the byte array representation of the client response. + * @return the final client message. + * @throws AuthenticationMechanismException if an error occurs during the parsing. + */ public ScramFinalClientMessage parseFinalClientMessage(final ScramInitialClientMessage initialResponse, final ScramInitialServerResult initialResult, final byte[] bytes) throws AuthenticationMechanismException { final ScramInitialServerMessage initialChallenge = initialResult.getScramInitialChallenge(); Assert.checkNotNullParam("initialResponse", initialResponse); @@ -352,6 +384,14 @@ public ScramFinalClientMessage parseFinalClientMessage(final ScramInitialClientM } } + /** + * Evaluates a SCRAM final client message and authorizes the user. + * + * @param initialResult the result of the initial server message evaluation provided by {@link ScramServer#evaluateInitialResponse(ScramInitialClientMessage)}. + * @param clientMessage the final client message provided by {@link ScramServer#parseFinalClientMessage(ScramInitialClientMessage, ScramInitialServerResult, byte[])}. + * @return the final server message providing the server signature and response. + * @throws AuthenticationMechanismException if an error occurs during the evaluation. + */ public ScramFinalServerMessage evaluateFinalClientMessage(final ScramInitialServerResult initialResult, final ScramFinalClientMessage clientMessage) throws AuthenticationMechanismException { final boolean trace = saslScram.isTraceEnabled(); @@ -464,26 +504,56 @@ public ScramFinalServerMessage evaluateFinalClientMessage(final ScramInitialServ } } + /** + * Returns the SCRAM mechanism used for the authentication. + * + * @return the SCRAM mechanism used for the authentication. + */ public ScramMechanism getMechanism() { return mechanism; } + /** + * Returns the callback handler for the authentication. + * + * @return the callback handler for the authentication. + */ public CallbackHandler getCallbackHandler() { return callbackHandler; } + /** + * Returns the RNG used for the authentication. + * + * @return the RNG used for the authentication. + */ Random getRandom() { return random != null ? random : ThreadLocalRandom.current(); } + /** + * Returns the copy of the binding data for the "PLUS" channel binding option. + * + * @return the copy of the binding data for the "PLUS" channel binding option. + */ public byte[] getBindingData() { return bindingData == null ? null : bindingData.clone(); } + /** + * Returns the binding data for the "PLUS" channel binding option. + * + * @return the binding data for the "PLUS" channel binding option. + */ byte[] getRawBindingData() { return bindingData; } + /** + * Returns the binding type for the "PLUS" channel binding option. + * + * @return the binding type for the "PLUS" channel binding option. + */ public String getBindingType() { return bindingType; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java index dacdf27579a..6180f70e28f 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java @@ -26,6 +26,8 @@ import org.wildfly.common.iteration.ByteIterator; /** + * Common utility functions used by SCRAM authentication mechanism. + * * @author David M. Lloyd */ class ScramUtil { @@ -47,6 +49,13 @@ class ScramUtil { randomCharDictionary = dict; } + /** + * Generates nonce of specified length. + * + * @param length the length of the nonce. + * @param random the RNG used for creating the nonce. + * @return a byte array containing the nonce. + */ public static byte[] generateNonce(int length, Random random) { final byte[] chars = new byte[length]; for (int i = 0; i < length; i ++) { @@ -55,6 +64,13 @@ public static byte[] generateNonce(int length, Random random) { return chars; } + /** + * Parses positive integer from provided ByteIterator. + * + * @param i the ByteIterator to parse the positive integer from. + * @return the parsed integer. + * @throws NumberFormatException if the ByteIterator doesn't contain number or the number is too big for an integer + */ public static int parsePosInt(final ByteIterator i) { int a, c; if (! i.hasNext()) { @@ -80,6 +96,13 @@ public static int parsePosInt(final ByteIterator i) { return a; } + /** + * Bitwise XOR operation between two byte arrays of the same length. + * XOR operation returns 1 if only one of two corresponding bits is 1. For example: 0101 and 0011 gives 0110. + * + * @param hash the first byte array for the XOR operation. This byte array is modified by the method in place + * @param input the second byte array for the XOR operation. + */ static void xor(final byte[] hash, final byte[] input) { assert hash.length == input.length; for (int i = 0; i < hash.length; i++) { From 51d7f118baab10fa5f3926dc72eacfe75472c1d1 Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Tue, 24 Oct 2023 20:00:46 -0300 Subject: [PATCH 04/75] ELY-2662 Upgrade jakarta.json:jakarta.json-api from 2.0.0 to 2.1.2 ELY-2662 Upgrade jakarta.json:jakarta.json-api from 2.0.0 to 2.1.2 --- auth/realm/token/pom.xml | 2 +- http/oidc/pom.xml | 2 +- pom.xml | 8 ++++---- tests/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 58b23c0d2e1..76295fdb043 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -85,7 +85,7 @@ - org.glassfish + org.eclipse.parsson jakarta.json test diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index d7c15889085..465873fefcf 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -164,7 +164,7 @@ test - org.glassfish + org.eclipse.parsson jakarta.json test diff --git a/pom.xml b/pom.xml index 9dcf58673c7..fbd4e4c071a 100644 --- a/pom.xml +++ b/pom.xml @@ -75,14 +75,14 @@ 2.2.1.Final 1.9.2.Final 1.0.4.GA - 2.0.0 + 2.1.2 5.0.0 2.4.0.Final 1.7 4.13.1 1.34 2.4.0 - 2.0.0 + 1.1.5 2.4.9 8.2.1 3.8.1 @@ -1156,9 +1156,9 @@ - org.glassfish + org.eclipse.parsson jakarta.json - ${version.org.glassfish.jakarta.json} + ${version.org.eclipse.parsson.jakarta.json} test diff --git a/tests/base/pom.xml b/tests/base/pom.xml index f88e5aae14e..7e67cf4c1e0 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -713,7 +713,7 @@ - org.glassfish + org.eclipse.parsson jakarta.json test diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 1bbb6f8f913..b1dc3c13ac1 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -105,7 +105,7 @@ test - org.glassfish + org.eclipse.parsson jakarta.json test From 6599297e683853e49204127f08ce86d8271081ab Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 14 Mar 2024 09:38:06 -0400 Subject: [PATCH 05/75] [ELY-2727] Update CI to also run with JDK 21 --- .github/workflows/pr-ci.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-ci.yaml b/.github/workflows/pr-ci.yaml index 32ffa815c71..c56d1e36f02 100644 --- a/.github/workflows/pr-ci.yaml +++ b/.github/workflows/pr-ci.yaml @@ -11,16 +11,18 @@ on: jobs: build: + name: ${{ matrix.os }}-jdk${{ matrix.java }} runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest] + java: ['11', '21'] steps: - uses: actions/checkout@v2 - - name: Set up JDK 11 + - name: Set up JDK ${{ matrix.java }} uses: actions/setup-java@v1 with: - java-version: 11 + java-version: ${{ matrix.java }} # ELY-2204 - Temporarily preventing OidcTest from running on macOS since there # are intermittent issues with starting up the Docker container. #- if: matrix.os == 'macos-latest' From 2755d4b0ef42fa7f686b3cd2debe6d0793abdd32 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 1 May 2024 15:59:10 -0400 Subject: [PATCH 06/75] [ELY-2340] Rename an OIDC test method --- .../wildfly/security/http/oidc/OidcTest.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 7b211c9e38e..a53f596c8f6 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -132,13 +132,13 @@ public void testWrongPassword() throws Exception { @Test public void testWrongAuthServerUrl() throws Exception { - loginToAppMultiTenancy(getOidcConfigurationInputStream(CLIENT_SECRET, "http://fakeauthserver/auth"), KeycloakConfiguration.ALICE, + performAuthentication(getOidcConfigurationInputStream(CLIENT_SECRET, "http://fakeauthserver/auth"), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, false, -1, null, null); } @Test public void testWrongClientSecret() throws Exception { - loginToAppMultiTenancy(getOidcConfigurationInputStream("WRONG_CLIENT_SECRET"), KeycloakConfiguration.ALICE, + performAuthentication(getOidcConfigurationInputStream("WRONG_CLIENT_SECRET"), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_FORBIDDEN, null,"Forbidden"); } @@ -149,19 +149,19 @@ public void testMissingRequiredConfigurationOption() { @Test public void testSucessfulAuthenticationWithAuthServerUrl() throws Exception { - loginToAppMultiTenancy(getOidcConfigurationInputStream(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + performAuthentication(getOidcConfigurationInputStream(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } @Test public void testSucessfulAuthenticationWithProviderUrl() throws Exception { - loginToAppMultiTenancy(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } @Test public void testSucessfulAuthenticationWithProviderUrlTrailingSlash() throws Exception { - loginToAppMultiTenancy(getOidcConfigurationInputStreamWithProviderUrlTrailingSlash(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + performAuthentication(getOidcConfigurationInputStreamWithProviderUrlTrailingSlash(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } @@ -171,20 +171,20 @@ public void testSucessfulAuthenticationWithEnvironmentVariableExpression() throw String providerUrlEnv = System.getenv("OIDC_PROVIDER_URL_ENV"); assertEquals(oidcProviderUrl, providerUrlEnv); - loginToAppMultiTenancy(getOidcConfigurationInputStreamWithEnvironmentVariableExpression(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + performAuthentication(getOidcConfigurationInputStreamWithEnvironmentVariableExpression(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } @Test public void testSucessfulAuthenticationWithSystemPropertyExpression() throws Exception { - loginToAppMultiTenancy(getOidcConfigurationInputStreamWithSystemPropertyExpression(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + performAuthentication(getOidcConfigurationInputStreamWithSystemPropertyExpression(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } @Test public void testTokenSignatureAlgorithm() throws Exception { // keycloak uses RS256 - loginToAppMultiTenancy(getOidcConfigurationInputStreamWithTokenSignatureAlgorithm(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + performAuthentication(getOidcConfigurationInputStreamWithTokenSignatureAlgorithm(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } @@ -363,8 +363,8 @@ private void testNonExistingUser(String username, String password, String tenant assertTrue(page.getBody().asText().contains("Invalid username or password")); } - private void loginToAppMultiTenancy(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); From 949c04ec6ae3139ced83c39244a9712c1d102300 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 1 May 2024 16:07:48 -0400 Subject: [PATCH 07/75] [ELY-2340] Move some test methods to OidcBaseTest --- .../security/http/oidc/BearerTest.java | 2 +- .../security/http/oidc/OidcBaseTest.java | 48 +++++++++++++++++++ .../wildfly/security/http/oidc/OidcTest.java | 42 ---------------- 3 files changed, 49 insertions(+), 43 deletions(-) diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java index 1aacbe3239d..18c4b2f087d 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java @@ -488,7 +488,7 @@ private InputStream getOidcConfigurationInputStream(String authServerUrl) { return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithProviderUrl() { + protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { String oidcConfig = "{\n" + " \"client-id\" : \"" + BEARER_ONLY_CLIENT_ID + "\",\n" + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index cee8c1b11eb..79ac806d56a 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -21,9 +21,14 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; +import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.InputStream; import java.net.URI; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -49,6 +54,7 @@ import org.wildfly.security.jose.util.JsonSerialization; import com.gargoylesoftware.htmlunit.SilentCssErrorHandler; +import com.gargoylesoftware.htmlunit.TextPage; import com.gargoylesoftware.htmlunit.WebClient; import com.gargoylesoftware.htmlunit.html.HtmlForm; import com.gargoylesoftware.htmlunit.html.HtmlInput; @@ -59,6 +65,7 @@ import okhttp3.mockwebserver.Dispatcher; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; +import okhttp3.mockwebserver.QueueDispatcher; import okhttp3.mockwebserver.RecordedRequest; /** @@ -291,4 +298,45 @@ protected String getCookieString(HttpServerCookie cookie) { return header.toString(); } + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + try { + Map props = new HashMap<>(); + OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); + assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); + + OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); + oidcFactory = new OidcMechanismFactory(oidcClientContext); + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + + URI requestUri = new URI(getClientUrl()); + TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); + mechanism.evaluateRequest(request); + TestingHttpServerResponse response = request.getResponse(); + assertEquals(loginToKeycloak ? HttpStatus.SC_MOVED_TEMPORARILY : HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + assertEquals(Status.NO_AUTH, request.getResult()); + + if (loginToKeycloak) { + client.setDispatcher(createAppResponse(mechanism, expectedDispatcherStatusCode, expectedLocation, clientPageText)); + TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), + response.getCookies()).click(); + assertTrue(page.getContent().contains(clientPageText)); + } + } finally { + client.setDispatcher(new QueueDispatcher()); + } + } + + protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { + String oidcConfig = "{\n" + + " \"resource\" : \"" + CLIENT_ID + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } } \ No newline at end of file diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index a53f596c8f6..4716f78d6c5 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -363,35 +363,6 @@ private void testNonExistingUser(String username, String password, String tenant assertTrue(page.getBody().asText().contains("Invalid username or password")); } - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { - try { - Map props = new HashMap<>(); - OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); - assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); - - OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); - oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); - - URI requestUri = new URI(getClientUrl()); - TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); - mechanism.evaluateRequest(request); - TestingHttpServerResponse response = request.getResponse(); - assertEquals(loginToKeycloak ? HttpStatus.SC_MOVED_TEMPORARILY : HttpStatus.SC_FORBIDDEN, response.getStatusCode()); - assertEquals(Status.NO_AUTH, request.getResult()); - - if (loginToKeycloak) { - client.setDispatcher(createAppResponse(mechanism, expectedDispatcherStatusCode, expectedLocation, clientPageText)); - TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), - response.getCookies()).click(); - assertTrue(page.getContent().contains(clientPageText)); - } - } finally { - client.setDispatcher(new QueueDispatcher()); - } - } - private void performTenantRequestWithAuthServerUrl(String username, String password, String tenant, String otherTenant) throws Exception { performTenantRequest(username, password, tenant, otherTenant, true); } @@ -467,19 +438,6 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithProviderUrl() { - String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + - " }\n" + - "}"; - return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); - } - private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() { String oidcConfig = "{\n" + " \"resource\" : \"" + CLIENT_ID + "\",\n" + From 5aba217507c0ffe77bc91d6069076088498e77f1 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 1 May 2024 16:17:33 -0400 Subject: [PATCH 08/75] [ELY-2340] Add the ability to allow query params in redirect URIs via a new system property --- .../org/wildfly/security/http/oidc/Oidc.java | 2 + .../http/oidc/OidcRequestAuthenticator.java | 21 ++++- .../security/http/oidc/OidcBaseTest.java | 9 +- .../http/oidc/QueryParamsBaseTest.java | 61 +++++++++++++ .../http/oidc/QueryParamsDisabledTest.java | 75 ++++++++++++++++ .../http/oidc/QueryParamsEnabledTest.java | 85 +++++++++++++++++++ 6 files changed, 250 insertions(+), 3 deletions(-) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index 2052af1a0c1..f42313b7f58 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -65,6 +65,7 @@ public class Oidc { public static final String FACES_REQUEST = "Faces-Request"; public static final String GRANT_TYPE = "grant_type"; public static final String INVALID_TOKEN = "invalid_token"; + public static final String ISSUER = "iss"; public static final String LOGIN_HINT = "login_hint"; public static final String DOMAIN_HINT = "domain_hint"; public static final String MAX_AGE = "max_age"; @@ -113,6 +114,7 @@ public class Oidc { static final String KEYCLOAK_QUERY_BEARER_TOKEN = "k_query_bearer_token"; static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256"; public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME = "wildfly.elytron.oidc.disable.typ.claim.validation"; + public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME = "wildfly.elytron.oidc.allow.query.params"; public static final String X_REQUESTED_WITH = "X-Requested-With"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java index 6b51d980d97..bdcc7168e8f 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java @@ -19,10 +19,12 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID; import static org.wildfly.security.http.oidc.Oidc.CODE; import static org.wildfly.security.http.oidc.Oidc.DOMAIN_HINT; import static org.wildfly.security.http.oidc.Oidc.ERROR; +import static org.wildfly.security.http.oidc.Oidc.ISSUER; import static org.wildfly.security.http.oidc.Oidc.KC_IDP_HINT; import static org.wildfly.security.http.oidc.Oidc.LOGIN_HINT; import static org.wildfly.security.http.oidc.Oidc.MAX_AGE; @@ -43,6 +45,8 @@ import java.net.MalformedURLException; import java.net.URISyntaxException; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -72,6 +76,17 @@ public class OidcRequestAuthenticator { protected String refreshToken; protected String strippedOauthParametersRequestUri; + static final boolean ALLOW_QUERY_PARAMS_PROPERTY; + + static { + ALLOW_QUERY_PARAMS_PROPERTY = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Boolean run() { + return Boolean.parseBoolean(System.getProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, "false")); + } + }); + } + public OidcRequestAuthenticator(RequestAuthenticator requestAuthenticator, OidcHttpFacade facade, OidcClientConfiguration deployment, int sslRedirectPort, OidcTokenStore tokenStore) { this.reqAuthenticator = requestAuthenticator; this.facade = facade; @@ -369,11 +384,15 @@ protected AuthChallenge resolveCode(String code) { private static String stripOauthParametersFromRedirect(String uri) { uri = stripQueryParam(uri, CODE); uri = stripQueryParam(uri, STATE); - return stripQueryParam(uri, SESSION_STATE); + uri = stripQueryParam(uri, SESSION_STATE); + return stripQueryParam(uri, ISSUER); } private String rewrittenRedirectUri(String originalUri) { Map rewriteRules = deployment.getRedirectRewriteRules(); + if (ALLOW_QUERY_PARAMS_PROPERTY && (rewriteRules == null || rewriteRules.isEmpty())) { + return originalUri; + } try { URL url = new URL(originalUri); Map.Entry rule = null; diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index 79ac806d56a..da8efee9981 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -299,7 +299,12 @@ protected String getCookieString(HttpServerCookie cookie) { } protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, getClientUrl(), expectedLocation, clientPageText); + } + + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -309,7 +314,7 @@ protected void performAuthentication(InputStream oidcConfig, String username, St oidcFactory = new OidcMechanismFactory(oidcClientContext); HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); - URI requestUri = new URI(getClientUrl()); + URI requestUri = new URI(clientUrl); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); mechanism.evaluateRequest(request); TestingHttpServerResponse response = request.getResponse(); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java new file mode 100644 index 00000000000..a5d7a527193 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java @@ -0,0 +1,61 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.junit.Assume.assumeTrue; + +import org.junit.AfterClass; +import org.junit.BeforeClass; + +import io.restassured.RestAssured; +import okhttp3.mockwebserver.MockWebServer; + +/** + * Tests for the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsBaseTest extends OidcBaseTest { + + @BeforeClass + public static void startTestContainers() throws Exception { + assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); + KEYCLOAK_CONTAINER = new KeycloakContainer(); + KEYCLOAK_CONTAINER.start(); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, 3, 3, true)); + client = new MockWebServer(); + client.start(CLIENT_PORT); + } + + @AfterClass + public static void generalCleanup() throws Exception { + if (KEYCLOAK_CONTAINER != null) { + RestAssured + .given() + .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) + .when() + .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); + KEYCLOAK_CONTAINER.stop(); + } + if (client != null) { + client.shutdown(); + } + } + +} diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java new file mode 100644 index 00000000000..e9d36b66bc6 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java @@ -0,0 +1,75 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.junit.Assume.assumeFalse; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; + +import org.apache.http.HttpStatus; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Tests for disabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsDisabledTest extends QueryParamsBaseTest { + + @BeforeClass + public static void beforeClass() { + assumeFalse("wildfly.elytron.oidc.allow.query.params should default to false", + Boolean.parseBoolean(System.getProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME))); + } + + /** + * Test successfully logging in without query params included in the URL. + */ + @Test + public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyDisabled() throws Exception { + String originalUrl = getClientUrl(); + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + + /** + * Test successfully logging in with query params included in the URL. + * The query params should not be present upon redirect. + */ + @Test + public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyDisabled() throws Exception { + String queryParams = "?myparam=abc"; + String originalUrl = getClientUrl() + queryParams; + String expectedUrlAfterRedirect = getClientUrl(); + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, + originalUrl, expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + + queryParams = "?one=abc&two=def&three=ghi"; + originalUrl = getClientUrl() + queryParams; + expectedUrlAfterRedirect = getClientUrl(); + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + +} + diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java new file mode 100644 index 00000000000..ff320a28e02 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java @@ -0,0 +1,85 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; + +import org.apache.http.HttpStatus; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Tests for enabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsEnabledTest extends QueryParamsBaseTest { + + private static String ALLOW_QUERY_PARAMS_PROPERTY; + + @BeforeClass + public static void beforeClass() { + ALLOW_QUERY_PARAMS_PROPERTY = System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, "true"); + } + + @AfterClass + public static void afterClass() { + if (ALLOW_QUERY_PARAMS_PROPERTY == null) { + System.clearProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME); + } else { + System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, ALLOW_QUERY_PARAMS_PROPERTY); + } + } + + /** + * Test successfully logging in without query params included in the URL. + */ + @Test + public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyEnabled() throws Exception { + String originalUrl = getClientUrl(); + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + + /** + * Test successfully logging in with query params included in the URL. + * The query params should be present upon redirect. + */ + @Test + public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyEnabled() throws Exception { + String queryParams = "?myparam=abc"; + String originalUrl = getClientUrl() + queryParams; + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + + queryParams = "?one=abc&two=def&three=ghi"; + originalUrl = getClientUrl() + queryParams; + expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + +} + From e4fd8267adbd74afded90471eb025e517dee22f4 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 6 May 2024 10:55:30 -0400 Subject: [PATCH 09/75] [ELY-2727] Update CI to also run with JDK 21 --- .github/workflows/pr-ci.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/pr-ci.yaml b/.github/workflows/pr-ci.yaml index c56d1e36f02..eb720698df9 100644 --- a/.github/workflows/pr-ci.yaml +++ b/.github/workflows/pr-ci.yaml @@ -11,12 +11,11 @@ on: jobs: build: - name: ${{ matrix.os }}-jdk${{ matrix.java }} runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest] - java: ['11', '21'] + java: ['11', '17', '21'] steps: - uses: actions/checkout@v2 - name: Set up JDK ${{ matrix.java }} From e7f29bdcb7d99ce65cd46da029d59fa55eba7d43 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 9 May 2024 13:17:23 -0400 Subject: [PATCH 10/75] [ELY-2756] Add tests to the elytron test suite to test to test OCSP with revoked and unknown certificates --- .../security/ssl/SSLAuthenticationTest.java | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 8666bf529f6..95a4358f384 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -729,6 +729,40 @@ public void testOcspGood() throws Throwable { "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedGood", false); } + @Test + public void testOcspRevoked() throws Throwable { + SSLContext serverContext = new SSLContextBuilder() + .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) + .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setTrustManager(X509RevocationTrustManager.builder() + .setTrustManagerFactory(getTrustManagerFactory()) + .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setOcspResponderCert(ocspResponderCertificate) + .build()) + .setNeedClientAuth(true) + .build().create(); + + performConnectionTest(serverContext, "protocol://test-two-way-ocsp-revoked.org", false, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", + "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedRevoked", false); + } + + @Test + public void testOcspUnknown() throws Throwable { + SSLContext serverContext = new SSLContextBuilder() + .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) + .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setTrustManager(X509RevocationTrustManager.builder() + .setTrustManagerFactory(getTrustManagerFactory()) + .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setOcspResponderCert(ocspResponderCertificate) + .build()) + .setNeedClientAuth(true) + .build().create(); + + performConnectionTest(serverContext, "protocol://test-two-way-ocsp-unknown.org", false, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", + "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedUnknown", false); + } + @Test public void testOcspMaxCertPathNeg1() throws Throwable { ocspMaxCertPathCommon(-1, false); From ac72762fb91a7064f22a732a358ab902e98d8351 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 24 Apr 2024 17:17:29 -0400 Subject: [PATCH 11/75] [ELY-2752] Ensure it's possible to make use of a custom principal-attribute value for OIDC --- .../security/http/oidc/ElytronMessages.java | 4 + .../security/http/oidc/JsonWebToken.java | 9 ++- .../security/http/oidc/OidcBaseTest.java | 14 +++- .../wildfly/security/http/oidc/OidcTest.java | 77 ++++++++++++++++--- 4 files changed, 90 insertions(+), 14 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java index 3c702319393..ac5e2861fc3 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java @@ -234,5 +234,9 @@ interface ElytronMessages extends BasicLogger { @Message(id = 23056, value = "No message entity") IOException noMessageEntity(); + @LogMessage(level = DEBUG) + @Message(id = 23057, value = "principal-attribute '%s' claim does not exist, falling back to 'sub'") + void principalAttributeClaimDoesNotExist(String principalAttributeClaim); + } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java index 1b27f19a031..b806a0e7122 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java @@ -297,7 +297,14 @@ public String getPrincipalName(OidcClientConfiguration deployment) { case NICKNAME: return getNickName(); default: - return getSubject(); + String claimValue = getClaimValueAsString(attr); + if (claimValue != null) { + return claimValue; + } else { + // fall back to sub claim + log.principalAttributeClaimDoesNotExist(attr); + return getSubject(); + } } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index 68d4712547c..587945a523d 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -77,6 +77,7 @@ public class OidcBaseTest extends AbstractBaseHttpTest { public static final String CLIENT_SECRET = "secret"; public static KeycloakContainer KEYCLOAK_CONTAINER; public static final String TEST_REALM = "WildFly"; + public static final String TEST_REALM_WITH_SCOPES = "WildFlyScopes"; public static final String TENANT1_REALM = "tenant1"; public static final String TENANT2_REALM = "tenant2"; public static final String KEYCLOAK_USERNAME = "username"; @@ -131,15 +132,26 @@ protected static boolean isDockerAvailable() { } } protected CallbackHandler getCallbackHandler() { - return getCallbackHandler(false, null); + return getCallbackHandler(false, null, null); + } + + protected CallbackHandler getCallbackHandler(String expectedPrincipal) { + return getCallbackHandler(false, null, expectedPrincipal); } protected CallbackHandler getCallbackHandler(boolean checkScope, String expectedScopes) { + return getCallbackHandler(checkScope, expectedScopes, null); + } + + protected CallbackHandler getCallbackHandler(boolean checkScope, String expectedScopes, String expectedPrincipal) { return callbacks -> { for(Callback callback : callbacks) { if (callback instanceof EvidenceVerifyCallback) { Evidence evidence = ((EvidenceVerifyCallback) callback).getEvidence(); ((EvidenceVerifyCallback) callback).setVerified(evidence.getDecodedPrincipal() != null); + if (expectedPrincipal != null) { + assertEquals(expectedPrincipal, evidence.getDecodedPrincipal().getName()); + } } else if (callback instanceof AuthenticationCompleteCallback) { // NO-OP } else if (callback instanceof IdentityCredentialCallback) { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 3e6057a77ce..1556424ac12 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -40,6 +40,8 @@ import java.util.HashMap; import java.util.Map; +import javax.security.auth.callback.CallbackHandler; + import org.apache.http.HttpStatus; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -70,7 +72,8 @@ public static void startTestContainers() throws Exception { assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); KEYCLOAK_CONTAINER = new KeycloakContainer(); KEYCLOAK_CONTAINER.start(); - sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, CONFIGURE_CLIENT_SCOPES)); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, false)); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM_WITH_SCOPES, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, CONFIGURE_CLIENT_SCOPES)); sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TENANT1_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, ACCESS_TOKEN_LIFESPAN, SESSION_MAX_LIFESPAN, false, true)); sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TENANT2_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, ACCESS_TOKEN_LIFESPAN, SESSION_MAX_LIFESPAN, false, true)); client = new MockWebServer(); @@ -85,6 +88,11 @@ public static void generalCleanup() throws Exception { .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) .when() .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); + RestAssured + .given() + .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) + .when() + .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM_WITH_SCOPES).then().statusCode(204); RestAssured .given() .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) @@ -235,6 +243,31 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); } + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + CallbackHandler callbackHandler) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, + clientPageText, null, false, callbackHandler); + } + + @Test + public void testPrincipalAttribute() throws Exception { + // custom principal-attribute + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("aud"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler( "test-webapp")); + + // standard principal-attribute + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("given_name"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler("Alice")); + + // invalid principal-attribute, logging in should still succeed + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("invalid_claim"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler()); + } + /***************************************************************************************************************************************** * Tests for multi-tenancy. * @@ -411,7 +444,8 @@ private void testNonExistingUser(String username, String password, String tenant } private void loginToAppMultiTenancy(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + CallbackHandler callbackHandler) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -419,8 +453,8 @@ private void loginToAppMultiTenancy(InputStream oidcConfig, String username, Str OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism; - mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, callbackHandler); URI requestUri = new URI(getClientUrl()); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); @@ -494,7 +528,17 @@ private void performTenantRequest(String username, String password, String tenan } private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + String expectedScope, boolean checkInvalidScopeError) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, + clientPageText, expectedScope, checkInvalidScopeError, getCallbackHandler(checkInvalidScopeError, + expectedScope, null)); + } + + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + String expectedScope, boolean checkInvalidScopeError, + CallbackHandler callbackHandler) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -502,12 +546,7 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism; - if (expectedScope == null) { - mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); - } else { - mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, expectedScope)); - } + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, callbackHandler); URI requestUri = new URI(getClientUrl()); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); @@ -640,7 +679,7 @@ private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ String oidcConfig = "{\n" + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + " \"public-client\" : \"false\",\n" + " \"scope\" : \"" + scopeValue + "\",\n" + " \"ssl-required\" : \"EXTERNAL\",\n" + @@ -651,6 +690,20 @@ private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } + private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { + String oidcConfig = "{\n" + + " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + + " \"resource\" : \"" + CLIENT_ID + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + static InputStream getTenantConfigWithAuthServerUrl(String tenant) { String oidcConfig = "{\n" + " \"realm\" : \"" + tenant + "\",\n" + From 23ef82b96cb44d6707c7ac882e1e73775a19af15 Mon Sep 17 00:00:00 2001 From: ChristinaDsl Date: Tue, 14 May 2024 13:32:43 +0300 Subject: [PATCH 12/75] [ELY-2741] Enhance TRACE logging for the EXTERNAL HTTP mechanism --- .../http/external/ExternalAuthenticationMechanism.java | 7 +++++++ x500/cert/util/pom.xml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java b/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java index 8dc6da9b21a..bd6021da8cc 100644 --- a/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java +++ b/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java @@ -59,19 +59,24 @@ public void evaluateRequest(HttpServerRequest request) throws HttpAuthentication String remoteUser = request.getRemoteUser(); if (remoteUser == null) { + httpExternal.trace("The remote-user was not obtained from the request"); request.noAuthenticationInProgress(); return; } if (authorize(remoteUser)) { + httpExternal.tracef("Authorization of user [%s] succeed", remoteUser); succeed(request); } else { + httpExternal.tracef("Authorization of user [%s] failed", remoteUser); fail(request); } } private boolean authorize(String username) throws HttpAuthenticationException { + httpExternal.tracef("Authorizing username: [%s]",username); + AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username); try { MechanismUtil.handleCallbacks(httpExternal, callbackHandler, authorizeCallback); @@ -88,6 +93,7 @@ private void succeed(HttpServerRequest request) throws HttpAuthenticationExcepti MechanismUtil.handleCallbacks(httpExternal, callbackHandler, AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); } catch (AuthenticationMechanismException e) { + httpExternal.trace("Failed to complete successful authentication", e); throw e.toHttpAuthenticationException(); } catch (UnsupportedCallbackException e) { throw httpExternal.mechCallbackHandlerFailedForUnknownReason(e).toHttpAuthenticationException(); @@ -99,6 +105,7 @@ private void fail(HttpServerRequest request) throws HttpAuthenticationException MechanismUtil.handleCallbacks(httpExternal, callbackHandler, AuthenticationCompleteCallback.FAILED); request.authenticationFailed(httpExternal.authenticationFailed(), response -> response.setStatusCode(FORBIDDEN)); } catch (AuthenticationMechanismException e) { + httpExternal.trace("Failed authentication not completed", e); throw e.toHttpAuthenticationException(); } catch (UnsupportedCallbackException e) { throw httpExternal.mechCallbackHandlerFailedForUnknownReason(e).toHttpAuthenticationException(); diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 1239f4e8310..32256fd5d95 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -55,7 +55,7 @@ org.jboss.logging jboss-logging-processor provided - + From 7b8abd83d72f4b24257ad3f0c4c5802e04332a73 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 1 May 2024 11:20:04 -0400 Subject: [PATCH 13/75] [ELY-2340] Move some test methods to OidcBaseTest --- .../security/http/oidc/BearerTest.java | 2 +- .../security/http/oidc/OidcBaseTest.java | 70 ++++++++++++++ .../wildfly/security/http/oidc/OidcTest.java | 93 ------------------- 3 files changed, 71 insertions(+), 94 deletions(-) diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java index 1aacbe3239d..18c4b2f087d 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java @@ -488,7 +488,7 @@ private InputStream getOidcConfigurationInputStream(String authServerUrl) { return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithProviderUrl() { + protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { String oidcConfig = "{\n" + " \"client-id\" : \"" + BEARER_ONLY_CLIENT_ID + "\",\n" + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index 587945a523d..2891eb90cdf 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -21,9 +21,14 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; +import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.InputStream; import java.net.URI; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -54,6 +59,7 @@ import org.wildfly.security.jose.util.JsonSerialization; import com.gargoylesoftware.htmlunit.SilentCssErrorHandler; +import com.gargoylesoftware.htmlunit.TextPage; import com.gargoylesoftware.htmlunit.WebClient; import com.gargoylesoftware.htmlunit.html.HtmlForm; import com.gargoylesoftware.htmlunit.html.HtmlInput; @@ -64,6 +70,7 @@ import okhttp3.mockwebserver.Dispatcher; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; +import okhttp3.mockwebserver.QueueDispatcher; import okhttp3.mockwebserver.RecordedRequest; /** @@ -332,4 +339,67 @@ protected void checkForScopeClaims(Callback callback, String expectedScopes) thr } } } + + // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); + } + + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + try { + Map props = new HashMap<>(); + OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); + assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); + + OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); + oidcFactory = new OidcMechanismFactory(oidcClientContext); + HttpServerAuthenticationMechanism mechanism; + if (expectedScope == null) { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + } else { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, expectedScope)); + } + + URI requestUri = new URI(getClientUrl()); + TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); + mechanism.evaluateRequest(request); + TestingHttpServerResponse response = request.getResponse(); + assertEquals(loginToKeycloak ? HttpStatus.SC_MOVED_TEMPORARILY : HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + assertEquals(Status.NO_AUTH, request.getResult()); + if (expectedScope != null) { + assertTrue(response.getFirstResponseHeaderValue("Location").contains("scope=" + expectedScope)); + } + + if (loginToKeycloak) { + client.setDispatcher(createAppResponse(mechanism, expectedDispatcherStatusCode, expectedLocation, clientPageText)); + + if (checkInvalidScopeError) { + WebClient webClient = getWebClient(); + TextPage keycloakLoginPage = webClient.getPage(response.getLocation()); + assertTrue(keycloakLoginPage.getWebResponse().getWebRequest().toString().contains("error_description=Invalid+scopes")); + } else { + TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), + response.getCookies()).click(); + assertTrue(page.getContent().contains(clientPageText)); + } + } + } finally { + client.setDispatcher(new QueueDispatcher()); + } + } + + protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { + String oidcConfig = "{\n" + + " \"resource\" : \"" + CLIENT_ID + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 1556424ac12..b7e1ce6ec6a 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -237,37 +237,6 @@ public void testOpenIDWithMultipleScopeValue() throws Exception { true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); } - // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); - } - - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, - CallbackHandler callbackHandler) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, - clientPageText, null, false, callbackHandler); - } - - @Test - public void testPrincipalAttribute() throws Exception { - // custom principal-attribute - performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("aud"), KeycloakConfiguration.ALICE, - KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, - getCallbackHandler( "test-webapp")); - - // standard principal-attribute - performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("given_name"), KeycloakConfiguration.ALICE, - KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, - getCallbackHandler("Alice")); - - // invalid principal-attribute, logging in should still succeed - performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("invalid_claim"), KeycloakConfiguration.ALICE, - KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, - getCallbackHandler()); - } - /***************************************************************************************************************************************** * Tests for multi-tenancy. * @@ -527,55 +496,6 @@ private void performTenantRequest(String username, String password, String tenan } } - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, - String expectedScope, boolean checkInvalidScopeError) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, - clientPageText, expectedScope, checkInvalidScopeError, getCallbackHandler(checkInvalidScopeError, - expectedScope, null)); - } - - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, - String expectedScope, boolean checkInvalidScopeError, - CallbackHandler callbackHandler) throws Exception { - try { - Map props = new HashMap<>(); - OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); - assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); - - OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); - oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, callbackHandler); - - URI requestUri = new URI(getClientUrl()); - TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); - mechanism.evaluateRequest(request); - TestingHttpServerResponse response = request.getResponse(); - assertEquals(loginToKeycloak ? HttpStatus.SC_MOVED_TEMPORARILY : HttpStatus.SC_FORBIDDEN, response.getStatusCode()); - assertEquals(Status.NO_AUTH, request.getResult()); - if (expectedScope != null) { - assertTrue(response.getFirstResponseHeaderValue("Location").contains("scope=" + expectedScope)); - } - - if (loginToKeycloak) { - client.setDispatcher(createAppResponse(mechanism, expectedDispatcherStatusCode, expectedLocation, clientPageText)); - - if (checkInvalidScopeError) { - WebClient webClient = getWebClient(); - TextPage keycloakLoginPage = webClient.getPage(response.getLocation()); - assertTrue(keycloakLoginPage.getWebResponse().getWebRequest().toString().contains("error_description=Invalid+scopes")); - } else { - TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), - response.getCookies()).click(); - assertTrue(page.getContent().contains(clientPageText)); - } - } - } finally { - client.setDispatcher(new QueueDispatcher()); - } - } - private InputStream getOidcConfigurationInputStream() { return getOidcConfigurationInputStream(CLIENT_SECRET); } @@ -598,19 +518,6 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithProviderUrl() { - String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + - " }\n" + - "}"; - return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); - } - private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() { String oidcConfig = "{\n" + " \"resource\" : \"" + CLIENT_ID + "\",\n" + From dcbadba73db8e1ad2d4aa8f31bcc7bc97266d9fe Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 1 May 2024 11:20:44 -0400 Subject: [PATCH 14/75] [ELY-2340] Add the ability to allow query params in redirect URIs via a new system property --- .../org/wildfly/security/http/oidc/Oidc.java | 2 + .../http/oidc/OidcRequestAuthenticator.java | 21 ++++- .../security/http/oidc/OidcBaseTest.java | 20 ++++- .../http/oidc/QueryParamsBaseTest.java | 61 ++++++++++++++ .../http/oidc/QueryParamsDisabledTest.java | 74 ++++++++++++++++ .../http/oidc/QueryParamsEnabledTest.java | 84 +++++++++++++++++++ 6 files changed, 258 insertions(+), 4 deletions(-) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index 2052af1a0c1..f42313b7f58 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -65,6 +65,7 @@ public class Oidc { public static final String FACES_REQUEST = "Faces-Request"; public static final String GRANT_TYPE = "grant_type"; public static final String INVALID_TOKEN = "invalid_token"; + public static final String ISSUER = "iss"; public static final String LOGIN_HINT = "login_hint"; public static final String DOMAIN_HINT = "domain_hint"; public static final String MAX_AGE = "max_age"; @@ -113,6 +114,7 @@ public class Oidc { static final String KEYCLOAK_QUERY_BEARER_TOKEN = "k_query_bearer_token"; static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256"; public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME = "wildfly.elytron.oidc.disable.typ.claim.validation"; + public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME = "wildfly.elytron.oidc.allow.query.params"; public static final String X_REQUESTED_WITH = "X-Requested-With"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java index dbb3f056874..bf67e938598 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java @@ -19,10 +19,12 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID; import static org.wildfly.security.http.oidc.Oidc.CODE; import static org.wildfly.security.http.oidc.Oidc.DOMAIN_HINT; import static org.wildfly.security.http.oidc.Oidc.ERROR; +import static org.wildfly.security.http.oidc.Oidc.ISSUER; import static org.wildfly.security.http.oidc.Oidc.KC_IDP_HINT; import static org.wildfly.security.http.oidc.Oidc.LOGIN_HINT; import static org.wildfly.security.http.oidc.Oidc.MAX_AGE; @@ -43,6 +45,8 @@ import java.net.MalformedURLException; import java.net.URISyntaxException; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; @@ -74,6 +78,17 @@ public class OidcRequestAuthenticator { protected String refreshToken; protected String strippedOauthParametersRequestUri; + static final boolean ALLOW_QUERY_PARAMS_PROPERTY; + + static { + ALLOW_QUERY_PARAMS_PROPERTY = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Boolean run() { + return Boolean.parseBoolean(System.getProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, "false")); + } + }); + } + public OidcRequestAuthenticator(RequestAuthenticator requestAuthenticator, OidcHttpFacade facade, OidcClientConfiguration deployment, int sslRedirectPort, OidcTokenStore tokenStore) { this.reqAuthenticator = requestAuthenticator; this.facade = facade; @@ -375,11 +390,15 @@ protected AuthChallenge resolveCode(String code) { private static String stripOauthParametersFromRedirect(String uri) { uri = stripQueryParam(uri, CODE); uri = stripQueryParam(uri, STATE); - return stripQueryParam(uri, SESSION_STATE); + uri = stripQueryParam(uri, SESSION_STATE); + return stripQueryParam(uri, ISSUER); } private String rewrittenRedirectUri(String originalUri) { Map rewriteRules = deployment.getRedirectRewriteRules(); + if (ALLOW_QUERY_PARAMS_PROPERTY && (rewriteRules == null || rewriteRules.isEmpty())) { + return originalUri; + } try { URL url = new URL(originalUri); Map.Entry rule = null; diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index 2891eb90cdf..de3115d96b0 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -343,11 +343,25 @@ protected void checkForScopeClaims(Callback callback, String expectedScopes) thr // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, getClientUrl(), expectedLocation, + clientPageText, null, false); + } + + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, clientUrl, expectedLocation, + clientPageText, null, false); + } + + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, int expectedDispatcherStatusCode, + String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, getClientUrl(), expectedLocation, clientPageText, + expectedScope, checkInvalidScopeError); } private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText, + String expectedScope, boolean checkInvalidScopeError) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -362,7 +376,7 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, expectedScope)); } - URI requestUri = new URI(getClientUrl()); + URI requestUri = new URI(clientUrl); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); mechanism.evaluateRequest(request); TestingHttpServerResponse response = request.getResponse(); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java new file mode 100644 index 00000000000..e6bb2762ed5 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java @@ -0,0 +1,61 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.junit.Assume.assumeTrue; + +import org.junit.AfterClass; +import org.junit.BeforeClass; + +import io.restassured.RestAssured; +import okhttp3.mockwebserver.MockWebServer; + +/** + * Tests for the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsBaseTest extends OidcBaseTest { + + @BeforeClass + public static void startTestContainers() throws Exception { + assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); + KEYCLOAK_CONTAINER = new KeycloakContainer(); + KEYCLOAK_CONTAINER.start(); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, 3, 3, false, true)); + client = new MockWebServer(); + client.start(CLIENT_PORT); + } + + @AfterClass + public static void generalCleanup() throws Exception { + if (KEYCLOAK_CONTAINER != null) { + RestAssured + .given() + .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) + .when() + .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); + KEYCLOAK_CONTAINER.stop(); + } + if (client != null) { + client.shutdown(); + } + } + +} diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java new file mode 100644 index 00000000000..f32771d3812 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java @@ -0,0 +1,74 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.junit.Assume.assumeFalse; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; + +import org.apache.http.HttpStatus; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Tests for disabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsDisabledTest extends QueryParamsBaseTest { + + @BeforeClass + public static void beforeClass() { + assumeFalse("wildfly.elytron.oidc.allow.query.params should default to false", + Boolean.parseBoolean(System.getProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME))); + } + + /** + * Test successfully logging in without query params included in the URL. + */ + @Test + public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyDisabled() throws Exception { + String originalUrl = getClientUrl(); + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + + /** + * Test successfully logging in with query params included in the URL. + * The query params should not be present upon redirect. + */ + @Test + public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyDisabled() throws Exception { + String queryParams = "?myparam=abc"; + String originalUrl = getClientUrl() + queryParams; + String expectedUrlAfterRedirect = getClientUrl(); + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, + originalUrl, expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + + queryParams = "?one=abc&two=def&three=ghi"; + originalUrl = getClientUrl() + queryParams; + expectedUrlAfterRedirect = getClientUrl(); + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + +} diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java new file mode 100644 index 00000000000..d16cc998ffb --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java @@ -0,0 +1,84 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; + +import org.apache.http.HttpStatus; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Tests for enabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsEnabledTest extends QueryParamsBaseTest { + + private static String ALLOW_QUERY_PARAMS_PROPERTY; + + @BeforeClass + public static void beforeClass() { + ALLOW_QUERY_PARAMS_PROPERTY = System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, "true"); + } + + @AfterClass + public static void afterClass() { + if (ALLOW_QUERY_PARAMS_PROPERTY == null) { + System.clearProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME); + } else { + System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, ALLOW_QUERY_PARAMS_PROPERTY); + } + } + + /** + * Test successfully logging in without query params included in the URL. + */ + @Test + public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyEnabled() throws Exception { + String originalUrl = getClientUrl(); + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + + /** + * Test successfully logging in with query params included in the URL. + * The query params should be present upon redirect. + */ + @Test + public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyEnabled() throws Exception { + String queryParams = "?myparam=abc"; + String originalUrl = getClientUrl() + queryParams; + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + + queryParams = "?one=abc&two=def&three=ghi"; + originalUrl = getClientUrl() + queryParams; + expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + +} From 1dfa97fb282dad2b438a8dc7636398860a9d51e1 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 16 May 2024 16:29:45 -0400 Subject: [PATCH 15/75] [ELY-2758] Release WildFly Elytron 2.4.2.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 7f2a6d4e472..d3c3c60ab9e 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index b12dc503468..e29efa4e1c1 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 03f10fbe0d0..89553210ea9 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 62006ed1d06..47999c51633 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 22e7acf91e2..3d9b84bfcde 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 1c143b80ae9..ac7c8a9c4cd 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 591784c440d..c83e27a23a5 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index bc700a2f833..b4d55e9c468 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 54e046f0779..b6a11c7e61a 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 09b64fc6c6c..14ef268c4cc 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 8626fc570dc..85383c61520 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 12d87121d82..de5250b47db 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index c6478cfedf1..b4922f00d0f 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 5dcaac4f8c1..cbe27ed1f41 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 67b6b780871..4ccaece9da3 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index a7001fbb8e9..bea2884f937 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index b8baf3002c1..3adc34f1ba8 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index fad7524e610..8a205983ec5 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 9e51bece424..fb24940a4a8 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 219601ff845..b2111c0c046 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 57f18e35e70..f26d7132de7 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index bf0aaadc65e..5ecd308dc19 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index d5457a8f2ed..0970a19fe55 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index ac4a963abab..25d2b7f3acd 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index f9b256e3994..d15a7538ecc 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 01738f6353d..a6914069304 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 5a6a6ded3ad..e6aa9c3fe54 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 54cc2faf3d8..fbfa281ab26 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 783701cca8f..446007e8675 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 5a484be6218..21effa5d126 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 3c227618b75..6071f8d0e9f 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index d77c29efff0..438cc19ac18 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 0fef2bde022..8a9c1fe8221 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index c4579a0bed6..ddb672210bf 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 88ee221d55d..9d64e420bc9 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index fd81e45cbfe..82bc3bf927f 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 851713e8a4a..0d1081d413b 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 0d526f33210..48df4a8643e 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index f59e7f7818f..dd2086f8335 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index b9726a60604..4de00051acb 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 8dd5a8d35ed..743a6990e25 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index fc5ecce6899..2b61cbed1b8 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index edf63dfa5f8..9ec1a6e4495 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index c35615338df..960ec76abc0 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index cc68a6988b2..b0afbd172c9 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index fcebe148dc3..d9ceeee6ff9 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 5864bb1ac2d..b109aae118d 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 424584a1bf1..53af889d03a 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 12fb76eb189..54837aca624 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 28ca1e86683..48e8d34e35a 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index bcf5fb32f87..6c1f96296f3 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 0755215fcbe..2af6ca48fd8 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index f2e2b070826..4d53af9dfca 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 6750e50a786..ea88b01bbe9 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 89be00ca310..90869026a2d 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 54a13627c9b..18671375e94 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index b72eb18ba70..2287b8e76b2 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 1aa479ade4b..1d18249a8e9 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 885620b7cb8..f315f7e768d 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index aac1f0fc6c0..53c023863c1 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index a06e3f5239f..7833260af0c 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index fa67a7bb16e..0c0b7e60b0b 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 5b5ac2d4b29..db7e6067c89 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 18f34c35c45..65e1cf9ba7b 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index a3a17e97927..42f3b2936c8 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 9152e137e70..cc491f949eb 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index f807e659de9..e93ed58f041 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index ea7ca5dde62..7dbfe0a53e9 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 29f7a9b71e8..e4fa8db2764 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 288671f4070..355fff148d6 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index a550c9c4283..e576b750f70 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 119100fd2f7..7b44b1514a8 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 3e9d8adc705..7f33ceac947 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 23209778905..dd30c5d4de9 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 1239f4e8310..c438bb0e938 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index aab26321cbc..c80a59fae21 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 86f1d821ea7..d026ac485d7 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml From bed8b7a7d9df2effbaddd9925f25203d6d18ad31 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 16 May 2024 16:30:44 -0400 Subject: [PATCH 16/75] Next is 2.4.3 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index d3c3c60ab9e..1d5870a49ed 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index e29efa4e1c1..ee3aeb60e7f 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 89553210ea9..3aeca13633d 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 47999c51633..c8aeb636339 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 3d9b84bfcde..76c3377cbea 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index ac7c8a9c4cd..71e459eec67 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index c83e27a23a5..8c7584d297c 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index b4d55e9c468..a5a73fb96a7 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index b6a11c7e61a..14de6c34c2f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 14ef268c4cc..a5dec68a4e5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 85383c61520..dead47e6357 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index de5250b47db..dd2e695b889 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index b4922f00d0f..598a6cca097 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index cbe27ed1f41..5343bd1feeb 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 4ccaece9da3..1f8d4fa4a1f 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index bea2884f937..93a89f2c0df 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 3adc34f1ba8..707606c202b 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 8a205983ec5..b3f4dd560eb 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index fb24940a4a8..e0d7248116a 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b2111c0c046..b8fa608f8bb 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index f26d7132de7..4fa5e15bb61 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 5ecd308dc19..4c94881b7dd 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 0970a19fe55..1bdfe47d500 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 25d2b7f3acd..cb28748e2aa 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index d15a7538ecc..2bc423a2d57 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index a6914069304..f3ef094dc9d 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index e6aa9c3fe54..e1f17952803 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index fbfa281ab26..9f42da89bba 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 446007e8675..f5ea32e740c 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 21effa5d126..64a7f7285d2 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 6071f8d0e9f..7d452717d31 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 438cc19ac18..3e53575ee4d 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 8a9c1fe8221..c557c78a896 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index ddb672210bf..0b0b50ba2f6 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 9d64e420bc9..9c6941587f3 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 82bc3bf927f..7e4bb3e80b7 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 0d1081d413b..2ec4684d21e 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 48df4a8643e..a984ae39bf4 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index dd2086f8335..75961d93671 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 4de00051acb..0f20345e31c 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 743a6990e25..09a74c3f7b5 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 2b61cbed1b8..cd7f998a223 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 9ec1a6e4495..6b6ee6768d8 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 960ec76abc0..ec0ff16786a 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index b0afbd172c9..780b6ca04b2 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index d9ceeee6ff9..d451cca80ac 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index b109aae118d..1be768c6d23 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 53af889d03a..e17dbcf59be 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 54837aca624..20543860b1e 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 48e8d34e35a..def67496fc9 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 6c1f96296f3..0e9f6b0347c 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 2af6ca48fd8..761f139cb54 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 4d53af9dfca..a55a8a35b8c 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index ea88b01bbe9..4ca87d6ca7f 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 90869026a2d..a9b980883b2 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 18671375e94..9b74b2a0ae9 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 2287b8e76b2..a7e1eda01f8 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 1d18249a8e9..63a95229ec9 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index f315f7e768d..58a9e199656 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 53c023863c1..7f5f4f830af 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 7833260af0c..46ea7fce61f 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 0c0b7e60b0b..911e0579b06 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index db7e6067c89..a29c76e2d84 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 65e1cf9ba7b..33642878ba5 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 42f3b2936c8..dd2fea2d833 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index cc491f949eb..e44b6d1e7ec 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index e93ed58f041..cedca3b8c1f 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 7dbfe0a53e9..b8ff41dd49e 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index e4fa8db2764..d8764ee6801 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 355fff148d6..679b9015040 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index e576b750f70..71edc465206 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 7b44b1514a8..8629038dd82 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 7f33ceac947..e9538c516de 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index dd30c5d4de9..d1fab09d68b 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index c438bb0e938..f6efb59bc58 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index c80a59fae21..20a2705af1c 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index d026ac485d7..271c7c24b83 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml From 0dba5ebb472a0d855659bad94d87623e4e126001 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 16 May 2024 16:50:41 -0400 Subject: [PATCH 17/75] [ELY-2758] Perform API check against 2.4.2.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 71edc465206..088c8b422e0 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.4.1.Final + 2.4.2.Final jar From 13da686515b2ca83a24204c2c74a51750c600a8d Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 24 Apr 2024 17:17:29 -0400 Subject: [PATCH 18/75] [ELY-2752] Ensure it's possible to make use of a custom principal-attribute value for OIDC --- .../security/http/oidc/ElytronMessages.java | 5 +++ .../security/http/oidc/JsonWebToken.java | 9 +++++- .../security/http/oidc/OidcBaseTest.java | 25 +++++++++++++-- .../wildfly/security/http/oidc/OidcTest.java | 32 +++++++++++++++++++ 4 files changed, 68 insertions(+), 3 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java index c4ba08c8fb2..773b59d8bb3 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java @@ -18,6 +18,7 @@ package org.wildfly.security.http.oidc; +import static org.jboss.logging.Logger.Level.DEBUG; import static org.jboss.logging.Logger.Level.ERROR; import static org.jboss.logging.Logger.Level.WARN; import static org.jboss.logging.annotations.Message.NONE; @@ -233,5 +234,9 @@ interface ElytronMessages extends BasicLogger { @Message(id = 23056, value = "No message entity") IOException noMessageEntity(); + @LogMessage(level = DEBUG) + @Message(id = 23057, value = "principal-attribute '%s' claim does not exist, falling back to 'sub'") + void principalAttributeClaimDoesNotExist(String principalAttributeClaim); + } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java index 1b27f19a031..b806a0e7122 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java @@ -297,7 +297,14 @@ public String getPrincipalName(OidcClientConfiguration deployment) { case NICKNAME: return getNickName(); default: - return getSubject(); + String claimValue = getClaimValueAsString(attr); + if (claimValue != null) { + return claimValue; + } else { + // fall back to sub claim + log.principalAttributeClaimDoesNotExist(attr); + return getSubject(); + } } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index da8efee9981..fb9d8345431 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -134,11 +134,18 @@ protected static boolean isDockerAvailable() { } protected CallbackHandler getCallbackHandler() { + return getCallbackHandler(null); + } + + protected CallbackHandler getCallbackHandler(String expectedPrincipal) { return callbacks -> { for(Callback callback : callbacks) { if (callback instanceof EvidenceVerifyCallback) { Evidence evidence = ((EvidenceVerifyCallback) callback).getEvidence(); ((EvidenceVerifyCallback) callback).setVerified(evidence.getDecodedPrincipal() != null); + if (expectedPrincipal != null) { + assertEquals(expectedPrincipal, evidence.getDecodedPrincipal().getName()); + } } else if (callback instanceof AuthenticationCompleteCallback) { // NO-OP } else if (callback instanceof IdentityCredentialCallback) { @@ -304,7 +311,21 @@ protected void performAuthentication(InputStream oidcConfig, String username, St } protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText) throws Exception { + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + CallbackHandler callbackHandler) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, getClientUrl(), expectedLocation, clientPageText, + callbackHandler); + } + + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, clientUrl, expectedLocation, clientPageText, + getCallbackHandler()); + } + + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText, + CallbackHandler callbackHandler) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -312,7 +333,7 @@ protected void performAuthentication(InputStream oidcConfig, String username, St OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, callbackHandler); URI requestUri = new URI(clientUrl); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 4716f78d6c5..a9b13687551 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -188,6 +188,24 @@ public void testTokenSignatureAlgorithm() throws Exception { true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } + @Test + public void testPrincipalAttribute() throws Exception { + // custom principal-attribute + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("aud"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler("test-webapp")); + + // standard principal-attribute + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("given_name"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler("Alice")); + + // invalid principal-attribute, logging in should still succeed + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("invalid_claim"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler()); + } + /***************************************************************************************************************************************** * Tests for multi-tenancy. * @@ -503,6 +521,20 @@ private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } + private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { + String oidcConfig = "{\n" + + " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + + " \"resource\" : \"" + CLIENT_ID + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + static InputStream getTenantConfigWithAuthServerUrl(String tenant) { String oidcConfig = "{\n" + " \"realm\" : \"" + tenant + "\",\n" + From b1c8ae6ec8b42d70b7c4aec41c1d537e5f424e5a Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Wed, 22 May 2024 15:51:47 -0400 Subject: [PATCH 19/75] [ELY-2766] Release WildFly Elytron 2.2.6.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 9ef1e4dcb7e..a1b3648c7b7 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 934a6c8aef5..9a22690b9cb 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index ba9fa492197..662a95dc8c0 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index b0bbc59805c..5c0395b8c90 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 8e54d05a805..66aea205809 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index d43d4587676..04a71fae56d 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index ce550693095..fe38b4830da 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 482529e712e..bd076d70b24 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index c5fc40b7e69..7216bc097da 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 8512c3e1841..ae18c1c1b63 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 06e03981634..1125797279c 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index fdce21baddc..3e6be51425e 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 4f9f9f49836..5e22f8ba28d 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 3d40c50c9da..d69618338cf 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 196d11cd87b..987b1eb96ac 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index ec4118c0bd2..16354596fac 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 53e83fd4863..b3592697ed4 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 01f2f60bd31..e75db57e702 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index fce93219df5..d54a84d58f3 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 733e70971cb..d25dfbefee0 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 168efc14507..f704c8f5032 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 2e9d6e8d7d9..83788f7800c 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 9999e093ab0..100de880336 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 0fbfc09c717..86f4144f305 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index f3135db1334..ec3dee62b21 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 5fc80053a4a..cf6cac0c2b5 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index f3483de20b4..4ab7ea7b36f 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index acce7e058ed..74aaaf40cee 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 73bf8a709d1..885a9af3e96 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 96c630284e9..6a76602d37c 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 7a133165583..bba19b0f8f2 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 49f224e3818..c848128d0d2 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 12eae4182e3..7c6a1f3ac61 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index ca1e305c2a4..8268f16ab11 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 4e42b7953c7..c4b5503a30d 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 867d9f67347..c63264751c2 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index c24f86a9b0d..fb443566bc3 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 614e091564d..6f3bc25f568 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index e4540efb629..b980976f0a5 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index bbf25497f11..85739b2a242 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 57e730256a6..05058b98a7d 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index afb9c5ba117..50845e1e518 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index a5c22891767..1ba66b7aee2 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index eef3186d7b4..d55ac1449e6 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index c9ee1b53ec2..6aca3857fbb 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 720685c4320..9c85218acd6 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 860bfab6cfe..02efe09bdd5 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 60396319a2d..22bafd9032e 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index c73d1ced336..0bca2b01451 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 27aa6a90456..36c23e42471 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 65a8a50c994..3ef98a52040 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 8357e1ee1e6..4c750066e4b 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 63601511e30..fd8b6bfd1ac 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index e8ea9516782..65dad4b8cbb 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index fa78409e10a..a97ab4259b5 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 5ea6bf1d3e3..13d9dd61fac 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index a785d409c0f..fb2da6e2291 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 5102fd9bf4a..125bb8692bf 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 75d0666b2a1..270bad93357 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 5c7efb1bda1..83775d7d872 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index a5c5f43fb17..d84334cb33d 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 73518b3c05d..c4e8149f589 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 5f99071b6ac..a93d497275c 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index d2d82a4fd3b..59e4dbf725d 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index ced9b82c42c..acbda793569 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 8fc42e5bfa1..a529ba804ef 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 5b9d724d3bf..0ac451d3185 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 661ec50cbb2..773e5ea0941 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 3510910a324..99461b07368 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index e3f08a7c34c..2075976ef47 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index c0ef9665207..56f03628d49 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 3d58b892b4c..4d31a65d49a 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 2246804b4f0..9ec34e0a305 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 72cb461bc65..65d2d1a2dc1 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 1063ddfbe44..9413ee7b1b7 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 182d475c90d..463b7a90e98 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.CR1-SNAPSHOT + 2.2.6.Final ../../pom.xml From 686ff63773abed7806c84720bfb74ac86c53cb5e Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Wed, 22 May 2024 16:08:53 -0400 Subject: [PATCH 20/75] Next is 2.2.7 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index a1b3648c7b7..daba6ac26ce 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 9a22690b9cb..e41d7be291c 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 662a95dc8c0..a527a409a87 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 5c0395b8c90..97f7fabacf6 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 66aea205809..8619afb6e45 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 04a71fae56d..1db6b19fd8f 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index fe38b4830da..f33bf97c93c 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index bd076d70b24..259c50e7395 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 7216bc097da..a9ebc498a60 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index ae18c1c1b63..ec8d916d995 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 1125797279c..184dd2fce67 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 3e6be51425e..33457085a1b 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 5e22f8ba28d..b608acd662f 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index d69618338cf..5ff7e107802 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 987b1eb96ac..c85711ed292 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 16354596fac..2f625828242 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index b3592697ed4..d87ea7011e5 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index e75db57e702..b0dda23a278 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index d54a84d58f3..506d3b75783 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index d25dfbefee0..52c3cf2f704 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index f704c8f5032..dca3c82da80 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 83788f7800c..316fb0c6e5a 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 100de880336..7c3c0c4312c 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 86f4144f305..7b68887af5f 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index ec3dee62b21..3a104a68875 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index cf6cac0c2b5..552e00155d7 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 4ab7ea7b36f..8fabf72fb42 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 74aaaf40cee..bc27ee4898d 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 885a9af3e96..fd1e3bba60b 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 6a76602d37c..652384b9a15 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index bba19b0f8f2..1e6e3a56441 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index c848128d0d2..7e240807980 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 7c6a1f3ac61..41b5708936c 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 8268f16ab11..286fcbc9d2f 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index c4b5503a30d..0b5931947eb 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index c63264751c2..52c14cae984 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index fb443566bc3..7d719a494c6 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 6f3bc25f568..bc2e0010dea 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index b980976f0a5..5b38909c483 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 85739b2a242..107e155f66b 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 05058b98a7d..0b85d633b40 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 50845e1e518..055553ef208 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 1ba66b7aee2..452ff36091d 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index d55ac1449e6..15efe4ee541 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 6aca3857fbb..e771289f141 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 9c85218acd6..3730706429b 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 02efe09bdd5..d089d44f12d 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 22bafd9032e..2978619fac8 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 0bca2b01451..dba50f1d05e 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 36c23e42471..81d019db7f7 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 3ef98a52040..1c76594a76c 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 4c750066e4b..d54737a9f17 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index fd8b6bfd1ac..9b8d3ecb715 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 65dad4b8cbb..7dcb935ce6d 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index a97ab4259b5..c54dcf9ef1b 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 13d9dd61fac..ff509270cc2 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index fb2da6e2291..e9b525e3157 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 125bb8692bf..0a204def8d3 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 270bad93357..aa8cfebf241 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 83775d7d872..9981c7aa310 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index d84334cb33d..dc749ed6030 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index c4e8149f589..da68c0f9155 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index a93d497275c..c1699f121cb 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 59e4dbf725d..f606b2a8925 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index acbda793569..add987adf0d 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index a529ba804ef..e960945fa6f 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 0ac451d3185..12b05419de4 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 773e5ea0941..f19c2a561ef 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 99461b07368..9706c48891a 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 2075976ef47..5cda892ed65 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 56f03628d49..35cae1ea990 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 4d31a65d49a..7627c921410 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 9ec34e0a305..73a0de714fc 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 65d2d1a2dc1..a9a9a560873 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 9413ee7b1b7..a8883a3dc6b 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 463b7a90e98..59aae9d9af8 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.6.Final + 2.2.7.CR1-SNAPSHOT ../../pom.xml From a23e6817fdca43c089af7f1cc336d6fd89ae81eb Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Wed, 22 May 2024 16:10:22 -0400 Subject: [PATCH 21/75] [ELY-2766] Perform API check against 2.2.6.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 5cda892ed65..1c21d79333d 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -553,7 +553,7 @@ org.wildfly.security wildfly-elytron - 2.2.5.Final + 2.2.6.Final jar From 417b8c8c0b3b9f6d74fd286098a745df217d6e2a Mon Sep 17 00:00:00 2001 From: lvydra Date: Fri, 14 Jun 2024 16:02:13 +0200 Subject: [PATCH 22/75] [ELY-2767] CredentialStoreCommandTest.testGenerateKeyPairDSA fails when using Java 22 --- .../base/src/main/java/org/wildfly/security/key/KeyUtil.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java b/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java index 234734c96bb..4ab3edd0236 100644 --- a/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java +++ b/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java @@ -37,6 +37,7 @@ import java.security.interfaces.RSAMultiPrimePrivateCrtKey; import java.security.interfaces.RSAPrivateKey; import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; import java.security.spec.ECParameterSpec; import java.util.Arrays; import java.util.Objects; @@ -99,7 +100,9 @@ public static

P getParameters(Key key, Class< } else if (key instanceof RSAKey && paramSpecClass.isAssignableFrom(RSAParameterSpec.class)) { return paramSpecClass.cast(new RSAParameterSpec((RSAKey) key)); } else if (key instanceof DSAKey && paramSpecClass.isAssignableFrom(DSAParams.class)) { - return paramSpecClass.cast(((DSAKey) key).getParams()); + final DSAKey dsaKey = (DSAKey) key; + final DSAParams dsaParams = dsaKey.getParams(); + return paramSpecClass.cast(new DSAParameterSpec(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG())); } else if (key instanceof ECKey && paramSpecClass.isAssignableFrom(ECParameterSpec.class)) { return paramSpecClass.cast(((ECKey) key).getParams()); } else if (key instanceof DHKey && paramSpecClass.isAssignableFrom(DHParameterSpec.class)) { From 2d06b4cf8ab948a61d974f6230932f1a64d2d26b Mon Sep 17 00:00:00 2001 From: R Searls Date: Fri, 21 Jun 2024 11:52:14 -0400 Subject: [PATCH 23/75] [ELY-2771] upgraded maven-javadoc-plugin to current version. Fixed bld issues in generating site files --- pom.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 20543860b1e..7ca4288cd07 100644 --- a/pom.xml +++ b/pom.xml @@ -56,6 +56,7 @@ 11 + 3.7.0 2.17.0 ${version.com.fasterxml.jackson} 1.6.0 @@ -254,11 +255,119 @@ maven-javadoc-plugin + ${version-javadoc-plugin} + + + org.wildfly.common + wildfly-common + ${version.org.wildfly.common} + + + org.jboss.logging + jboss-logging + ${version.org.jboss.logging} + + + org.jboss.logging + jboss-logging-annotations + ${version.org.jboss.logging.tools} + + + org.jboss.logmanager + jboss-logmanager + ${version.org.jboss.logmanager} + + + org.wildfly.security + wildfly-elytron-credential-source-impl + ${project.version} + + + org.wildfly.security + wildfly-elytron-ssh-util + ${project.version} + + + org.wildfly.client + wildfly-client-config + ${version.org.wildfly.client.config} + + + org.wildfly.security + wildfly-elytron-provider-util + ${project.version} + + + org.kohsuke.metainf-services + metainf-services + ${version.org.kohsuke.metainf-services.metainf-services} + + + org.apache.httpcomponents + httpcore + ${version.org.apache.httpcomponents.httpcore} + + + org.apache.httpcomponents + httpclient + ${version.org.apache.httpcomponents.httpclient} + + + org.bitbucket.b_c + jose4j + ${version.org.bitbucket.b_c.jose4j} + + + com.fasterxml.jackson.core + jackson-databind + ${version.com.fasterxml.jackson.databind} + + + com.fasterxml.jackson.core + jackson-annotations + ${version.com.fasterxml.jackson} + + + com.fasterxml.jackson.core + jackson-core + ${version.com.fasterxml.jackson} + + + jakarta.servlet + jakarta.servlet-api + ${version.jakarta.servlet.jakarta-servlet-api} + + + jakarta.json + jakarta.json-api + ${version.jakarta.json.jakarta-json-api} + + + commons-cli + commons-cli + ${version.commons-cli} + + + org.apache.commons + commons-lang3 + ${version.org.apache.commons} + + + org.apache.sshd + sshd-common + ${version.org.apache.sshd.common} + + + org.jboss.modules + jboss-modules + ${version.org.jboss.modules} + + true none protected - 8 + 11 ${project.basedir}/asn1/src/main/java/; ${project.basedir}/audit/src/main/java/; From 3b6c21b1e1af59863e8869b46866b8b4813caa92 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Mon, 24 Jun 2024 15:34:49 +0100 Subject: [PATCH 24/75] [ELY-2773] First update the CAGenerationTool so we operate on 'Identity' instances for the defined identities. --- .../security/ssl/SSLAuthenticationTest.java | 62 ++++++++++--------- .../ssl/test/util/CAGenerationTool.java | 50 ++++++++++++++- .../ssl/test/util/DefinedCAIdentity.java | 50 +++++++++++++++ .../ssl/test/util/DefinedIdentity.java | 43 +++++++++++++ 4 files changed, 176 insertions(+), 29 deletions(-) create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 8666bf529f6..61b0ca486a5 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -88,6 +88,7 @@ import org.wildfly.security.auth.server.SecurityRealm; import org.wildfly.security.permission.PermissionVerifier; import org.wildfly.security.ssl.test.util.CAGenerationTool; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; import org.wildfly.security.x500.GeneralName; import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; @@ -222,32 +223,36 @@ public static void beforeTest() throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Generates certificate and keystore for OCSP responder - ocspResponderCertificate = caGenerationTool.createIdentity("ocspResponder", + DefinedCAIdentity caIdentity = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedCAIdentity intermediateCAIdentity = caGenerationTool.getDefinedCAIdentity(Identity.INTERMEDIATE); + ocspResponderCertificate = caIdentity.createIdentity("ocspResponder", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"), - "ocsp-responder.keystore", Identity.CA, new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); + "ocsp-responder.keystore", new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); // Generates GOOD certificate referencing the OCSP responder - X509Certificate ocspCheckedGoodCertificate = caGenerationTool.createIdentity("checked", + X509Certificate ocspCheckedGoodCertificate = intermediateCAIdentity.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedGood"), - "ocsp-checked-good.keystore", Identity.INTERMEDIATE, new AuthorityInformationAccessExtension(Collections.singletonList( + "ocsp-checked-good.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) ))); // Generates REVOKED certificate referencing the OCSP responder - X509Certificate ocspCheckedRevokedCertificate = caGenerationTool.createIdentity("checked", + X509Certificate ocspCheckedRevokedCertificate = caIdentity.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedRevoked"), - "ocsp-checked-revoked.keystore", Identity.CA, (new AuthorityInformationAccessExtension(Collections.singletonList( + "ocsp-checked-revoked.keystore", (new AuthorityInformationAccessExtension(Collections.singletonList( new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) )))); // Generates UNKNOWN certificate referencing the OCSP responder - X509Certificate ocspCheckedUnknownCertificate = caGenerationTool.createIdentity("checked", + X509Certificate ocspCheckedUnknownCertificate = caIdentity.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedUnknown"), - "ocsp-checked-unknown.keystore", Identity.CA, new AuthorityInformationAccessExtension(Collections.singletonList( + "ocsp-checked-unknown.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) ))); - X509Certificate greenJuneCertificate = caGenerationTool.getCertificate(Identity.GREENJUNE); + X509Certificate greenJuneCertificate = caGenerationTool + .getDefinedIdentity(Identity.GREENJUNE) + .getCertificate(); KeyStore beetlesKeyStore = createKeyStore("/jks/beetles.keystore"); beetlesKeyStore.setCertificateEntry("ocspResponder", ocspResponderCertificate); @@ -259,7 +264,7 @@ public static void beforeTest() throws Exception { // Adds trusted cert for shortwinged KeyStore shortwingedKeyStore = createKeyStore(); - shortwingedKeyStore.setCertificateEntry("rove", caGenerationTool.getCertificate(Identity.ROVE)); + shortwingedKeyStore.setCertificateEntry("rove", caGenerationTool.getDefinedIdentity(Identity.ROVE).getCertificate()); createTemporaryKeyStoreFile(shortwingedKeyStore, SHORTWINGED_FILE, PASSWORD); // Used for all CRLs @@ -273,52 +278,53 @@ public static void beforeTest() throws Exception { // Creates the CRL for ca/crl/blank.pem X509v2CRLBuilder caBlankCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.CA).getSubjectDN()), + convertSunStyleToBCStyle(caIdentity.getCertificate().getSubjectDN()), currentDate ); X509CRLHolder caBlankCrlHolder = caBlankCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.CA)) + .build(caIdentity.getPrivateKey()) ); // Creates the CRL for ica/crl/blank.pem X509v2CRLBuilder icaBlankCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.INTERMEDIATE).getSubjectDN()), + convertSunStyleToBCStyle(intermediateCAIdentity.getCertificate().getSubjectDN()), currentDate ); X509CRLHolder icaBlankCrlHolder = icaBlankCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.INTERMEDIATE)) + .build(intermediateCAIdentity.getPrivateKey()) ); // Creates the CRL for firefly-revoked.pem X509v2CRLBuilder fireflyRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.CA).getSubjectDN()), + convertSunStyleToBCStyle(caIdentity.getCertificate().getSubjectDN()), currentDate ); fireflyRevokedCrlBuilder.addCRLEntry( - caGenerationTool.getCertificate(Identity.FIREFLY).getSerialNumber(), + caGenerationTool.getDefinedIdentity(Identity.FIREFLY).getCertificate().getSerialNumber(), revokeDate, CRLReason.unspecified ); X509CRLHolder fireflyRevokedCrlHolder = fireflyRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.CA)) + .build(caIdentity.getPrivateKey()) ); + DefinedCAIdentity secondCAIdentity = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); // Creates the CRL for ladybug-revoked.pem X509v2CRLBuilder ladybugRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.SECOND_CA).getSubjectDN()), + convertSunStyleToBCStyle(secondCAIdentity.getCertificate().getSubjectDN()), currentDate ); // revokes the certificate with serial number #2 ladybugRevokedCrlBuilder.addCRLEntry( - caGenerationTool.getCertificate(Identity.LADYBUG).getSerialNumber(), + caGenerationTool.getDefinedIdentity(Identity.LADYBUG).getCertificate().getSerialNumber(), revokeDate, CRLReason.unspecified ); @@ -326,35 +332,35 @@ public static void beforeTest() throws Exception { X509CRLHolder ladybugRevokedCrlHolder = ladybugRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.SECOND_CA)) + .build(secondCAIdentity.getPrivateKey()) ); // Creates the CRL for ica-revoked.pem X509v2CRLBuilder icaRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.CA).getSubjectDN()), + convertSunStyleToBCStyle(caIdentity.getCertificate().getSubjectDN()), currentDate ); icaRevokedCrlBuilder.addCRLEntry( - caGenerationTool.getCertificate(Identity.INTERMEDIATE).getSerialNumber(), + intermediateCAIdentity.getCertificate().getSerialNumber(), revokeDate, CRLReason.unspecified ); X509CRLHolder icaRevokedCrlHolder = icaRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.CA)) + .build(caIdentity.getPrivateKey()) ); // Creates the CRL for rove-revoked.pem X509v2CRLBuilder roveRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.INTERMEDIATE).getSubjectDN()), + convertSunStyleToBCStyle(intermediateCAIdentity.getCertificate().getSubjectDN()), currentDate ); X509CRLHolder roveRevokedCrlHolder = roveRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.INTERMEDIATE)) + .build(intermediateCAIdentity.getPrivateKey()) ); PemWriter caBlankCrlOutput = new PemWriter(new OutputStreamWriter(new FileOutputStream(CA_BLANK_PEM_CRL))); @@ -385,9 +391,9 @@ public static void beforeTest() throws Exception { roveRevokedCrlOutput.close(); ocspServer = new TestingOcspServer(OCSP_PORT); - ocspServer.createIssuer(1, caGenerationTool.getCertificate(Identity.CA)); - ocspServer.createIssuer(2, caGenerationTool.getCertificate(Identity.INTERMEDIATE)); - ocspServer.createCertificate(1, 1, caGenerationTool.getCertificate(Identity.INTERMEDIATE)); + ocspServer.createIssuer(1, caIdentity.getCertificate()); + ocspServer.createIssuer(2, intermediateCAIdentity.getCertificate()); + ocspServer.createCertificate(1, 1, intermediateCAIdentity.getCertificate()); ocspServer.createCertificate(2, 2, ocspCheckedGoodCertificate); ocspServer.createCertificate(3, 1, ocspCheckedRevokedCertificate); ocspServer.revokeCertificate(3, 4); diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 86526400a81..61f4565283d 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -79,6 +79,8 @@ public class CAGenerationTool implements Closeable { private final File workingDir; + private volatile boolean closed = false; + protected CAGenerationTool(Builder builder) throws Exception { // Ensure we have the directory created to hold the resulting KeyStores workingDir = new File(builder.baseDir); @@ -108,10 +110,45 @@ protected CAGenerationTool(Builder builder) throws Exception { } } + public DefinedIdentity getDefinedIdentity(final Identity identity) { + if (identity.isCertificateAuthority()) { + return getDefinedCAIdentity(identity); + } + + if (!certificateMap.containsKey(identity)) { + throw new IllegalStateException(String.format("Identity %s has not been created.", identity.toString())); + } + + X509Certificate certificate = certificateMap.get(identity); + + return new DefinedIdentity(this, identity, certificate); + } + + public DefinedCAIdentity getDefinedCAIdentity(final Identity identity) { + if (!identity.isCertificateAuthority()) { + throw new IllegalStateException(String.format("Identity %s is not a CertificateAuthority", identity.toString())); + } + + if (!caMap.containsKey(identity)) { + throw new IllegalStateException(String.format("Identity %s has not been created.", identity.toString())); + } + + CAState caState = caMap.get(identity); + return new DefinedCAIdentity(this, identity, caState.issuerCertificate, caState.signingKey); + } + + /** + * @deprecated Use {@link CAIdentity#getCertificate()} instead. + */ + @Deprecated() public X509Certificate getCertificate(final Identity identity) { return certificateMap.get(identity); } + /** + * @deprecated Use {@link CAIdentity#getPrivateKey()} instead. + */ + @Deprecated() public PrivateKey getPrivateKey(final Identity identity) { if (!identity.isCertificateAuthority()) { throw new IllegalStateException(String.format("Identity %s if not a CertificateAuthority", identity.toString())); @@ -175,6 +212,10 @@ private CAState createCA(final Identity identity) { return caState; } + /** + * @deprecated Use {@link #createIdentity(String, X500Principal, String, X509CertificateExtension...)} instead. + */ + @Deprecated public X509Certificate createIdentity(final String alias, final X500Principal principal, final String keyStoreName, final Identity ca, final X509CertificateExtension... extensions) { KeyPair keyPair = keyPairGenerator.generateKeyPair(); @@ -220,7 +261,7 @@ public X509Certificate createIdentity(final String alias, final X500Principal pr } } - public X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, final String keyStoreName) { + private X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, final String keyStoreName) { SelfSignedX509CertificateAndSigningKey selfSignedIdentity = SelfSignedX509CertificateAndSigningKey.builder() .setDn(principal) .setKeyAlgorithmName(KEY_ALGORITHM) @@ -275,8 +316,15 @@ private static KeyStore loadKeyStore(final File location) { } } + void assertNotClosed() { + if (closed) { + throw new IllegalStateException("The CAGenerationTool is closed."); + } + } + @Override public void close() throws IOException { + closed = true; workingDir.delete(); } diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java new file mode 100644 index 00000000000..c4d584b78e1 --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java @@ -0,0 +1,50 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +import javax.security.auth.x500.X500Principal; + +import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.x500.cert.X509CertificateExtension; + +public class DefinedCAIdentity extends DefinedIdentity { + + private final PrivateKey privateKey; + + DefinedCAIdentity(CAGenerationTool caGenerationTool, Identity identity, + X509Certificate certificate, PrivateKey privateKey) { + super(caGenerationTool, identity, certificate); + this.privateKey = privateKey; + } + + public X509Certificate createIdentity(final String alias, final X500Principal principal, + final String keyStoreName, final X509CertificateExtension... extensions) { + caGenerationTool.assertNotClosed(); + + return caGenerationTool.createIdentity(alias, principal, keyStoreName, identity, extensions); + } + + + public PrivateKey getPrivateKey() { + caGenerationTool.assertNotClosed(); + + return privateKey; + } +} diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java new file mode 100644 index 00000000000..1808b8d4f95 --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java @@ -0,0 +1,43 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.security.cert.X509Certificate; + +import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; + +public class DefinedIdentity { + + protected final CAGenerationTool caGenerationTool; + protected final Identity identity; + private final X509Certificate certificate; + + DefinedIdentity(CAGenerationTool caGenerationTool, + Identity identity, + X509Certificate certificate) { + this.caGenerationTool = caGenerationTool; + this.identity = identity; + this.certificate = certificate; + } + + public X509Certificate getCertificate() { + caGenerationTool.assertNotClosed(); + + return certificate; + } + +} From 45c8426184cea2bd1717036a5954103b9b80fb7f Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Mon, 24 Jun 2024 18:05:58 +0100 Subject: [PATCH 25/75] [ELY-2773] Adjust the CA generation util so resulting identities can create their own artifacts. This include KeyManager, TrustManager and KeyStore instances. A CustomIdentity variant is also present for tests that create their own identities. --- .../ssl/test/util/CAGenerationTool.java | 133 +++++++++++++----- .../ssl/test/util/CommonIdentity.java | 66 +++++++++ .../ssl/test/util/CustomIdentity.java | 37 +++++ .../ssl/test/util/DefinedCAIdentity.java | 28 +++- .../ssl/test/util/DefinedIdentity.java | 12 +- 5 files changed, 233 insertions(+), 43 deletions(-) create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 61f4565283d..4481352b8f8 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -55,7 +55,8 @@ import org.wildfly.security.x500.cert.X509CertificateExtension; /** - * A tool for generating a complete set of certificates backed by a generated certificate authority. + * A tool for generating a complete set of certificates backed by a generated + * certificate authority. * * @author Darran Lofthouse */ @@ -67,10 +68,11 @@ public class CAGenerationTool implements Closeable { private static final String KEY_ALGORITHM = "RSA"; private static final String KEYSTORE_TYPE = "JKS"; // TODO Switch to PKCS#12 private static final int OCSP_PORT = 4854; - private static final char[] PASSWORD = "Elytron".toCharArray(); + static final char[] PASSWORD = "Elytron".toCharArray(); private static final Set BEETLES = Collections - .unmodifiableSet(new HashSet<>(Arrays.asList(Identity.LADYBIRD, Identity.SCARAB, Identity.DUNG, Identity.FIREFLY))); + .unmodifiableSet( + new HashSet<>(Arrays.asList(Identity.LADYBIRD, Identity.SCARAB, Identity.DUNG, Identity.FIREFLY))); private static final Predicate INCLUDE_IN_BEETLES = BEETLES::contains; private final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); @@ -126,7 +128,8 @@ public DefinedIdentity getDefinedIdentity(final Identity identity) { public DefinedCAIdentity getDefinedCAIdentity(final Identity identity) { if (!identity.isCertificateAuthority()) { - throw new IllegalStateException(String.format("Identity %s is not a CertificateAuthority", identity.toString())); + throw new IllegalStateException( + String.format("Identity %s is not a CertificateAuthority", identity.toString())); } if (!caMap.containsKey(identity)) { @@ -137,8 +140,12 @@ public DefinedCAIdentity getDefinedCAIdentity(final Identity identity) { return new DefinedCAIdentity(this, identity, caState.issuerCertificate, caState.signingKey); } + public KeyStore getBeetlesKeyStore() { + return loadKeyStore(new File(workingDir, BEETLES_STORE)); + } + /** - * @deprecated Use {@link CAIdentity#getCertificate()} instead. + * @deprecated Use {@link CommonIdentity#getCertificate()} instead. */ @Deprecated() public X509Certificate getCertificate(final Identity identity) { @@ -146,12 +153,13 @@ public X509Certificate getCertificate(final Identity identity) { } /** - * @deprecated Use {@link CAIdentity#getPrivateKey()} instead. + * @deprecated Use {@link DefinedCAIdentity#getPrivateKey()} instead. */ @Deprecated() public PrivateKey getPrivateKey(final Identity identity) { if (!identity.isCertificateAuthority()) { - throw new IllegalStateException(String.format("Identity %s if not a CertificateAuthority", identity.toString())); + throw new IllegalStateException( + String.format("Identity %s if not a CertificateAuthority", identity.toString())); } return caMap.computeIfAbsent(identity, this::createCA).signingKey; @@ -163,7 +171,8 @@ private CAState createCA(final Identity identity) { Identity signedBy = identity.getSignedBy(); if (signedBy == null) { // As a root CA it will require a self signed certificate. - SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder() + SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey + .builder() .setDn(identity.getPrincipal()) .setKeyAlgorithmName(KEY_ALGORITHM) .setSignatureAlgorithmName(SIGNATURE_ALGORTHM) @@ -184,8 +193,8 @@ private CAState createCA(final Identity identity) { .setSerialNumber(BigInteger.valueOf(signerState.serialNumber++)) .addExtension(new BasicConstraintsExtension(false, true, -1)) .addExtension(new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - ))) + new AccessDescription(OID_AD_OCSP, + new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp"))))) .build(); caState.issuerCertificate = intermediateIssuerCertificate; @@ -212,28 +221,72 @@ private CAState createCA(final Identity identity) { return caState; } + private X509Certificate createCustomCertificate(final Identity ca, final X500Principal principal, + final KeyPair keyPair, final X509CertificateExtension... extensions) throws CertificateException{ + + CAState caState = caMap.computeIfAbsent(ca, this::createCA); + + X509CertificateBuilder certificateBuilder = new X509CertificateBuilder() + .setIssuerDn(ca.getPrincipal()) + .setSubjectDn(principal) + .setSignatureAlgorithmName(SIGNATURE_ALGORTHM) + .setSigningKey(caState.signingKey) + .setPublicKey(keyPair.getPublic()) + .setSerialNumber(BigInteger.valueOf(caState.serialNumber++)) + .addExtension(new BasicConstraintsExtension(false, false, -1)); + for (X509CertificateExtension currentExtension : extensions) { + certificateBuilder.addExtension(currentExtension); + } + + return certificateBuilder.build(); + } + + CustomIdentity createCustomIdentity(final String alias, final X500Principal principal, final String keyStoreName, + final Identity ca, final X509CertificateExtension... extensions) { + try { + KeyPair keyPair = keyPairGenerator.generateKeyPair(); + X509Certificate builtCertificate = createCustomCertificate(ca, principal, keyPair, extensions); + + File keyStoreFile = new File(workingDir, keyStoreName); + KeyStore keyStore = createEmptyKeyStore(); + + List certificates = new ArrayList<>(); + certificates.add(builtCertificate); + + Identity caIdentity = ca; + CAState caState; + + do { + caState = caMap.get(caIdentity); // We just created a signed cert above, the complete chain must be + // present. + certificates.add(caState.issuerCertificate); + caIdentity = caIdentity.getSignedBy(); + } while (caIdentity != null); + + keyStore.setKeyEntry(alias, keyPair.getPrivate(), PASSWORD, + certificates.toArray(new X509Certificate[certificates.size()])); + try (OutputStream out = new FileOutputStream(keyStoreFile)) { + keyStore.store(out, PASSWORD); + } + + return new CustomIdentity(this, builtCertificate, keyStoreFile); + + } catch (IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException e) { + throw new RuntimeException("Umnable to create identity", e); + } + } + /** - * @deprecated Use {@link #createIdentity(String, X500Principal, String, X509CertificateExtension...)} instead. + * @deprecated Use + * {@link #createIdentity(String, X500Principal, String, X509CertificateExtension...)} + * instead. */ @Deprecated public X509Certificate createIdentity(final String alias, final X500Principal principal, final String keyStoreName, final Identity ca, final X509CertificateExtension... extensions) { - KeyPair keyPair = keyPairGenerator.generateKeyPair(); - CAState caState = caMap.computeIfAbsent(ca, this::createCA); - try { - X509CertificateBuilder certificateBuilder = new X509CertificateBuilder() - .setIssuerDn(ca.getPrincipal()) - .setSubjectDn(principal) - .setSignatureAlgorithmName(SIGNATURE_ALGORTHM) - .setSigningKey(caState.signingKey) - .setPublicKey(keyPair.getPublic()) - .setSerialNumber(BigInteger.valueOf(caState.serialNumber++)) - .addExtension(new BasicConstraintsExtension(false, false, -1)); - for (X509CertificateExtension currentExtension : extensions) { - certificateBuilder.addExtension(currentExtension); - } - X509Certificate builtCertificate = certificateBuilder.build(); + KeyPair keyPair = keyPairGenerator.generateKeyPair(); + X509Certificate builtCertificate = createCustomCertificate(ca, principal, keyPair, extensions); File keyStoreFile = new File(workingDir, keyStoreName); KeyStore keyStore = createEmptyKeyStore(); @@ -242,9 +295,14 @@ public X509Certificate createIdentity(final String alias, final X500Principal pr certificates.add(builtCertificate); Identity caIdentity = ca; + CAState caState; + do { - caState = caMap.get(caIdentity); // We just created a signed cert above, the complete chain must be present. - keyStore.setCertificateEntry(caIdentity.toString(), caState.issuerCertificate); // This could be removed as the cert chain is added to the Entry. + caState = caMap.get(caIdentity); // We just created a signed cert above, the complete chain must be + // present. + keyStore.setCertificateEntry(caIdentity.toString(), caState.issuerCertificate); // This could be removed + // as the cert chain is + // added to the Entry. certificates.add(caState.issuerCertificate); caIdentity = caIdentity.getSignedBy(); } while (caIdentity != null); @@ -261,7 +319,8 @@ public X509Certificate createIdentity(final String alias, final X500Principal pr } } - private X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, final String keyStoreName) { + private X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, + final String keyStoreName) { SelfSignedX509CertificateAndSigningKey selfSignedIdentity = SelfSignedX509CertificateAndSigningKey.builder() .setDn(principal) .setKeyAlgorithmName(KEY_ALGORITHM) @@ -297,7 +356,7 @@ private X509Certificate createIdentity(final Identity identity) { private static KeyStore createEmptyKeyStore() { try { KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE); - ks.load(null,null); + ks.load(null, null); return ks; } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { @@ -305,7 +364,11 @@ private static KeyStore createEmptyKeyStore() { } } - private static KeyStore loadKeyStore(final File location) { + KeyStore loadKeyStore(final Identity identity) { + return loadKeyStore(new File(workingDir, identity.getKeyStoreName())); + } + + static KeyStore loadKeyStore(final File location) { try (InputStream caTrustStoreFile = new FileInputStream(location)) { KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE); keyStore.load(caTrustStoreFile, PASSWORD); @@ -354,7 +417,8 @@ public enum Identity { CA, true, null), ROVE("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Rove", INTERMEDIATE, false, "rove.keystore"), - SECOND_CA("CN=Wildfly CA, ST=Wildfly, C=CA, EMAILADDRESS=admin@wildfly.org O=Another Root Certificate Authority", + SECOND_CA( + "CN=Wildfly CA, ST=Wildfly, C=CA, EMAILADDRESS=admin@wildfly.org O=Another Root Certificate Authority", null, true, "ca.truststore2"), LADYBUG("OU=Wildfly, O=Wildfly, C=CA, ST=Wildfly, CN=Ladybug", SECOND_CA, false, "ladybug.keystore"), @@ -366,8 +430,9 @@ public enum Identity { private final boolean ca; private final String keyStoreName; - private Identity(final String distinguishedName, final Identity signedBy, final boolean ca, final String keyStoreName) { - this.principal = new X500Principal(distinguishedName); + private Identity(final String distinguishedName, final Identity signedBy, final boolean ca, + final String keyStoreName) { + this.principal = new X500Principal(distinguishedName); this.signedBy = signedBy; this.ca = ca; this.keyStoreName = keyStoreName; diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java new file mode 100644 index 00000000000..2d8f3664015 --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java @@ -0,0 +1,66 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.X509ExtendedKeyManager; + +public abstract class CommonIdentity { + + protected final CAGenerationTool caGenerationTool; + private final X509Certificate certificate; + + CommonIdentity(CAGenerationTool caGenerationTool, X509Certificate certificate) { + this.caGenerationTool = caGenerationTool; + this.certificate = certificate; + } + + public X509Certificate getCertificate() { + caGenerationTool.assertNotClosed(); + + return certificate; + } + + public abstract KeyStore loadKeyStore(); + + public X509ExtendedKeyManager createKeyManager() { + caGenerationTool.assertNotClosed(); + + try { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(loadKeyStore(), CAGenerationTool.PASSWORD); + + for (KeyManager current : keyManagerFactory.getKeyManagers()) { + if (current instanceof X509ExtendedKeyManager) { + return (X509ExtendedKeyManager) current; + } + } + } catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) { + throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager.", e); + } + + throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); + } + +} diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java new file mode 100644 index 00000000000..a1ce69a2b5e --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java @@ -0,0 +1,37 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.io.File; +import java.security.KeyStore; +import java.security.cert.X509Certificate; + +public class CustomIdentity extends CommonIdentity { + + private final File keyStoreFile; + + CustomIdentity(CAGenerationTool caGenerationTool, X509Certificate certificate, File keyStoreFile) { + super(caGenerationTool, certificate); + this.keyStoreFile = keyStoreFile; + } + + @Override + public KeyStore loadKeyStore() { + return CAGenerationTool.loadKeyStore(keyStoreFile); + } + +} diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java index c4d584b78e1..4b01b4af6c8 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java @@ -16,9 +16,14 @@ package org.wildfly.security.ssl.test.util; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.X509Certificate; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; import javax.security.auth.x500.X500Principal; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; @@ -34,11 +39,11 @@ public class DefinedCAIdentity extends DefinedIdentity { this.privateKey = privateKey; } - public X509Certificate createIdentity(final String alias, final X500Principal principal, + public CustomIdentity createIdentity(final String alias, final X500Principal principal, final String keyStoreName, final X509CertificateExtension... extensions) { caGenerationTool.assertNotClosed(); - return caGenerationTool.createIdentity(alias, principal, keyStoreName, identity, extensions); + return caGenerationTool.createCustomIdentity(alias, principal, keyStoreName, identity, extensions); } @@ -47,4 +52,23 @@ public PrivateKey getPrivateKey() { return privateKey; } + + public X509TrustManager createTrustManager() { + caGenerationTool.assertNotClosed(); + + try { + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX"); + trustManagerFactory.init(caGenerationTool.loadKeyStore(identity)); + + for (TrustManager current : trustManagerFactory.getTrustManagers()) { + if (current instanceof X509TrustManager) { + return (X509TrustManager) current; + } + } + } catch (NoSuchAlgorithmException | KeyStoreException e) { + throw new IllegalStateException("Unable to obtain X509TrustManager.", e); + } + + throw new IllegalStateException("Unable to obtain X509TrustManager."); + } } diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java index 1808b8d4f95..28595b8e112 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java @@ -16,28 +16,26 @@ package org.wildfly.security.ssl.test.util; +import java.security.KeyStore; import java.security.cert.X509Certificate; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; -public class DefinedIdentity { +public class DefinedIdentity extends CommonIdentity { - protected final CAGenerationTool caGenerationTool; protected final Identity identity; - private final X509Certificate certificate; DefinedIdentity(CAGenerationTool caGenerationTool, Identity identity, X509Certificate certificate) { - this.caGenerationTool = caGenerationTool; + super(caGenerationTool, certificate); this.identity = identity; - this.certificate = certificate; } - public X509Certificate getCertificate() { + public KeyStore loadKeyStore() { caGenerationTool.assertNotClosed(); - return certificate; + return caGenerationTool.loadKeyStore(identity); } } From b1376ddfa718986fe73d262a8fad3c9702022513 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Mon, 24 Jun 2024 18:07:48 +0100 Subject: [PATCH 26/75] [ELY-2773] Update individual tests to use the new APIs to create the SSL artifacts instead of doing it themselves. --- .../MaskedPasswordSSLAuthenticationTest.java | 76 +----- .../security/ssl/SSLAuthenticationTest.java | 257 +++++++++--------- .../security/ssl/TLS13AuthenticationTest.java | 93 ++----- 3 files changed, 160 insertions(+), 266 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java index 119548f4c4b..7855dc22a65 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java @@ -25,12 +25,10 @@ import java.io.Closeable; import java.io.IOException; -import java.io.InputStream; import java.net.InetAddress; import java.net.URI; import java.security.AccessController; import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.PrivilegedAction; import java.security.Security; import java.util.Locale; @@ -38,17 +36,11 @@ import java.util.concurrent.Executors; import java.util.concurrent.Future; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509TrustManager; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -63,6 +55,8 @@ import org.wildfly.security.ssl.SSLUtils; import org.wildfly.security.ssl.test.util.CAGenerationTool; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; +import org.wildfly.security.ssl.test.util.DefinedIdentity; import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; /** @@ -72,64 +66,13 @@ */ public class MaskedPasswordSSLAuthenticationTest { - private static final char[] PASSWORD = "Elytron".toCharArray(); + private static final String JKS_LOCATION = "./target/test-classes/jks"; private static CAGenerationTool caGenerationTool; - /** - * Get the key manager backed by the specified key store. - * - * @param keystorePath the path to the keystore with X509 private key - * @return the initialised key manager. - */ - private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception { - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(createKeyStore(keystorePath), PASSWORD); - - for (KeyManager current : keyManagerFactory.getKeyManagers()) { - if (current instanceof X509ExtendedKeyManager) { - return (X509ExtendedKeyManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); - } - - private static TrustManagerFactory getTrustManagerFactory() throws Exception { - return TrustManagerFactory.getInstance("PKIX"); - } - - /** - * Get the trust manager that trusts all certificates signed by the certificate authority. - * - * @return the trust manager that trusts all certificates signed by the certificate authority. - * @throws KeyStoreException - */ - private static X509TrustManager getCATrustManager() throws Exception { - TrustManagerFactory trustManagerFactory = getTrustManagerFactory(); - trustManagerFactory.init(createKeyStore("/jks/ca.truststore")); - - for (TrustManager current : trustManagerFactory.getTrustManagers()) { - if (current instanceof X509TrustManager) { - return (X509TrustManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509TrustManager."); - } - - private static KeyStore createKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); - try (InputStream caTrustStoreFile = MaskedPasswordSSLAuthenticationTest.class.getResourceAsStream(path)) { - keyStore.load(caTrustStoreFile, PASSWORD); - } - - return keyStore; - } - - private static SecurityDomain getKeyStoreBackedSecurityDomain(String keyStorePath) throws Exception { - SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(createKeyStore(keyStorePath)); + private static SecurityDomain getKeyStoreBackedSecurityDomain(KeyStore keyStore) throws Exception { + SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(keyStore); return SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) @@ -156,10 +99,13 @@ public static void afterTest() throws IOException { @Test public void testTwoWay() throws Exception { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 61b0ca486a5..7555998138f 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -17,12 +17,12 @@ */ package org.wildfly.security.ssl; -import static org.junit.Assert.fail; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.fail; import static org.wildfly.security.ssl.test.util.CAGenerationTool.SIGNATURE_ALGORTHM; import static org.wildfly.security.x500.X500.OID_AD_OCSP; import static org.wildfly.security.x500.X500.OID_KP_OCSP_SIGNING; @@ -37,10 +37,9 @@ import java.net.ServerSocket; import java.net.SocketException; import java.net.URI; -import java.security.Principal; -import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.AccessController; +import java.security.KeyStore; +import java.security.Principal; import java.security.PrivilegedAction; import java.security.Security; import java.security.cert.X509Certificate; @@ -55,17 +54,12 @@ import java.util.concurrent.Executors; import java.util.concurrent.Future; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509TrustManager; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.x500.X500Name; @@ -79,22 +73,24 @@ import org.junit.BeforeClass; import org.junit.Test; import org.wildfly.common.Assert; -import org.wildfly.security.auth.server.SecurityIdentity; -import org.wildfly.security.password.WildFlyElytronPasswordProvider; import org.wildfly.security.auth.client.AuthenticationContext; import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient; import org.wildfly.security.auth.realm.KeyStoreBackedSecurityRealm; import org.wildfly.security.auth.server.SecurityDomain; +import org.wildfly.security.auth.server.SecurityIdentity; import org.wildfly.security.auth.server.SecurityRealm; +import org.wildfly.security.password.WildFlyElytronPasswordProvider; import org.wildfly.security.permission.PermissionVerifier; import org.wildfly.security.ssl.test.util.CAGenerationTool; -import org.wildfly.security.ssl.test.util.DefinedCAIdentity; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.ssl.test.util.CustomIdentity; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; +import org.wildfly.security.ssl.test.util.DefinedIdentity; import org.wildfly.security.x500.GeneralName; -import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; import org.wildfly.security.x500.cert.AccessDescription; import org.wildfly.security.x500.cert.AuthorityInformationAccessExtension; import org.wildfly.security.x500.cert.ExtendedKeyUsageExtension; +import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; /** * Simple test case to test authentication occurring during the establishment of an {@link SSLSession}. @@ -124,64 +120,20 @@ public class SSLAuthenticationTest { private static final File LADYBUG_REVOKED_PEM_CRL = new File(WORKING_DIR_CACRL, "ladybug-revoked.pem"); private static TestingOcspServer ocspServer = null; private static X509Certificate ocspResponderCertificate; - - /** - * Get the key manager backed by the specified key store. - * - * @param keystorePath the path to the keystore with X509 private key - * @return the initialised key manager. - */ - private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception { - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(createKeyStore(keystorePath), PASSWORD); - - for (KeyManager current : keyManagerFactory.getKeyManagers()) { - if (current instanceof X509ExtendedKeyManager) { - return (X509ExtendedKeyManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); - } + private static KeyStore shortWingedKeyStore; + private static CustomIdentity goodIdentity; + private static CustomIdentity revokedIdentity; private static TrustManagerFactory getTrustManagerFactory() throws Exception { return TrustManagerFactory.getInstance("PKIX"); } - /** - * Get the trust manager that trusts all certificates signed by the certificate authority. - * - * @return the trust manager that trusts all certificates signed by the certificate authority. - * @throws KeyStoreException - */ - private static X509TrustManager getCATrustManager() throws Exception { - TrustManagerFactory trustManagerFactory = getTrustManagerFactory(); - trustManagerFactory.init(createKeyStore("/jks/ca.truststore")); - - for (TrustManager current : trustManagerFactory.getTrustManagers()) { - if (current instanceof X509TrustManager) { - return (X509TrustManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509TrustManager."); - } - private static KeyStore createKeyStore() throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null,null); + ks.load(null, null); return ks; } - private static KeyStore createKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); - try (InputStream caTrustStoreFile = SSLAuthenticationTest.class.getResourceAsStream(path)) { - keyStore.load(caTrustStoreFile, PASSWORD); - } - - return keyStore; - } - private static void createTemporaryKeyStoreFile(KeyStore keyStore, File outputFile, char[] password) throws Exception { if (!outputFile.exists()) { outputFile.createNewFile(); @@ -191,12 +143,12 @@ private static void createTemporaryKeyStoreFile(KeyStore keyStore, File outputFi } } - private static SecurityDomain getKeyStoreBackedSecurityDomain(String keyStorePath) throws Exception { - return getKeyStoreBackedSecurityDomain(keyStorePath, true); + private static SecurityDomain getKeyStoreBackedSecurityDomain(KeyStore keyStore) throws Exception { + return getKeyStoreBackedSecurityDomain(keyStore, true); } - private static SecurityDomain getKeyStoreBackedSecurityDomain(String keyStorePath, boolean decoder) throws Exception { - SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(createKeyStore(keyStorePath)); + private static SecurityDomain getKeyStoreBackedSecurityDomain(KeyStore keyStore, boolean decoder) throws Exception { + SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(keyStore); SecurityDomain.Builder builder = SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) @@ -225,36 +177,40 @@ public static void beforeTest() throws Exception { // Generates certificate and keystore for OCSP responder DefinedCAIdentity caIdentity = caGenerationTool.getDefinedCAIdentity(Identity.CA); DefinedCAIdentity intermediateCAIdentity = caGenerationTool.getDefinedCAIdentity(Identity.INTERMEDIATE); - ocspResponderCertificate = caIdentity.createIdentity("ocspResponder", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"), - "ocsp-responder.keystore", new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); + CustomIdentity responderIdentity = caIdentity.createIdentity("ocspResponder", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"), + "ocsp-responder.keystore", new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); + ocspResponderCertificate = responderIdentity.getCertificate(); // Generates GOOD certificate referencing the OCSP responder - X509Certificate ocspCheckedGoodCertificate = intermediateCAIdentity.createIdentity("checked", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedGood"), - "ocsp-checked-good.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - ))); + goodIdentity = intermediateCAIdentity.createIdentity("checked", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedGood"), + "ocsp-checked-good.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( + new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) + ))); + X509Certificate ocspCheckedGoodCertificate = goodIdentity.getCertificate(); // Generates REVOKED certificate referencing the OCSP responder - X509Certificate ocspCheckedRevokedCertificate = caIdentity.createIdentity("checked", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedRevoked"), - "ocsp-checked-revoked.keystore", (new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - )))); + revokedIdentity = caIdentity.createIdentity("checked", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedRevoked"), + "ocsp-checked-revoked.keystore", (new AuthorityInformationAccessExtension(Collections.singletonList( + new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) + )))); + X509Certificate ocspCheckedRevokedCertificate = revokedIdentity.getCertificate(); // Generates UNKNOWN certificate referencing the OCSP responder - X509Certificate ocspCheckedUnknownCertificate = caIdentity.createIdentity("checked", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedUnknown"), - "ocsp-checked-unknown.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - ))); + CustomIdentity unknownIdentity = caIdentity.createIdentity("checked", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedUnknown"), + "ocsp-checked-unknown.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( + new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) + ))); + X509Certificate ocspCheckedUnknownCertificate = unknownIdentity.getCertificate(); X509Certificate greenJuneCertificate = caGenerationTool .getDefinedIdentity(Identity.GREENJUNE) .getCertificate(); - KeyStore beetlesKeyStore = createKeyStore("/jks/beetles.keystore"); + KeyStore beetlesKeyStore = caGenerationTool.getBeetlesKeyStore(); beetlesKeyStore.setCertificateEntry("ocspResponder", ocspResponderCertificate); beetlesKeyStore.setCertificateEntry("ocspCheckedGood", ocspCheckedGoodCertificate); beetlesKeyStore.setCertificateEntry("ocspCheckedRevoked", ocspCheckedRevokedCertificate); @@ -263,9 +219,9 @@ public static void beforeTest() throws Exception { createTemporaryKeyStoreFile(beetlesKeyStore, new File(JKS_LOCATION, "beetles.keystore"), PASSWORD); // Adds trusted cert for shortwinged - KeyStore shortwingedKeyStore = createKeyStore(); - shortwingedKeyStore.setCertificateEntry("rove", caGenerationTool.getDefinedIdentity(Identity.ROVE).getCertificate()); - createTemporaryKeyStoreFile(shortwingedKeyStore, SHORTWINGED_FILE, PASSWORD); + shortWingedKeyStore = createKeyStore(); + shortWingedKeyStore.setCertificateEntry("rove", caGenerationTool.getDefinedIdentity(Identity.ROVE).getCertificate()); + //createTemporaryKeyStoreFile(shortwingedKeyStore, SHORTWINGED_FILE, PASSWORD); // Used for all CRLs Calendar calendar = Calendar.getInstance(); @@ -439,8 +395,9 @@ public static void afterTest() throws Exception { @Test public void testOneWay() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Firefly", null, true); @@ -448,8 +405,9 @@ public void testOneWay() throws Throwable { @Test public void testCrlBlank() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-crl.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Firefly", null, true); @@ -457,8 +415,9 @@ public void testCrlBlank() throws Throwable { @Test public void testServerRevoked() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-firefly-revoked.org", false, null, null, true); @@ -466,8 +425,9 @@ public void testServerRevoked() throws Throwable { @Test public void testServerIcaRevoked() throws Throwable { + DefinedIdentity rove = caGenerationTool.getDefinedIdentity(Identity.ROVE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/rove.keystore")) + .setKeyManager(rove.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-ica-revoked.org", false, null, null, true); @@ -480,8 +440,9 @@ public void testServerIcaRevoked() throws Throwable { */ @Test public void testOneWayServerRejectedWithSingleCRL() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-one-crl.org", false, null, null, true); @@ -494,8 +455,9 @@ public void testOneWayServerRejectedWithSingleCRL() throws Throwable { */ @Test public void testOneWayServerRejectedWithMultipleCRL() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-multiple-crls-failure.org", false, @@ -509,8 +471,9 @@ public void testOneWayServerRejectedWithMultipleCRL() throws Throwable { */ @Test public void testOneWayServerAcceptedWithMultipleCRL() throws Throwable { + DefinedIdentity greenJune = caGenerationTool.getDefinedIdentity(Identity.GREENJUNE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/greenjune.keystore")) + .setKeyManager(greenJune.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-multiple-crls-success.org", true, @@ -523,8 +486,9 @@ public void testOneWayServerAcceptedWithMultipleCRL() throws Throwable { */ @Test public void testCRLMaxCertPathSucceeds() throws Throwable { + DefinedIdentity rove = caGenerationTool.getDefinedIdentity(Identity.ROVE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/rove.keystore")) + .setKeyManager(rove.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-max-cert-path.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Rove", null, true); @@ -537,8 +501,9 @@ public void testCRLMaxCertPathSucceeds() throws Throwable { */ @Test public void testCRLMaxCertPathFails() throws Throwable { + DefinedIdentity rove = caGenerationTool.getDefinedIdentity(Identity.ROVE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/rove.keystore")) + .setKeyManager(rove.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-max-cert-path-failure.org", false, null, null, true); @@ -546,10 +511,12 @@ public void testCRLMaxCertPathFails() throws Throwable { @Test public void testTwoWay() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -559,10 +526,12 @@ public void testTwoWay() throws Throwable { @Test public void testTwoWayNoDecoder() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore", false)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore(), false)) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -572,10 +541,12 @@ public void testTwoWayNoDecoder() throws Throwable { @Test public void testTwoWayIca() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/shortwinged.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(shortWingedKeyStore)) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -591,9 +562,10 @@ public void testTwoWayIca() throws Throwable { public void testAcceptedIssuersConfiguredWithCRL() throws Throwable { InputStream crl = new FileInputStream("./target/test-classes/ica/crl/blank-blank.pem"); + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); X509RevocationTrustManager trustManager = X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setCrlStream(crl) .setPreferCrls(true) .setNoFallback(true) @@ -614,11 +586,13 @@ public void testTwoWayClientRejectedWithSingleCRL() throws Throwable { // this CRL contains the certificate with the alias "ladybug" which is being sent by the client crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -641,12 +615,14 @@ public void testTwoWayClientAcceptedWithSingleCRL() throws Throwable { // CRL contains "ladybug" certificate but client sends "green june" certificate crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -672,11 +648,13 @@ public void testTwoWayClientRejectedWithMultipleCRL() throws Throwable { crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); crlStreams.add(new FileInputStream("target/test-classes/ca/crl/firefly-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -700,12 +678,14 @@ public void testTwoWayClientAcceptedWithMultipleCRL() throws Throwable { crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); crlStreams.add(new FileInputStream("target/test-classes/ca/crl/firefly-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -720,12 +700,14 @@ public void testTwoWayClientAcceptedWithMultipleCRL() throws Throwable { @Test public void testOcspGood() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setNeedClientAuth(true) @@ -756,12 +738,14 @@ public void testOcspMaxCertPathOkay() throws Throwable { } private void ocspMaxCertPathCommon(int maxCertPath, boolean expectValid) throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .setMaxCertPath(maxCertPath) .build()) @@ -774,17 +758,18 @@ private void ocspMaxCertPathCommon(int maxCertPath, boolean expectValid) throws @Test public void testClientSideOcsp() throws Throwable { SSLContext serverContextGood = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/ocsp-checked-good.keystore")) + .setKeyManager(goodIdentity.createKeyManager()) .build().create(); SSLContext serverContextRevoked = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/ocsp-checked-revoked.keystore")) + .setKeyManager(revokedIdentity.createKeyManager()) .build().create(); + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); SSLContext clientContext = new SSLContextBuilder() .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setClientMode(true) @@ -802,10 +787,12 @@ public void testClientSideOcsp() throws Throwable { @Test public void testWantClientAuthWithCorrectCertificate() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setWantClientAuth(true) .build().create(); @@ -815,10 +802,12 @@ public void testWantClientAuthWithCorrectCertificate() throws Throwable { @Test public void testWantClientAuthWithIncorrectCertificate() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setWantClientAuth(true) .build().create(); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 2b2addb635e..88ca0cd3e11 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -23,12 +23,9 @@ import java.io.Closeable; import java.io.IOException; -import java.io.InputStream; import java.net.InetAddress; import java.net.URI; import java.security.AccessController; -import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.PrivilegedAction; import java.security.Security; import java.util.Locale; @@ -36,17 +33,11 @@ import java.util.concurrent.Executors; import java.util.concurrent.Future; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509TrustManager; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -61,6 +52,8 @@ import org.wildfly.security.permission.PermissionVerifier; import org.wildfly.security.ssl.test.util.CAGenerationTool; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; +import org.wildfly.security.ssl.test.util.DefinedIdentity; import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; /** @@ -70,7 +63,6 @@ */ public class TLS13AuthenticationTest { - private static final char[] PASSWORD = "Elytron".toCharArray(); private static final String CA_JKS_LOCATION = "./target/test-classes/jks"; private static CAGenerationTool caGenerationTool = null; @@ -84,7 +76,7 @@ public static void setUp() throws Exception{ .setRequestIdentities(Identity.LADYBIRD, Identity.SCARAB) .build(); - SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/jks/beetles.keystore")); + SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(caGenerationTool.getBeetlesKeyStore()); securityDomain = SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) .build() @@ -105,11 +97,14 @@ public static void cleanUp() throws IOException { public void testTwoWayTLS13() throws Exception { final String CIPHER_SUITE = "TLS_AES_128_GCM_SHA256"; + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.fromNamesString(CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -124,11 +119,14 @@ public void testDifferentPreferredTLS13Suites() throws Exception { final String PREFERRED_CIPHER_SUITE = "TLS_AES_256_GCM_SHA384"; final String SERVER_CIPHER_SUITE = String.format("%s:%s", PREFERRED_CIPHER_SUITE, REQUIRED_CIPHER_SUITE); + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.fromNamesString(SERVER_CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -142,14 +140,17 @@ public void testClientTLS12Only() throws Exception { final String TLS13_CIPHER_SUITE = "TLS_AES_128_GCM_SHA256"; final String TLS12_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_CBC_SHA256"; // TLS v1.2 + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.aggregate( CipherSuiteSelector.fromNamesString(TLS13_CIPHER_SUITE), CipherSuiteSelector.fromString(TLS12_CIPHER_SUITE) )) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -162,11 +163,14 @@ public void testClientTLS12Only() throws Exception { public void testServerTLS12Only() throws Exception { final String SERVER_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_CBC_SHA256"; // TLS v1.2 + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.fromString(SERVER_CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -179,9 +183,11 @@ public void testServerTLS12Only() throws Exception { public void testOneWayTLS13() throws Exception { final String CIPHER_SUITE = "TLS_AES_128_GCM_SHA256"; + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setCipherSuiteSelector(CipherSuiteSelector.fromNamesString(CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setKeyManager(scarab.createKeyManager()) .build().create(); SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-one-way-tls13.org", "wildfly-ssl-test-config-v1_5.xml", CIPHER_SUITE, true); @@ -241,53 +247,6 @@ private SecurityIdentity performConnectionTest(SSLContext serverContext, String } } - /** - * Get the key manager backed by the specified key store. - * - * @param keystorePath the path to the keystore with X509 private key - * @return the initialised key manager. - */ - private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception { - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(loadKeyStore(keystorePath), PASSWORD); - - for (KeyManager current : keyManagerFactory.getKeyManagers()) { - if (current instanceof X509ExtendedKeyManager) { - return (X509ExtendedKeyManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); - } - - /** - * Get the trust manager that trusts all certificates signed by the certificate authority. - * - * @return the trust manager that trusts all certificates signed by the certificate authority. - * @throws KeyStoreException - */ - private static X509TrustManager getCATrustManager() throws Exception { - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); - trustManagerFactory.init(loadKeyStore("/jks/ca.truststore")); - - for (TrustManager current : trustManagerFactory.getTrustManagers()) { - if (current instanceof X509TrustManager) { - return (X509TrustManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509TrustManager."); - } - - private static KeyStore loadKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); - try (InputStream caTrustStoreFile = SSLAuthenticationTest.class.getResourceAsStream(path)) { - keyStore.load(caTrustStoreFile, PASSWORD); - } - - return keyStore; - } - private void safeClose(Closeable closeable) { try { closeable.close(); From 8b0c237d55e70dda5a27b2230f44c20eca400ef1 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 24 Aug 2023 09:12:53 -0400 Subject: [PATCH 27/75] [ELY-2584] Add the ability to specify that the OIDC Authentication Request should include request and request_uri parameters. --- http/oidc/pom.xml | 16 ++ .../security/http/oidc/ElytronMessages.java | 42 ++- .../http/oidc/JWKEncPublicKeyLocator.java | 113 ++++++++ .../oidc/JWTClientCredentialsProvider.java | 46 +--- .../security/http/oidc/JWTSigningUtils.java | 78 ++++++ .../org/wildfly/security/http/oidc/Oidc.java | 24 ++ .../http/oidc/OidcClientConfiguration.java | 135 +++++++++- .../oidc/OidcClientConfigurationBuilder.java | 41 ++- .../security/http/oidc/OidcClientContext.java | 101 +++++++ .../http/oidc/OidcJsonConfiguration.java | 100 ++++++- .../http/oidc/OidcProviderMetadata.java | 33 +++ .../http/oidc/OidcRequestAuthenticator.java | 177 ++++++++++++- .../security/http/oidc/ServerRequest.java | 35 ++- .../http/oidc/KeycloakConfiguration.java | 85 ++++-- .../security/http/oidc/OidcBaseTest.java | 9 +- .../wildfly/security/http/oidc/OidcTest.java | 248 +++++++++++++++++- pom.xml | 7 + 17 files changed, 1202 insertions(+), 88 deletions(-) create mode 100644 http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java create mode 100644 http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 64a7f7285d2..5f3a6504fda 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -128,6 +128,11 @@ keycloak-admin-client test + + org.keycloak + keycloak-services + test + org.jboss.logmanager jboss-logmanager @@ -173,6 +178,17 @@ jmockit test + + org.wildfly.security + wildfly-elytron-credential-source-impl + test + + + org.wildfly.security + wildfly-elytron-tests-common + test-jar + test + diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java index ac5e2861fc3..e836cc3b468 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java @@ -18,10 +18,10 @@ package org.wildfly.security.http.oidc; +import static org.jboss.logging.annotations.Message.NONE; import static org.jboss.logging.Logger.Level.DEBUG; import static org.jboss.logging.Logger.Level.ERROR; import static org.jboss.logging.Logger.Level.WARN; -import static org.jboss.logging.annotations.Message.NONE; import java.io.IOException; @@ -238,5 +238,45 @@ interface ElytronMessages extends BasicLogger { @Message(id = 23057, value = "principal-attribute '%s' claim does not exist, falling back to 'sub'") void principalAttributeClaimDoesNotExist(String principalAttributeClaim); + @Message(id = 23058, value = "Invalid keystore configuration for signing Request Objects.") + IOException invalidKeyStoreConfiguration(); + + @Message(id = 23059, value = "The signature algorithm specified is not supported by the OpenID Provider.") + IOException invalidRequestObjectSignatureAlgorithm(); + + @Message(id = 23060, value = "The encryption algorithm specified is not supported by the OpenID Provider.") + IOException invalidRequestObjectEncryptionAlgorithm(); + + @Message(id = 23061, value = "The content encryption algorithm (enc value) specified is not supported by the OpenID Provider.") + IOException invalidRequestObjectEncryptionEncValue(); + + @LogMessage(level = WARN) + @Message(id = 23062, value = "The OpenID provider does not support request parameters. Sending the request using OAuth2 format.") + void requestParameterNotSupported(); + + @Message(id = 23063, value = "Both request object encryption algorithm and request object content encryption algorithm must be configured to encrypt the request object.") + IllegalArgumentException invalidRequestObjectEncryptionAlgorithmConfiguration(); + + @Message(id = 23064, value = "Failed to create the authentication request using the request parameter.") + RuntimeException unableToCreateRequestWithRequestParameter(@Cause Exception cause); + + @Message(id = 23065, value = "Failed to create the authentication request using the request_uri parameter.") + RuntimeException unableToCreateRequestUriWithRequestParameter(@Cause Exception cause); + + @Message (id = 23066, value = "Failed to send a request to the OpenID provider's Pushed Authorization Request endpoint.") + RuntimeException failedToSendPushedAuthorizationRequest(@Cause Exception cause); + + @Message(id = 23067, value = "Cannot retrieve the request_uri as the pushed authorization request endpoint is not available for the OpenID provider.") + RuntimeException pushedAuthorizationRequestEndpointNotAvailable(); + + @LogMessage(level = WARN) + @Message(id = 23068, value = "The request object will be unsigned. This should not be used in a production environment. To sign the request object, for use in a production environment, please specify the request object signing algorithm.") + void unsignedRequestObjectIsUsed(); + + @Message(id = 23069, value = "The client secret has not been configured. Unable to sign the request object using the client secret.") + RuntimeException clientSecretNotConfigured(); + + @Message(id = 23070, value = "Authentication request format must be one of the following: oauth2, request, request_uri.") + RuntimeException invalidAuthenticationRequestFormat(); } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java new file mode 100644 index 00000000000..819e5950671 --- /dev/null +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java @@ -0,0 +1,113 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.apache.http.HttpHeaders.ACCEPT; +import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.JSON_CONTENT_TYPE; + +import java.security.PublicKey; +import java.util.ArrayList; +import java.util.Map; +import java.util.List; + +import org.apache.http.client.methods.HttpGet; +import org.wildfly.security.jose.jwk.JWK; +import org.wildfly.security.jose.jwk.JsonWebKeySet; +import org.wildfly.security.jose.jwk.JsonWebKeySetUtil; + +/** + * A public key locator that dynamically obtains the public key used for encryption + * from an OpenID provider by sending a request to the provider's {@code jwks_uri} + * when needed. + * + * @author Prarthona Paul + * */ +class JWKEncPublicKeyLocator implements PublicKeyLocator { + private List currentKeys = new ArrayList<>(); + + private volatile int lastRequestTime = 0; + + @Override + public PublicKey getPublicKey(String kid, OidcClientConfiguration config) { + int minTimeBetweenRequests = config.getMinTimeBetweenJwksRequests(); + int publicKeyCacheTtl = config.getPublicKeyCacheTtl(); + int currentTime = getCurrentTime(); + + PublicKey publicKey = lookupCachedKey(publicKeyCacheTtl, currentTime); + if (publicKey != null) { + return publicKey; + } + + synchronized (this) { + currentTime = getCurrentTime(); + if (currentTime > lastRequestTime + minTimeBetweenRequests) { + sendRequest(config); + lastRequestTime = currentTime; + } else { + log.debug("Won't send request to jwks url. Last request time was " + lastRequestTime); + } + return lookupCachedKey(publicKeyCacheTtl, currentTime); + } + + } + + @Override + public void reset(OidcClientConfiguration config) { + synchronized (this) { + sendRequest(config); + lastRequestTime = getCurrentTime(); + } + } + + private PublicKey lookupCachedKey(int publicKeyCacheTtl, int currentTime) { + if (lastRequestTime + publicKeyCacheTtl > currentTime) { + return currentKeys.get(0); // returns the first cached public key + } else { + return null; + } + } + + private static int getCurrentTime() { + return (int) (System.currentTimeMillis() / 1000); + } + + private void sendRequest(OidcClientConfiguration config) { + if (log.isTraceEnabled()) { + log.trace("Going to send request to retrieve new set of public keys to encrypt a JWT request for client " + config.getResourceName()); + } + + HttpGet request = new HttpGet(config.getJwksUrl()); + request.addHeader(ACCEPT, JSON_CONTENT_TYPE); + try { + JsonWebKeySet jwks = Oidc.sendJsonHttpRequest(config, request, JsonWebKeySet.class); + Map publicKeys = JsonWebKeySetUtil.getKeysForUse(jwks, JWK.Use.ENC); + + if (log.isDebugEnabled()) { + log.debug("Public keys successfully retrieved for client " + config.getResourceName() + ". New kids: " + publicKeys.keySet()); + } + + // update current keys + currentKeys.clear(); + currentKeys.addAll(publicKeys.values()); + } catch (OidcException e) { + log.error("Error when sending request to retrieve public keys", e); + } + } +} diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java index 4da8d3a5384..13df213373b 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java @@ -19,18 +19,13 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.JWTSigningUtils.loadKeyPairFromKeyStore; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ASSERTION; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ASSERTION_TYPE; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ASSERTION_TYPE_JWT; -import static org.wildfly.security.http.oidc.Oidc.PROTOCOL_CLASSPATH; import static org.wildfly.security.http.oidc.Oidc.asInt; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.InputStream; import java.security.KeyPair; -import java.security.KeyStore; -import java.security.PrivateKey; import java.security.PublicKey; import java.security.interfaces.RSAPublicKey; import java.util.Map; @@ -155,43 +150,4 @@ protected JwtClaims createRequestToken(String clientId, String tokenUrl) { jwtClaims.setExpirationTime(exp); return jwtClaims; } - - private static KeyPair loadKeyPairFromKeyStore(String keyStoreFile, String storePassword, String keyPassword, String keyAlias, String keyStoreType) { - InputStream stream = findFile(keyStoreFile); - try { - KeyStore keyStore = KeyStore.getInstance(keyStoreType); - keyStore.load(stream, storePassword.toCharArray()); - PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray()); - if (privateKey == null) { - log.unableToLoadKeyWithAlias(keyAlias); - } - PublicKey publicKey = keyStore.getCertificate(keyAlias).getPublicKey(); - return new KeyPair(publicKey, privateKey); - } catch (Exception e) { - throw log.unableToLoadPrivateKey(e); - } - } - - private static InputStream findFile(String keystoreFile) { - if (keystoreFile.startsWith(PROTOCOL_CLASSPATH)) { - String classPathLocation = keystoreFile.replace(PROTOCOL_CLASSPATH, ""); - // try current class classloader first - InputStream is = JWTClientCredentialsProvider.class.getClassLoader().getResourceAsStream(classPathLocation); - if (is == null) { - is = Thread.currentThread().getContextClassLoader().getResourceAsStream(classPathLocation); - } - if (is != null) { - return is; - } else { - throw log.unableToFindKeystoreFile(keystoreFile); - } - } else { - try { - // fallback to file - return new FileInputStream(keystoreFile); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); - } - } - } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java new file mode 100644 index 00000000000..03546d8a23f --- /dev/null +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java @@ -0,0 +1,78 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.security.KeyPair; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.PublicKey; + +import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.PROTOCOL_CLASSPATH; + +/** + * A utility class to obtain the KeyPair from a keystore file. + * + * @author Prarthona Paul + */ + +class JWTSigningUtils { + + public static KeyPair loadKeyPairFromKeyStore(String keyStoreFile, String storePassword, String keyPassword, String keyAlias, String keyStoreType) { + InputStream stream = findFile(keyStoreFile); + try { + KeyStore keyStore = KeyStore.getInstance(keyStoreType); + keyStore.load(stream, storePassword.toCharArray()); + PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray()); + if (privateKey == null) { + throw log.unableToLoadKeyWithAlias(keyAlias); + } + PublicKey publicKey = keyStore.getCertificate(keyAlias).getPublicKey(); + return new KeyPair(publicKey, privateKey); + } catch (Exception e) { + throw log.unableToLoadPrivateKey(e); + } + } + + public static InputStream findFile(String keystoreFile) { + if (keystoreFile.startsWith(PROTOCOL_CLASSPATH)) { + String classPathLocation = keystoreFile.replace(PROTOCOL_CLASSPATH, ""); + // try current class classloader first + InputStream is = JWTSigningUtils.class.getClassLoader().getResourceAsStream(classPathLocation); + if (is == null) { + is = Thread.currentThread().getContextClassLoader().getResourceAsStream(classPathLocation); + } + if (is != null) { + return is; + } else { + throw log.unableToFindKeystoreFile(keystoreFile); + } + } else { + try { + // fallback to file + return new FileInputStream(keystoreFile); + } catch (FileNotFoundException e) { + throw new RuntimeException(e); + } + } + } +} diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index f42313b7f58..575809f2f4b 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -45,6 +45,7 @@ public class Oidc { public static final String ACCEPT = "Accept"; + public static final String AUTHENTICATION_REQUEST_FORMAT = "authentication-request-format"; public static final String OIDC_NAME = "OIDC"; public static final String JSON_CONTENT_TYPE = "application/json"; public static final String HTML_CONTENT_TYPE = "text/html"; @@ -74,6 +75,8 @@ public class Oidc { public static final String PARTIAL = "partial/"; public static final String PASSWORD = "password"; public static final String PROMPT = "prompt"; + public static final String REQUEST = "request"; + public static final String REQUEST_URI = "request_uri"; public static final String SCOPE = "scope"; public static final String UI_LOCALES = "ui_locales"; public static final String USERNAME = "username"; @@ -201,6 +204,27 @@ public enum TokenStore { COOKIE } + public enum AuthenticationRequestFormat { + OAUTH2("oauth2"), + REQUEST("request"), + REQUEST_URI("request_uri"); + + private final String value; + + AuthenticationRequestFormat(String value) { + this.value = value; + } + + /** + * Get the string value for this authentication format. + * + * @return the string value for this authentication format + */ + public String getValue() { + return value; + } + } + public enum ClientCredentialsProviderType { SECRET("secret"), JWT("jwt"), diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java index 3e18fb4eb6d..ca56da28633 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java @@ -30,9 +30,11 @@ import static org.wildfly.security.http.oidc.Oidc.SLASH; import static org.wildfly.security.http.oidc.Oidc.SSLRequired; import static org.wildfly.security.http.oidc.Oidc.TokenStore; +import static org.wildfly.security.jose.util.JsonSerialization.readValue; import java.net.URI; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.concurrent.Callable; @@ -41,7 +43,6 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.util.EntityUtils; -import org.wildfly.security.jose.util.JsonSerialization; /** * The OpenID Connect (OIDC) configuration for a client application. This class is based on @@ -81,6 +82,11 @@ public enum RelativeUrlsUsed { protected String jwksUrl; protected String issuerUrl; protected String principalAttribute = "sub"; + protected List requestObjectSigningAlgValuesSupported; + protected List requestObjectEncryptionEncValuesSupported; + protected List requestObjectEncryptionAlgValuesSupported; + protected boolean requestParameterSupported; + protected boolean requestUriParameterSupported; protected String resource; protected String clientId; @@ -126,6 +132,17 @@ public enum RelativeUrlsUsed { protected boolean verifyTokenAudience = false; protected String tokenSignatureAlgorithm = DEFAULT_TOKEN_SIGNATURE_ALGORITHM; + protected String authenticationRequestFormat; + protected String requestObjectSigningAlgorithm; + protected String requestObjectEncryptionAlgValue; + protected String requestObjectEncryptionEncValue; + protected String pushedAuthorizationRequestEndpoint; + protected String requestObjectSigningKeyStoreFile; + protected String requestObjectSigningKeyStorePassword; + protected String requestObjectSigningKeyPassword; + protected String requestObjectSigningKeyAlias; + protected String requestObjectSigningKeyStoreType; + protected JWKEncPublicKeyLocator encryptionPublicKeyLocator; public OidcClientConfiguration() { } @@ -223,6 +240,13 @@ protected void resolveUrls() { tokenUrl = config.getTokenEndpoint(); logoutUrl = config.getLogoutEndpoint(); jwksUrl = config.getJwksUri(); + requestParameterSupported = config.getRequestParameterSupported(); + requestObjectSigningAlgValuesSupported = config.getRequestObjectSigningAlgValuesSupported(); + requestObjectEncryptionEncValuesSupported = config.getRequestObjectEncryptionEncValuesSupported(); + requestObjectEncryptionAlgValuesSupported = config.getRequestObjectEncryptionAlgValuesSupported(); + requestUriParameterSupported = config.getRequestUriParameterSupported(); + pushedAuthorizationRequestEndpoint = config.getPushedAuthorizationRequestEndpoint(); + if (authServerBaseUrl != null) { // keycloak-specific properties accountUrl = getUrl(issuerUrl, ACCOUNT_PATH); @@ -246,7 +270,7 @@ protected OidcProviderMetadata getOidcProviderMetadata(String discoveryUrl) thro EntityUtils.consumeQuietly(response.getEntity()); throw new Exception(response.getStatusLine().getReasonPhrase()); } - return JsonSerialization.readValue(response.getEntity().getContent(), OidcProviderMetadata.class); + return readValue(response.getEntity().getContent(), OidcProviderMetadata.class); } finally { request.releaseConnection(); } @@ -329,6 +353,26 @@ public String getIssuerUrl() { return issuerUrl; } + public List getRequestObjectSigningAlgValuesSupported() { + return requestObjectSigningAlgValuesSupported; + } + + public List getRequestObjectEncryptionAlgValuesSupported() { + return requestObjectEncryptionAlgValuesSupported; + } + + public List getRequestObjectEncryptionEncValuesSupported() { + return requestObjectEncryptionEncValuesSupported; + } + + public boolean getRequestParameterSupported() { + return requestParameterSupported; + } + + public boolean getRequestUriParameterSupported() { + return requestUriParameterSupported; + } + public void setResource(String resource) { this.resource = resource; } @@ -648,4 +692,91 @@ public String getTokenSignatureAlgorithm() { return tokenSignatureAlgorithm; } + public String getAuthenticationRequestFormat() { + return authenticationRequestFormat; + } + + public void setAuthenticationRequestFormat(String authenticationRequestFormat) { + this.authenticationRequestFormat = authenticationRequestFormat; + } + + public String getRequestObjectSigningAlgorithm() { + return requestObjectSigningAlgorithm; + } + + public void setRequestObjectSigningAlgorithm(String requestObjectSigningAlgorithm) { + this.requestObjectSigningAlgorithm = requestObjectSigningAlgorithm; + } + + public String getRequestObjectEncryptionAlgValue() { + return requestObjectEncryptionAlgValue; + } + + public void setRequestObjectEncryptionAlgValue(String requestObjectEncryptionAlgValue) { + this.requestObjectEncryptionAlgValue = requestObjectEncryptionAlgValue; + } + + public String getRequestObjectEncryptionEncValue() { + return requestObjectEncryptionEncValue; + } + + public void setRequestObjectEncryptionEncValue(String requestObjectEncryptionEncValue) { + this.requestObjectEncryptionEncValue = requestObjectEncryptionEncValue; + } + + public String getRequestObjectSigningKeyStoreFile() { + return requestObjectSigningKeyStoreFile; + } + + public void setRequestObjectSigningKeyStoreFile(String keyStoreFile) { + this.requestObjectSigningKeyStoreFile = keyStoreFile; + } + + public String getRequestObjectSigningKeyStorePassword() { + return requestObjectSigningKeyStorePassword; + } + + public void setRequestObjectSigningKeyStorePassword(String requestObjectSigningKeyStorePassword) { + this.requestObjectSigningKeyStorePassword = requestObjectSigningKeyStorePassword; + } + + public String getRequestObjectSigningKeyPassword() { + return requestObjectSigningKeyPassword; + } + + public void setRequestObjectSigningKeyPassword(String requestObjectSigningKeyPassword) { + this.requestObjectSigningKeyPassword = requestObjectSigningKeyPassword; + } + + public String getRequestObjectSigningKeyStoreType() { + return requestObjectSigningKeyStoreType; + } + + public void setRequestObjectSigningKeyStoreType(String requestObjectSigningKeyStoreType) { + this.requestObjectSigningKeyStoreType = requestObjectSigningKeyStoreType; + } + + public String getRequestObjectSigningKeyAlias() { + return requestObjectSigningKeyAlias; + } + + public void setRequestObjectSigningKeyAlias(String requestObjectSigningKeyAlias) { + this.requestObjectSigningKeyAlias = requestObjectSigningKeyAlias; + } + + public String getPushedAuthorizationRequestEndpoint() { + return pushedAuthorizationRequestEndpoint; + } + + public void setPushedAuthorizationRequestEndpoint(String pushedAuthorizationRequestEndpoint) { + this.pushedAuthorizationRequestEndpoint = pushedAuthorizationRequestEndpoint; + } + + public void setEncryptionPublicKeyLocator(JWKEncPublicKeyLocator publicKeySetExtractor) { + this.encryptionPublicKeyLocator = publicKeySetExtractor; + } + + public JWKEncPublicKeyLocator getEncryptionPublicKeyLocator() { + return this.encryptionPublicKeyLocator; + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java index f2d757e493c..43bebace9f6 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java @@ -18,7 +18,11 @@ package org.wildfly.security.http.oidc; +import static org.jose4j.jws.AlgorithmIdentifiers.NONE; import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; import static org.wildfly.security.http.oidc.Oidc.SSLRequired; import static org.wildfly.security.http.oidc.Oidc.TokenStore; @@ -103,6 +107,41 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc if (oidcJsonConfiguration.getScope() != null) { oidcClientConfiguration.setScope(oidcJsonConfiguration.getScope()); } + if (oidcJsonConfiguration.getAuthenticationRequestFormat() != null) { + if (!(oidcJsonConfiguration.getAuthenticationRequestFormat().equals(OAUTH2.getValue()) || + oidcJsonConfiguration.getAuthenticationRequestFormat().equals(REQUEST.getValue()) || + oidcJsonConfiguration.getAuthenticationRequestFormat().equals(REQUEST_URI.getValue()))) { + throw log.invalidAuthenticationRequestFormat(); + } + oidcClientConfiguration.setAuthenticationRequestFormat(oidcJsonConfiguration.getAuthenticationRequestFormat()); + } else { + oidcClientConfiguration.setAuthenticationRequestFormat(OAUTH2.getValue()); + } + if (oidcJsonConfiguration.getRequestObjectSigningAlgorithm() != null) { + oidcClientConfiguration.setRequestObjectSigningAlgorithm(oidcJsonConfiguration.getRequestObjectSigningAlgorithm()); + } else { + oidcClientConfiguration.setRequestObjectSigningAlgorithm(NONE); + } + if (oidcJsonConfiguration.getRequestObjectEncryptionAlgValue() != null && oidcJsonConfiguration.getRequestObjectEncryptionEncValue() != null) { //both are required to encrypt the request object + oidcClientConfiguration.setRequestObjectEncryptionAlgValue(oidcJsonConfiguration.getRequestObjectEncryptionAlgValue()); + oidcClientConfiguration.setRequestObjectEncryptionEncValue(oidcJsonConfiguration.getRequestObjectEncryptionEncValue()); + JWKEncPublicKeyLocator encryptionPublicKeyLocator = new JWKEncPublicKeyLocator(); + oidcClientConfiguration.setEncryptionPublicKeyLocator(encryptionPublicKeyLocator); + } else if (oidcJsonConfiguration.getRequestObjectEncryptionAlgValue() != null || oidcJsonConfiguration.getRequestObjectEncryptionEncValue() != null) { //if only one is specified, that is not correct + throw log.invalidRequestObjectEncryptionAlgorithmConfiguration(); + } + if (oidcJsonConfiguration.getRequestObjectSigningKeyStoreFile() != null + && oidcJsonConfiguration.getRequestObjectSigningKeyStorePassword() != null + && oidcJsonConfiguration.getRequestObjectSigningKeyPassword() != null + && oidcJsonConfiguration.getRequestObjectSigningKeyAlias() != null) { + oidcClientConfiguration.setRequestObjectSigningKeyStoreFile(oidcJsonConfiguration.getRequestObjectSigningKeyStoreFile()); + oidcClientConfiguration.setRequestObjectSigningKeyStorePassword(oidcJsonConfiguration.getRequestObjectSigningKeyStorePassword()); + oidcClientConfiguration.setRequestObjectSigningKeyPassword(oidcJsonConfiguration.getRequestObjectSigningKeyPassword()); + oidcClientConfiguration.setRequestObjectSigningKeyAlias(oidcJsonConfiguration.getRequestObjectSigningKeyAlias()); + if (oidcJsonConfiguration.getRequestObjectSigningKeyStoreType() != null) { + oidcClientConfiguration.setRequestObjectSigningKeyStoreType(oidcJsonConfiguration.getRequestObjectSigningKeyStoreType()); + } + } if (oidcJsonConfiguration.getPrincipalAttribute() != null) oidcClientConfiguration.setPrincipalAttribute(oidcJsonConfiguration.getPrincipalAttribute()); oidcClientConfiguration.setResourceCredentials(oidcJsonConfiguration.getCredentials()); @@ -193,8 +232,8 @@ public static OidcJsonConfiguration loadOidcJsonConfiguration(InputStream is) { return adapterConfig; } - public static OidcClientConfiguration build(OidcJsonConfiguration oidcJsonConfiguration) { return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration); } + } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java index 3c249bb846b..f5d930bd525 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java @@ -525,6 +525,107 @@ public String getTokenSignatureAlgorithm() { public void setTokenSignatureAlgorithm(String tokenSignatureAlgorithm) { delegate.setTokenSignatureAlgorithm(tokenSignatureAlgorithm); } + + @Override + public String getAuthenticationRequestFormat() { + return delegate.getAuthenticationRequestFormat(); + } + + @Override + public void setAuthenticationRequestFormat(String authFormat) { + delegate.setAuthenticationRequestFormat(authFormat); + } + + @Override + public String getRequestObjectSigningAlgorithm() { + return delegate.getRequestObjectSigningAlgorithm(); + } + + @Override + public void setRequestObjectSigningAlgorithm(String requestSignature) { + delegate.setRequestObjectSigningAlgorithm(requestSignature); + } + + @Override + public String getRequestObjectEncryptionAlgValue() { + return delegate.getRequestObjectEncryptionAlgValue(); + } + + @Override + public void setRequestObjectEncryptionAlgValue(String requestObjectEncryptionAlgValue) { + delegate.setRequestObjectEncryptionAlgValue(requestObjectEncryptionAlgValue); + } + + @Override + public String getRequestObjectEncryptionEncValue() { + return delegate.requestObjectEncryptionEncValue; + } + + @Override + public void setRequestObjectEncryptionEncValue (String requestObjectEncryptionEncValue) { + delegate.requestObjectEncryptionEncValue = requestObjectEncryptionEncValue; + } + + @Override + public String getRequestObjectSigningKeyStoreFile() { + return delegate.requestObjectSigningKeyStoreFile; + } + + @Override + public void setRequestObjectSigningKeyStoreFile(String keyStoreFile) { + delegate.requestObjectSigningKeyStoreFile = keyStoreFile; + } + + @Override + public String getRequestObjectSigningKeyStorePassword() { + return delegate.requestObjectSigningKeyStorePassword; + } + + @Override + public void setRequestObjectSigningKeyStorePassword(String requestObjectSigningKeyStorePassword) { + delegate.requestObjectSigningKeyStorePassword = requestObjectSigningKeyStorePassword; + } + + @Override + public String getRequestObjectSigningKeyPassword() { + return delegate.requestObjectSigningKeyPassword; + } + + @Override + public void setRequestObjectSigningKeyPassword(String requestObjectSigningKeyPassword) { + delegate.requestObjectSigningKeyPassword = requestObjectSigningKeyPassword; + } + + @Override + public String getRequestObjectSigningKeyStoreType() { + return delegate.requestObjectSigningKeyStoreType; + } + + @Override + public void setRequestObjectSigningKeyStoreType(String type) { + delegate.requestObjectSigningKeyStoreType = type; + } + + @Override + public String getRequestObjectSigningKeyAlias() { + return delegate.requestObjectSigningKeyAlias; + } + + @Override + public void setRequestObjectSigningKeyAlias(String alias) { + delegate.requestObjectSigningKeyAlias = alias; + } + + @Override + public boolean getRequestParameterSupported() { + return delegate.requestParameterSupported; + } + + @Override + public boolean getRequestUriParameterSupported() { + return delegate.requestUriParameterSupported; + } + } protected String getAuthServerBaseUrl(OidcHttpFacade facade, String base) { diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java index f835cc4fbc2..29d2d785e3c 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java @@ -38,15 +38,18 @@ "resource", "public-client", "credentials", "use-resource-role-mappings", "use-realm-role-mappings", "enable-cors", "cors-max-age", "cors-allowed-methods", "cors-exposed-headers", - "expose-token", "bearer-only", "autodetect-bearer-only", - "connection-pool-size", + "expose-token", "bearer-only", "autodetect-bearer-only", "connection-pool-size", "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password", "client-keystore", "client-keystore-password", "client-key-password", "always-refresh-token", "register-node-at-startup", "register-node-period", "token-store", "adapter-state-cookie-path", "principal-attribute", "proxy-url", "turn-off-change-session-id-on-login", "token-minimum-time-to-live", "min-time-between-jwks-requests", "public-key-cache-ttl", - "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope" + "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope", + "authentication-request-format", "request-object-signing-algorithm", "request-object-encryption-alg-value", + "request-object-encryption-enc-value", "request-object-signing-keystore-file", + "request-object-signing-keystore-password","request-object-signing-key-password", "request-object-signing-key-alias", + "request-object-signing-keystore-type" }) public class OidcJsonConfiguration { @@ -64,6 +67,16 @@ public class OidcJsonConfiguration { protected String clientKeystorePassword; @JsonProperty("client-key-password") protected String clientKeyPassword; + @JsonProperty("request-object-signing-keystore-file") + protected String requestObjectSigningKeyStoreFile; + @JsonProperty("request-object-signing-keystore-password") + protected String requestObjectSigningKeyStorePassword; + @JsonProperty("request-object-signing-key-password") + protected String requestObjectSigningKeyPassword; + @JsonProperty("request-object-signing-key-alias") + protected String requestObjectSigningKeyAlias; + @JsonProperty("request-object-signing-keystore-type") + protected String requestObjectSigningKeyStoreType; @JsonProperty("connection-pool-size") protected int connectionPoolSize = 20; @JsonProperty("always-refresh-token") @@ -142,6 +155,17 @@ public class OidcJsonConfiguration { @JsonProperty("scope") protected String scope; + @JsonProperty("authentication-request-format") + protected String authenticationRequestFormat; + + @JsonProperty("request-object-signing-algorithm") + protected String requestObjectSigningAlgorithm; + + @JsonProperty("request-object-encryption-alg-value") + protected String requestObjectEncryptionAlgValue; + + @JsonProperty("request-object-encryption-enc-value") + protected String requestObjectEncryptionEncValue; /** * The Proxy url to use for requests to the auth-server, configurable via the adapter config property {@code proxy-url}. @@ -181,6 +205,13 @@ public void setTruststorePassword(String truststorePassword) { this.truststorePassword = truststorePassword; } + public String getRequestObjectSigningKeyStoreFile() { + return requestObjectSigningKeyStoreFile; + } + + public void setRequestObjectSigningKeyStoreFile(String requestObjectSigningKeyStoreFile) { + this.requestObjectSigningKeyStoreFile = requestObjectSigningKeyStoreFile; + } public String getClientKeystore() { return clientKeystore; } @@ -189,6 +220,22 @@ public void setClientKeystore(String clientKeystore) { this.clientKeystore = clientKeystore; } + public String getRequestObjectSigningKeyStoreType() { + return requestObjectSigningKeyStoreType; + } + + public void setRequestObjectSigningKeyStoreType(String requestObjectSigningKeyStoreType) { + this.requestObjectSigningKeyStoreType = requestObjectSigningKeyStoreType; + } + + public String getRequestObjectSigningKeyAlias() { + return requestObjectSigningKeyAlias; + } + + public void setRequestObjectSigningKeyAlias(String requestObjectSigningKeyAlias) { + this.requestObjectSigningKeyAlias = requestObjectSigningKeyAlias; + } + public String getClientKeystorePassword() { return clientKeystorePassword; } @@ -201,10 +248,26 @@ public String getClientKeyPassword() { return clientKeyPassword; } + public String getRequestObjectSigningKeyPassword() { + return requestObjectSigningKeyPassword; + } + + public String getRequestObjectSigningKeyStorePassword() { + return requestObjectSigningKeyStorePassword; + } + public void setClientKeyPassword(String clientKeyPassword) { this.clientKeyPassword = clientKeyPassword; } + public void setRequestObjectSigningKeyStorePassword(String requestObjectSigningKeyStorePassword) { + this.requestObjectSigningKeyStorePassword = requestObjectSigningKeyStorePassword; + } + + public void setRequestObjectSigningKeyPassword(String requestObjectSigningKeyPassword) { + this.requestObjectSigningKeyPassword = requestObjectSigningKeyPassword; + } + public int getConnectionPoolSize() { return connectionPoolSize; } @@ -521,5 +584,36 @@ public String getScope() { public void setScope(String scope) { this.scope = scope; } + public String getAuthenticationRequestFormat() { + return authenticationRequestFormat; + } + + public void setAuthenticationRequestFormat(String authenticationRequestFormat) { + this.authenticationRequestFormat = authenticationRequestFormat; + } + + public String getRequestObjectSigningAlgorithm() { + return requestObjectSigningAlgorithm; + } + + public void setRequestObjectSigningAlgorithm(String requestObjectSigningAlgorithm) { + this.requestObjectSigningAlgorithm = requestObjectSigningAlgorithm; + } + + public String getRequestObjectEncryptionAlgValue() { + return requestObjectEncryptionAlgValue; + } + + public void setRequestObjectEncryptionAlgValue(String requestObjectEncryptionAlgValue) { + this.requestObjectEncryptionAlgValue = requestObjectEncryptionAlgValue; + } + + public String getRequestObjectEncryptionEncValue() { + return requestObjectEncryptionEncValue; + } + + public void setRequestObjectEncryptionEncValue (String requestObjectEncryptionEncValue) { + this.requestObjectEncryptionEncValue = requestObjectEncryptionEncValue; + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java index 9984de7c023..6c964dbfe1b 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java @@ -114,6 +114,9 @@ public class OidcProviderMetadata { @JsonProperty("request_uri_parameter_supported") private Boolean requestUriParameterSupported; + @JsonProperty("pushed_authorization_request_endpoint") + private String pushedAuthorizationRequestEndpoint; + @JsonProperty("revocation_endpoint") private String revocationEndpoint; @@ -142,6 +145,12 @@ public class OidcProviderMetadata { @JsonProperty("tls_client_certificate_bound_access_tokens") private Boolean tlsClientCertificateBoundAccessTokens; + @JsonProperty("request_object_encryption_enc_values_supported") + private List requestObjectEncryptionEncValuesSupported; + + @JsonProperty("request_object_encryption_alg_values_supported") + private List requestObjectEncryptionAlgValuesSupported; + protected Map otherClaims = new HashMap(); public String getIssuer() { @@ -411,6 +420,30 @@ public Boolean getTlsClientCertificateBoundAccessTokens() { return tlsClientCertificateBoundAccessTokens; } + public List getRequestObjectEncryptionAlgValuesSupported() { + return requestObjectEncryptionAlgValuesSupported; + } + + public void setRequestObjectEncryptionAlgValuesSupported(List requestObjectEncryptionAlgValuesSupported) { + this.requestObjectEncryptionAlgValuesSupported = requestObjectEncryptionAlgValuesSupported; + } + + public List getRequestObjectEncryptionEncValuesSupported() { + return requestObjectEncryptionEncValuesSupported; + } + + public void setRequestObjectEncryptionEncValuesSupported(List requestObjectEncryptionEncValuesSupported) { + this.requestObjectEncryptionEncValuesSupported = requestObjectEncryptionEncValuesSupported; + } + + public String getPushedAuthorizationRequestEndpoint() { + return pushedAuthorizationRequestEndpoint; + } + + public void setPushedAuthorizationRequestEndpoint(String url) { + this.pushedAuthorizationRequestEndpoint = url; + } + @JsonAnyGetter public Map getOtherClaims() { return otherClaims; diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java index bf67e938598..5ef5c26122e 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java @@ -18,6 +18,10 @@ package org.wildfly.security.http.oidc; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA256; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA384; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA512; +import static org.jose4j.jws.AlgorithmIdentifiers.NONE; import static org.wildfly.security.http.oidc.ElytronMessages.log; import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID; @@ -32,13 +36,17 @@ import static org.wildfly.security.http.oidc.Oidc.PROMPT; import static org.wildfly.security.http.oidc.Oidc.REDIRECT_URI; import static org.wildfly.security.http.oidc.Oidc.RESPONSE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_URI; import static org.wildfly.security.http.oidc.Oidc.SCOPE; import static org.wildfly.security.http.oidc.Oidc.SESSION_STATE; import static org.wildfly.security.http.oidc.Oidc.STATE; import static org.wildfly.security.http.oidc.Oidc.UI_LOCALES; +import static org.wildfly.security.http.oidc.Oidc.ClientCredentialsProviderType.SECRET; + +import static org.wildfly.security.http.oidc.Oidc.logToken; import static org.wildfly.security.http.oidc.Oidc.generateId; import static org.wildfly.security.http.oidc.Oidc.getQueryParamValue; -import static org.wildfly.security.http.oidc.Oidc.logToken; import static org.wildfly.security.http.oidc.Oidc.stripQueryParam; import java.io.IOException; @@ -47,6 +55,10 @@ import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; +import java.nio.charset.StandardCharsets; +import java.security.Key; +import java.security.KeyPair; +import java.security.PublicKey; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; @@ -54,10 +66,16 @@ import java.util.Map; import java.util.Set; -import org.apache.http.HttpStatus; import org.apache.http.NameValuePair; +import org.apache.http.HttpStatus; import org.apache.http.client.utils.URIBuilder; import org.apache.http.message.BasicNameValuePair; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwt.JwtClaims; +import org.jose4j.keys.HmacKey; +import org.jose4j.lang.JoseException; import org.wildfly.security.http.HttpConstants; /** @@ -201,18 +219,73 @@ protected String getRedirectUri(String state) { return null; } - URIBuilder redirectUriBuilder = new URIBuilder(deployment.getAuthUrl()) - .addParameter(RESPONSE_TYPE, CODE) - .addParameter(CLIENT_ID, deployment.getResourceName()) - .addParameter(REDIRECT_URI, rewrittenRedirectUri(url)) - .addParameter(STATE, state); - redirectUriBuilder.addParameters(forwardedQueryParams); + String redirectUri = rewrittenRedirectUri(url); + URIBuilder redirectUriBuilder = new URIBuilder(deployment.getAuthUrl()); + redirectUriBuilder.addParameter(RESPONSE_TYPE, CODE) + .addParameter(CLIENT_ID, deployment.getResourceName()); + + switch (deployment.getAuthenticationRequestFormat()) { + case REQUEST: + if (deployment.getRequestParameterSupported()) { + // add request objects into request parameter + try { + createRequestWithRequestParameter(REQUEST, redirectUriBuilder, redirectUri, state, forwardedQueryParams); + } catch (IOException | JoseException e) { + throw log.unableToCreateRequestWithRequestParameter(e); + } + } else { + // send request as usual + createOAuthRequest(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + log.requestParameterNotSupported(); + } + break; + case REQUEST_URI: + if (deployment.getRequestUriParameterSupported()) { + try { + createRequestWithRequestParameter(REQUEST_URI, redirectUriBuilder, redirectUri, state, forwardedQueryParams); + } catch (IOException | JoseException e) { + throw log.unableToCreateRequestUriWithRequestParameter(e); + } + } else { + // send request as usual + createOAuthRequest(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + log.requestParameterNotSupported(); + } + break; + default: + createOAuthRequest(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + break; + } return redirectUriBuilder.build().toString(); } catch (URISyntaxException e) { throw log.unableToCreateRedirectResponse(e); } } + protected URIBuilder createOAuthRequest(URIBuilder redirectUriBuilder, String redirectUri, String state, List forwardedQueryParams) { + redirectUriBuilder.addParameter(REDIRECT_URI, redirectUri) + .addParameter(STATE, state) + .addParameters(forwardedQueryParams); + return redirectUriBuilder; + } + + protected URIBuilder createRequestWithRequestParameter(String requestFormat, URIBuilder redirectUriBuilder, String redirectUri, String state, List forwardedQueryParams) throws JoseException, IOException { + String request = convertToRequestParameter(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + + switch (requestFormat) { + case REQUEST: + redirectUriBuilder.addParameter(REDIRECT_URI, redirectUri) + .addParameter(REQUEST, request); + break; + case REQUEST_URI: + String request_uri = ServerRequest.getRequestUri(request, deployment); + redirectUriBuilder.addParameter("request_uri", request_uri) + .addParameter(REDIRECT_URI, redirectUri); + break; + } + return redirectUriBuilder; + } + protected int getSSLRedirectPort() { return sslRedirectPort; } @@ -461,4 +534,92 @@ private void addScopes(String scopes, Set allScopes) { allScopes.addAll(Arrays.asList(scopes.split("\\s+"))); } } + + private String convertToRequestParameter(URIBuilder redirectUriBuilder, String redirectUri, String state, List forwardedQueryParams) throws JoseException, IOException { + redirectUriBuilder.addParameter(SCOPE, OIDC_SCOPE); + + JwtClaims jwtClaims = new JwtClaims(); + jwtClaims.setIssuer(deployment.getResourceName()); + jwtClaims.setAudience(deployment.getIssuerUrl()); + + for ( NameValuePair parameter: forwardedQueryParams) { + jwtClaims.setClaim(parameter.getName(), parameter.getValue()); + } + jwtClaims.setClaim(STATE, state); + jwtClaims.setClaim(REDIRECT_URI, redirectUri); + jwtClaims.setClaim(RESPONSE_TYPE, CODE); + jwtClaims.setClaim(CLIENT_ID, deployment.getResourceName()); + + // sign JWT first before encrypting + JsonWebSignature signedRequest = signRequest(jwtClaims, deployment); + + // Encrypting optional + if (deployment.getRequestObjectEncryptionAlgValue() != null && !deployment.getRequestObjectEncryptionAlgValue().isEmpty() && + deployment.getRequestObjectEncryptionEncValue() != null && !deployment.getRequestObjectEncryptionEncValue().isEmpty()) { + return encryptRequest(signedRequest).getCompactSerialization(); + } else { + return signedRequest.getCompactSerialization(); + } + } + + private static KeyPair getkeyPair(OidcClientConfiguration deployment) throws IOException { + if (!deployment.getRequestObjectSigningAlgorithm().equals(NONE) && deployment.getRequestObjectSigningKeyStoreFile() == null){ + throw log.invalidKeyStoreConfiguration(); + } else { + return JWTSigningUtils.loadKeyPairFromKeyStore(deployment.getRequestObjectSigningKeyStoreFile(), + deployment.getRequestObjectSigningKeyStorePassword(), deployment.getRequestObjectSigningKeyPassword(), + deployment.getRequestObjectSigningKeyAlias(), deployment.getRequestObjectSigningKeyStoreType()); + } + } + + private static JsonWebSignature signRequest(JwtClaims jwtClaims, OidcClientConfiguration deployment) throws IOException, JoseException { + JsonWebSignature jsonWebSignature = new JsonWebSignature(); + jsonWebSignature.setPayload(jwtClaims.toJson()); + + if (!deployment.getRequestObjectSigningAlgValuesSupported().contains(deployment.getRequestObjectSigningAlgorithm())) { + throw log.invalidRequestObjectSignatureAlgorithm(); + } else { + if (deployment.getRequestObjectSigningAlgorithm().equals(NONE)) { //unsigned + jsonWebSignature.setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS); + jsonWebSignature.setAlgorithmHeaderValue(NONE); + } else if (deployment.getRequestObjectSigningAlgorithm().equals(HMAC_SHA256) + || deployment.getRequestObjectSigningAlgorithm().equals(HMAC_SHA384) + || deployment.getRequestObjectSigningAlgorithm().equals(HMAC_SHA512)) { //signed with symmetric key + jsonWebSignature.setAlgorithmHeaderValue(deployment.getRequestObjectSigningAlgorithm()); + String secretKey = (String) deployment.getResourceCredentials().get(SECRET.getValue()); + if (secretKey == null) { + throw log.clientSecretNotConfigured(); + } else { + Key key = new HmacKey(secretKey.getBytes(StandardCharsets.UTF_8)); //the client secret is a shared secret between the server and the client + jsonWebSignature.setKey(key); + } + } else { //signed with asymmetric key + KeyPair keyPair = getkeyPair(deployment); + jsonWebSignature.setKey(keyPair.getPrivate()); + jsonWebSignature.setAlgorithmHeaderValue(deployment.getRequestObjectSigningAlgorithm()); + } + if (!deployment.getRequestObjectSigningAlgorithm().equals(NONE)) + jsonWebSignature.sign(); + else + log.unsignedRequestObjectIsUsed(); + return jsonWebSignature; + } + } + + private JsonWebEncryption encryptRequest(JsonWebSignature signedRequest) throws JoseException, IOException { + if (!deployment.getRequestObjectEncryptionAlgValuesSupported().contains(deployment.getRequestObjectEncryptionAlgValue())) { + throw log.invalidRequestObjectEncryptionAlgorithm(); + } else if (!deployment.getRequestObjectEncryptionEncValuesSupported().contains(deployment.getRequestObjectEncryptionEncValue())) { + throw log.invalidRequestObjectEncryptionEncValue(); + } else { + JsonWebEncryption jsonEncryption = new JsonWebEncryption(); + jsonEncryption.setPayload(signedRequest.getCompactSerialization()); + jsonEncryption.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, deployment.getRequestObjectEncryptionAlgValue(), deployment.getRequestObjectEncryptionEncValue())); + jsonEncryption.setAlgorithmHeaderValue(deployment.getRequestObjectEncryptionAlgValue()); + jsonEncryption.setEncryptionMethodHeaderParameter(deployment.getRequestObjectEncryptionEncValue()); + PublicKey encPublicKey = deployment.getEncryptionPublicKeyLocator().getPublicKey(null, deployment); + jsonEncryption.setKey(encPublicKey); + return jsonEncryption; + } + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java index ad50d715c56..3a203541ee4 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java @@ -25,13 +25,14 @@ import static org.wildfly.security.http.oidc.Oidc.KEYCLOAK_CLIENT_CLUSTER_HOST; import static org.wildfly.security.http.oidc.Oidc.PASSWORD; import static org.wildfly.security.http.oidc.Oidc.REDIRECT_URI; +import static org.wildfly.security.http.oidc.Oidc.REQUEST; import static org.wildfly.security.http.oidc.Oidc.USERNAME; import java.io.BufferedReader; import java.io.ByteArrayOutputStream; -import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.IOException; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.util.ArrayList; @@ -46,6 +47,8 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.message.BasicNameValuePair; import org.apache.http.util.EntityUtils; +import org.jose4j.jwt.JwtClaims; +import org.jose4j.jwt.consumer.InvalidJwtException; import org.wildfly.security.jose.util.JsonSerialization; /** @@ -274,4 +277,34 @@ public static AccessAndIDTokenResponse getBearerToken(OidcClientConfiguration oi } return tokenResponse; } + + public static String getRequestUri(String request, OidcClientConfiguration deployment) throws OidcException { + if (deployment.getPushedAuthorizationRequestEndpoint() == null) { + throw log.pushedAuthorizationRequestEndpointNotAvailable(); + } + HttpPost parRequest = new HttpPost(deployment.getPushedAuthorizationRequestEndpoint()); + List formParams = new ArrayList(); + formParams.add(new BasicNameValuePair(REQUEST, request)); + ClientCredentialsProviderUtils.setClientCredentials(deployment, parRequest, formParams); + + UrlEncodedFormEntity form = new UrlEncodedFormEntity(formParams, StandardCharsets.UTF_8); + parRequest.setEntity(form); + + HttpResponse response; + try { + response = deployment.getClient().execute(parRequest); + } catch (Exception e) { + throw log.failedToSendPushedAuthorizationRequest(e); + } + if (response.getStatusLine().getStatusCode() != HttpStatus.SC_CREATED) { + EntityUtils.consumeQuietly(response.getEntity()); + throw log.unexpectedResponseCodeFromOidcProvider(response.getStatusLine().getStatusCode()); + } + try (InputStream inputStream = response.getEntity().getContent()) { + JwtClaims jwt = JwtClaims.parse(readString(inputStream, StandardCharsets.UTF_8)); + return jwt.getClaimValueAsString("request_uri"); + } catch (IOException | InvalidJwtException e) { + throw log.failedToDecodeRequestUri(e); + } + } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java index 4bb5e2b33b0..8ebf4051bf2 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java @@ -20,12 +20,23 @@ import static org.wildfly.security.http.oidc.OidcBaseTest.TENANT1_REALM; import static org.wildfly.security.http.oidc.OidcBaseTest.TENANT2_REALM; +import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; +import java.util.Base64; import java.util.Collections; import java.util.List; +import java.util.Objects; +import javax.security.auth.x500.X500Principal; +import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; @@ -33,10 +44,9 @@ import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RolesRepresentation; import org.keycloak.representations.idm.UserRepresentation; - +import org.wildfly.security.ssl.test.util.CAGenerationTool; import io.restassured.RestAssured; -import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; /** * Keycloak configuration for testing. @@ -53,6 +63,24 @@ public class KeycloakConfiguration { private static final String BOB_PASSWORD = "bob123+"; public static final String ALLOWED_ORIGIN = "http://somehost"; public static final boolean EMAIL_VERIFIED = false; + public static final String RSA_KEYSTORE_FILE_NAME = "jwt.keystore"; + public static final String EC_KEYSTORE_FILE_NAME = "jwtEC.keystore"; + public static final String KEYSTORE_ALIAS = "jwtKeystore"; + public static final String KEYSTORE_PASS = "Elytron"; + public static final String PKCS12_KEYSTORE_TYPE = "PKCS12"; + public static String KEYSTORE_CLASSPATH; + + /* Accepted Request Object Encrypting Algorithms for KeyCloak*/ + public static final String RSA_OAEP = "RSA-OAEP"; + public static final String RSA_OAEP_256 = "RSA-OAEP-256"; + public static final String RSA1_5 = "RSA1_5"; + + /* Accepted Request Object Encryption Methods for KeyCloak*/ + public static final String A128CBC_HS256 = "A128CBC-HS256"; + public static final String A192CBC_HS384 = "A192CBC-HS384"; + public static final String A256CBC_HS512 = "A256CBC-HS512"; + public static CAGenerationTool caGenerationTool = null; + public X509Certificate caCertificate = null; // the users below are for multi-tenancy tests specifically public static final String TENANT1_USER = "tenant1_user"; @@ -76,20 +104,20 @@ public class KeycloakConfiguration { * */ public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, - String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) { + String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, configureClientScopes); } public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, int accessTokenLifespan, - int ssoSessionMaxLifespan, boolean configureClientScopes, boolean multiTenancyApp) { + int ssoSessionMaxLifespan, boolean configureClientScopes, boolean multiTenancyApp) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, accessTokenLifespan, ssoSessionMaxLifespan, configureClientScopes, multiTenancyApp); } public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, - String corsClientId) { + String corsClientId) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, bearerOnlyClientId, corsClientId); } @@ -126,25 +154,25 @@ public static String getAccessToken(String authServerUrl, String realmName, Stri private static RealmRepresentation createRealm(final String realmName, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, - String corsClientId) { + String corsClientId) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, bearerOnlyClientId, corsClientId, false); } private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, - String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) { + String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) throws Exception { return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, false, null, null, configureClientScopes); } private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, int accessTokenLifeSpan, int ssoSessionMaxLifespan, - boolean configureClientScopes, boolean multiTenancyApp) { + boolean configureClientScopes, boolean multiTenancyApp) throws Exception { return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, false, null, null, accessTokenLifeSpan, ssoSessionMaxLifespan, configureClientScopes, multiTenancyApp); } private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, - String corsClientId, boolean configureClientScopes) { + String corsClientId, boolean configureClientScopes) throws Exception { return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, bearerOnlyClientId, corsClientId, 3, 3, configureClientScopes, false); } @@ -152,7 +180,7 @@ private static RealmRepresentation createRealm(String name, String clientId, Str String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, String corsClientId, int accessTokenLifespan, int ssoSessionMaxLifespan, - boolean configureClientScopes, boolean multiTenancyApp) { + boolean configureClientScopes, boolean multiTenancyApp) throws Exception { RealmRepresentation realm = new RealmRepresentation(); realm.setRealm(name); realm.setEnabled(true); @@ -201,17 +229,12 @@ private static RealmRepresentation createRealm(String name, String clientId, Str } private static ClientRepresentation createWebAppClient(String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, - boolean directAccessGrantEnabled, boolean multiTenancyApp) { + boolean directAccessGrantEnabled, boolean multiTenancyApp) throws Exception { return createWebAppClient(clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, null, multiTenancyApp); } private static ClientRepresentation createWebAppClient(String clientId, String clientSecret, String clientHostName, int clientPort, - String clientApp, boolean directAccessGrantEnabled, String allowedOrigin) { - return createWebAppClient(clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, allowedOrigin, false); - } - - private static ClientRepresentation createWebAppClient(String clientId, String clientSecret, String clientHostName, int clientPort, - String clientApp, boolean directAccessGrantEnabled, String allowedOrigin, boolean multiTenancyApp) { + String clientApp, boolean directAccessGrantEnabled, String allowedOrigin, boolean multiTenancyApp) throws Exception { ClientRepresentation client = new ClientRepresentation(); client.setClientId(clientId); client.setPublicClient(false); @@ -224,9 +247,29 @@ private static ClientRepresentation createWebAppClient(String clientId, String c } client.setEnabled(true); client.setDirectAccessGrantsEnabled(directAccessGrantEnabled); + if (allowedOrigin != null) { client.setWebOrigins(Collections.singletonList(allowedOrigin)); } + + OIDCAdvancedConfigWrapper oidcAdvancedConfigWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client); + oidcAdvancedConfigWrapper.setUseJwksUrl(false); + KEYSTORE_CLASSPATH = Objects.requireNonNull(KeycloakConfiguration.class.getClassLoader().getResource("")).getPath(); + File ksFile = new File(KEYSTORE_CLASSPATH + RSA_KEYSTORE_FILE_NAME); + if (ksFile.exists()) { + InputStream stream = findFile(KEYSTORE_CLASSPATH + RSA_KEYSTORE_FILE_NAME); + KeyStore keyStore = KeyStore.getInstance(PKCS12_KEYSTORE_TYPE); + keyStore.load(stream, KEYSTORE_PASS.toCharArray()); + client.getAttributes().put("jwt.credential.certificate", Base64.getEncoder().encodeToString(keyStore.getCertificate(KEYSTORE_ALIAS).getEncoded())); + } else { + caGenerationTool = CAGenerationTool.builder() + .setBaseDir(KEYSTORE_CLASSPATH) + .setRequestIdentities(CAGenerationTool.Identity.values()) // Create all identities. + .build(); + X500Principal principal = new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"); + X509Certificate rsaCert = caGenerationTool.createIdentity(KEYSTORE_ALIAS, principal, RSA_KEYSTORE_FILE_NAME, CAGenerationTool.Identity.CA); + client.getAttributes().put("jwt.credential.certificate", Base64.getEncoder().encodeToString(rsaCert.getEncoded())); + } return client; } @@ -257,4 +300,12 @@ private static UserRepresentation createUser(String username, String password, L return user; } + private static InputStream findFile(String keystoreFile) { + try { + return new FileInputStream(keystoreFile); + } catch (FileNotFoundException e) { + throw new RuntimeException(e); + } + } + } \ No newline at end of file diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index de3115d96b0..b604af8a8f8 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -81,7 +81,7 @@ public class OidcBaseTest extends AbstractBaseHttpTest { public static final String CLIENT_ID = "test-webapp"; - public static final String CLIENT_SECRET = "secret"; + public static final String CLIENT_SECRET = "longerclientsecretthatisstleast256bitslong"; public static KeycloakContainer KEYCLOAK_CONTAINER; public static final String TEST_REALM = "WildFly"; public static final String TEST_REALM_WITH_SCOPES = "WildFlyScopes"; @@ -100,6 +100,13 @@ public class OidcBaseTest extends AbstractBaseHttpTest { public static final String TENANT2_ENDPOINT = "tenant2"; protected HttpServerAuthenticationMechanismFactory oidcFactory; + public enum RequestObjectErrorType { + INVALID_ALGORITHM, + MISSING_CLIENT_SECRET, + INVALID_REQUEST_FORMAT, + MISSING_ENC_VALUE + } + @AfterClass public static void generalCleanup() throws Exception { if (KEYCLOAK_CONTAINER != null) { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index b7e1ce6ec6a..fdda1aac447 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -18,6 +18,20 @@ package org.wildfly.security.http.oidc; +import static org.jose4j.jws.AlgorithmIdentifiers.NONE; +import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA256; +import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA512; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA256; +import static org.jose4j.jws.AlgorithmIdentifiers.RSA_PSS_USING_SHA256; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.KEYSTORE_CLASSPATH; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.KEYSTORE_PASS; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.PKCS12_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.RSA1_5; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.RSA_OAEP; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.RSA_OAEP_256; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.A128CBC_HS256; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.A192CBC_HS384; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.A256CBC_HS512; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -32,6 +46,9 @@ import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_USER; import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; import java.io.ByteArrayInputStream; import java.io.InputStream; @@ -42,19 +59,18 @@ import javax.security.auth.callback.CallbackHandler; -import org.apache.http.HttpStatus; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; -import org.wildfly.security.http.HttpServerAuthenticationMechanism; - +import com.gargoylesoftware.htmlunit.html.HtmlPage; import com.gargoylesoftware.htmlunit.TextPage; import com.gargoylesoftware.htmlunit.WebClient; -import com.gargoylesoftware.htmlunit.html.HtmlPage; - import io.restassured.RestAssured; import okhttp3.mockwebserver.MockWebServer; import okhttp3.mockwebserver.QueueDispatcher; +import org.apache.http.HttpStatus; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; /** * Tests for the OpenID Connect authentication mechanism. @@ -237,6 +253,100 @@ public void testOpenIDWithMultipleScopeValue() throws Exception { true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); } + // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). + @Test + public void testSuccessfulOauth2Request() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(OAUTH2.getValue(), "", "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPlaintextRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), NONE, "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPlaintextEncryptedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), NONE, RSA_OAEP, A128CBC_HS256), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulRsaSignedAndEncryptedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_USING_SHA512, RSA_OAEP, A192CBC_HS384, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPsSignedAndRsaEncryptedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_PSS_USING_SHA256, RSA_OAEP_256, A256CBC_HS512, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testInvalidSigningAlgorithm() throws Exception { + //ES256K is a valid signature algorithm, but not one of the ones supported by keycloak + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), "ES256K", RSA_OAEP_256, A256CBC_HS512, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), RequestObjectErrorType.INVALID_ALGORITHM); + } + + @Test + public void testSuccessfulRsaSignedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_USING_SHA256, "", "", KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPsSignedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_PSS_USING_SHA256, "", "", KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + @Test + public void testInvalidRequestEncryptionAlgorithm() throws Exception { + // None is not a valid algorithm for encrypting jwt's and RSA-OAEP is not a valid algorithm for signing + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA1_5, NONE, NONE, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), RequestObjectErrorType.INVALID_ALGORITHM); + } + + @Test + public void testSuccessfulPlaintextRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST_URI.getValue(), NONE, "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulHmacSignedRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), HMAC_SHA256, "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulHmacSignedAndEncryptedRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), HMAC_SHA256, RSA_OAEP, A128CBC_HS256), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulSignedAndEncryptedRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST_URI.getValue(), RSA_USING_SHA256, RSA_OAEP_256, A256CBC_HS512, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulHmacSignedRequestObjectWithoutSecret() throws Exception { + // this is supposed to fail since for symmetric algorithms we sign the request object with the client secret + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestObjectPublicClient(REQUEST.getValue(), HMAC_SHA256), RequestObjectErrorType.MISSING_CLIENT_SECRET); + } + + @Test + public void testIncorrectAuthenticationFormat() throws Exception { + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestObjectPublicClient("INVALID_REQUEST_PARAMETER", HMAC_SHA256), RequestObjectErrorType.INVALID_REQUEST_FORMAT); + } + + @Test + public void testRequestObjectConfigMissingENCValue() throws Exception { + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithoutEncValue(REQUEST.getValue(), RSA_OAEP), RequestObjectErrorType.MISSING_ENC_VALUE); + } + /***************************************************************************************************************************************** * Tests for multi-tenancy. * @@ -496,6 +606,54 @@ private void performTenantRequest(String username, String password, String tenan } } + private void testRequestObjectInvalidConfiguration(InputStream oidcConfig, RequestObjectErrorType requestObjectErrorType) throws Exception { + try { + Map props = new HashMap<>(); + try { + OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); + if (requestObjectErrorType == RequestObjectErrorType.MISSING_ENC_VALUE || requestObjectErrorType == RequestObjectErrorType.INVALID_REQUEST_FORMAT) { + Assert.fail("No error was thrown while attempting to build the client configuration."); + } + assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); + + OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); + oidcFactory = new OidcMechanismFactory(oidcClientContext); + HttpServerAuthenticationMechanism mechanism; + + if (oidcClientConfiguration.getAuthenticationRequestFormat().contains(REQUEST.getValue())) { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, "+phone+profile+email")); + } else { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + } + + URI requestUri = new URI(getClientUrl()); + TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); + try { + mechanism.evaluateRequest(request); + Assert.fail("No error was thrown while attempting to evaluate the request"); + } catch (Exception e) { + + if (requestObjectErrorType == RequestObjectErrorType.INVALID_ALGORITHM) { + assertTrue(e.getMessage().contains("Failed to create the authentication request")); + } else if (requestObjectErrorType == RequestObjectErrorType.MISSING_CLIENT_SECRET) { + assertTrue(e.getMessage().contains("The client secret has not been configured.")); + } else { + throw e; + } + } + } catch (Exception e) { + if (requestObjectErrorType == RequestObjectErrorType.INVALID_REQUEST_FORMAT) { + assertTrue(e.getMessage().contains("Authentication request format must be one of the following: oauth2, request, request_uri.")); + } else if (requestObjectErrorType == RequestObjectErrorType.MISSING_ENC_VALUE) { + assertTrue(e.getMessage().contains("Both request object encryption algorithm and request object content encryption algorithm must be configured to encrypt the request object.")); + } + } + } finally { + client.setDispatcher(new QueueDispatcher()); + } + } + + private InputStream getOidcConfigurationInputStream() { return getOidcConfigurationInputStream(CLIENT_SECRET); } @@ -582,7 +740,6 @@ private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ String oidcConfig = "{\n" + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + @@ -590,6 +747,25 @@ private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ " \"public-client\" : \"false\",\n" + " \"scope\" : \"" + scopeValue + "\",\n" + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + + " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + + " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + + " \"scope\" : \"profile email phone\",\n" + " \"credentials\" : {\n" + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + @@ -597,6 +773,59 @@ private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } + private InputStream getOidcConfigurationInputStreamWithoutEncValue(String requestParameter, String encryptionAlgorithm){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + + " \"scope\" : \"profile email phone\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + + private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod, String keyStorePath, String alias, String keyStoreType){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + + " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + + " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + + " \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" + + " \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" + + " \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"request-object-signing-key-alias\" : \"" + alias + "\",\n" + + " \"scope\" : \"email phone profile\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + + private InputStream getOidcConfigurationInputStreamWithRequestObjectPublicClient(String requestParameter, String signingAlgorithm){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"true\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + + " \"scope\" : \"email phone profile\"\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { String oidcConfig = "{\n" + " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + @@ -642,3 +871,4 @@ private static final String getClientPageTestForTenant(String tenant) { return tenant.equals(TENANT1_ENDPOINT) ? TENANT1_ENDPOINT : TENANT2_ENDPOINT + ":" + CLIENT_PAGE_TEXT; } } + diff --git a/pom.xml b/pom.xml index 20543860b1e..e71dc5e2d33 100644 --- a/pom.xml +++ b/pom.xml @@ -99,6 +99,7 @@ 4.3.3 2.40.0 2.3.0 + 3.1.0.Final INFO @@ -1152,6 +1153,12 @@ ${version.org.bouncycastle} test + + org.keycloak + keycloak-services + ${version.org.keycloak.keycloak-services} + test + From 4119a7e28f71168cdd5aff60e9ffeaf40c090a0c Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 26 Jun 2024 14:24:50 +0100 Subject: [PATCH 28/75] [ELY-2774] Move tests to PKCS#12 KeyStores --- .../MaskedPasswordSSLAuthenticationTest.java | 4 +- .../security/ssl/SSLAuthenticationTest.java | 4 +- .../ssl/SSLv2HelloAuthenticationTest.java | 20 ++++----- .../security/ssl/TLS13AuthenticationTest.java | 2 +- ...ildfly-masked-password-ssl-config-v1_4.xml | 5 ++- .../wildfly/security/ssl/ocsp-responder.xml | 2 +- .../ssl/wildfly-ssl-test-config-v1_5.xml | 9 ++-- .../ssl/wildfly-ssl-test-config-v1_6.xml | 9 ++-- .../ssl/wildfly-ssl-test-config-v1_7.xml | 43 ++++++++++--------- .../ssl/test/util/CAGenerationTool.java | 2 +- 10 files changed, 53 insertions(+), 47 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java index 7855dc22a65..0ba8e2713a1 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java @@ -137,11 +137,11 @@ private SecurityIdentity performConnectionTest(SSLContext serverContext, SSLCont SSLSocket sslSocket = (SSLSocket) clientContext.getSocketFactory().createSocket(InetAddress.getLoopbackAddress(), 1111); sslSocket.getSession(); + System.out.println("Client connected"); return sslSocket; } catch (Exception e) { + System.out.println("Client Connection Failed"); throw new RuntimeException(e); - } finally { - System.out.println("Client connected"); } }); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 7555998138f..9c2731228b6 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -104,7 +104,7 @@ public class SSLAuthenticationTest { private final int TESTING_PORT = 18201; private static final char[] PASSWORD = "Elytron".toCharArray(); - private static final String JKS_LOCATION = "./target/test-classes/jks"; + private static final String JKS_LOCATION = "./target/test-classes/pkcs12"; private static final String CA_CRL_LOCATION = "./target/test-classes/ca/crl"; private static final String ICA_CRL_LOCATION = "./target/test-classes/ica/crl"; private static final File WORKING_DIR_CACRL = new File(CA_CRL_LOCATION); @@ -129,7 +129,7 @@ private static TrustManagerFactory getTrustManagerFactory() throws Exception { } private static KeyStore createKeyStore() throws Exception { - KeyStore ks = KeyStore.getInstance("JKS"); + KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null, null); return ks; } diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java index 9e61933f29a..a65c8b27d15 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java @@ -89,7 +89,7 @@ public class SSLv2HelloAuthenticationTest { private static final char[] PASSWORD = "Elytron".toCharArray(); - private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks"; + private static final String CA_JKS_LOCATION = "./target/test-classes/ca/pkcs12"; private static File ladybirdFile = null; private static File scarabFile = null; private static File beetlesFile = null; @@ -119,7 +119,7 @@ public static void setUp() throws Exception{ createKeyStores(ladybirdFile, scarabFile, beetlesFile, trustFile); - securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/ca/jks/beetles.keystore")); + securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/ca/pkcs12/beetles.keystore")); securityDomain = SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) @@ -162,7 +162,7 @@ public void testOneWaySSLv2HelloProtocolMatch() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) .build().create(); @@ -187,7 +187,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) @@ -214,7 +214,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception { public void testTwoWaySSLv2HelloNotEnabled() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .build().create(); @@ -243,7 +243,7 @@ public void testTwoWaySSLv2HelloNoClientSupport() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) @@ -273,7 +273,7 @@ public void testTwoWaySSlv2HelloNoServerSupport() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) @@ -376,7 +376,7 @@ private static X509ExtendedKeyManager getKeyManager(final String keystorePath) t */ private static X509TrustManager getCATrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); - trustManagerFactory.init(loadKeyStore("/ca/jks/ca.truststore")); + trustManagerFactory.init(loadKeyStore("/ca/pkcs12/ca.truststore")); for (TrustManager current : trustManagerFactory.getTrustManagers()) { if (current instanceof X509TrustManager) { @@ -388,13 +388,13 @@ private static X509TrustManager getCATrustManager() throws Exception { } private static KeyStore loadKeyStore() throws Exception{ - KeyStore ks = KeyStore.getInstance("JKS"); + KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null,null); return ks; } private static KeyStore loadKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); + KeyStore keyStore = KeyStore.getInstance("PKCS12"); try (InputStream caTrustStoreFile = SSLAuthenticationTest.class.getResourceAsStream(path)) { keyStore.load(caTrustStoreFile, PASSWORD); } diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 88ca0cd3e11..da5df6d45f3 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -63,7 +63,7 @@ */ public class TLS13AuthenticationTest { - private static final String CA_JKS_LOCATION = "./target/test-classes/jks"; + private static final String CA_JKS_LOCATION = "./target/test-classes/pkcs12"; private static CAGenerationTool caGenerationTool = null; private static SecurityDomain securityDomain = null; diff --git a/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml b/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml index d458d71f173..133acd78f2d 100644 --- a/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml +++ b/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml @@ -21,10 +21,11 @@ - + + - + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml index 50b99e567d7..8b0d7755811 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml @@ -19,7 +19,7 @@ JKS - password=Elytron,keystore=file:target/test-classes/jks/ocsp-responder.keystore + password=Elytron,keystore=file:target/test-classes/pkcs12/ocsp-responder.keystore SHA256withRSA diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml index e23e2fa28ee..fa0ec880644 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml @@ -20,11 +20,12 @@ - - + + + - - + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml index 197b3d44798..d25b1505a41 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml @@ -20,11 +20,12 @@ - - + + + - - + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml index a323343d443..287021e3d81 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml @@ -20,41 +20,44 @@ - - + + + - - + + + - - + + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 4481352b8f8..5b5963794d4 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -66,7 +66,7 @@ public class CAGenerationTool implements Closeable { private static final String BEETLES_STORE = "beetles.keystore"; private static final String KEY_ALGORITHM = "RSA"; - private static final String KEYSTORE_TYPE = "JKS"; // TODO Switch to PKCS#12 + private static final String KEYSTORE_TYPE = "PKCS12"; private static final int OCSP_PORT = 4854; static final char[] PASSWORD = "Elytron".toCharArray(); From acdef0c6d1eb487b2e653b2f417dce2efae6cdb5 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 26 Jun 2024 14:44:06 +0100 Subject: [PATCH 29/75] [ELY-2777] Also ignore VSCode files. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 2055c9d34e5..5e7aeeaaa67 100644 --- a/.gitignore +++ b/.gitignore @@ -20,6 +20,8 @@ target nbactions.xml nb-configuration.xml catalog.xml +# Ignore VSCode Files +.vscode # maven-ant-tasks.jar test-output From ddc7877f4fbefa853a3113287bbc5c81c76d00d5 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 26 Jun 2024 15:10:38 +0100 Subject: [PATCH 30/75] [ELY-2775] Rename the configuration files as they are specific to the test cases. --- .../wildfly/security/ssl/SSLAuthenticationTest.java | 2 +- .../security/ssl/SSLv2HelloAuthenticationTest.java | 11 ++++++----- .../wildfly/security/ssl/TLS13AuthenticationTest.java | 11 ++++++----- ...-config-v1_7.xml => ssl-authentication-config.xml} | 2 ++ ...v1_6.xml => sslv2-hello-authentication-config.xml} | 2 ++ ...onfig-v1_5.xml => tls13-authentication-config.xml} | 2 ++ 6 files changed, 19 insertions(+), 11 deletions(-) rename tests/base/src/test/resources/org/wildfly/security/ssl/{wildfly-ssl-test-config-v1_7.xml => ssl-authentication-config.xml} (99%) rename tests/base/src/test/resources/org/wildfly/security/ssl/{wildfly-ssl-test-config-v1_6.xml => sslv2-hello-authentication-config.xml} (98%) rename tests/base/src/test/resources/org/wildfly/security/ssl/{wildfly-ssl-test-config-v1_5.xml => tls13-authentication-config.xml} (98%) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 8666bf529f6..f044a972102 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -821,7 +821,7 @@ public void testWantClientAuthWithIncorrectCertificate() throws Throwable { } private void performConnectionTest(SSLContext serverContext, String clientUri, boolean expectValid, String expectedServerPrincipal, String expectedClientPrincipal, boolean oneWay) throws Throwable { - System.setProperty("wildfly.config.url", SSLAuthenticationTest.class.getResource("wildfly-ssl-test-config-v1_7.xml").toExternalForm()); + System.setProperty("wildfly.config.url", SSLAuthenticationTest.class.getResource("ssl-authentication-config.xml").toExternalForm()); AccessController.doPrivileged((PrivilegedAction) () -> Security.insertProviderAt(WildFlyElytronPasswordProvider.getInstance(), 1)); AuthenticationContext context = AuthenticationContext.getContextManager().get(); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java index 9e61933f29a..6fb2a57b055 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java @@ -88,6 +88,7 @@ */ public class SSLv2HelloAuthenticationTest { + private static final String CLIENT_CONFIG = "sslv2-hello-authentication-config.xml"; private static final char[] PASSWORD = "Elytron".toCharArray(); private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks"; private static File ladybirdFile = null; @@ -170,7 +171,7 @@ public void testOneWaySSLv2HelloProtocolMatch() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://one-way-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledProtocols, // We expect client and server socket to only have SSLv2Hello and TLSv1 enabled "TLSv1"); // We expect the negotiated protocol to be TLSv1, as SSLv2Hello is a pseudo-protocol } @@ -197,7 +198,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledProtocols, // We expect client and server socket to only have SSLv2Hello and TLSv1 enabled "TLSv1"); // We expect the negotiated protocol to be TLSv1, as SSLv2Hello is a pseudo-protocol @@ -223,7 +224,7 @@ public void testTwoWaySSLv2HelloNotEnabled() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://two-way-no-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledProtocols, // We expect the default protocols to be enabled i.e. SSLv2Hello should only be enabled if explicitly configured "TLSv1.2"); // We expect the negotiated protocol to be the highest version protocol in common @@ -254,7 +255,7 @@ public void testTwoWaySSLv2HelloNoClientSupport() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://two-way-no-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledClientProtocols, enabledServerProtocols, "TLSv1"); // We expect the negotiated protocol to be the highest version protocol in common @@ -284,7 +285,7 @@ public void testTwoWaySSlv2HelloNoServerSupport() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, clientEnabledProtocols, serverEnabledProtocols, "NONE"); // handshake is expected to fail, which in turn returns an empty SSLSession diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 2b2addb635e..a5475c522f1 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -70,6 +70,7 @@ */ public class TLS13AuthenticationTest { + private static final String CLIENT_CONFIG = "tls13-authentication-config.xml"; private static final char[] PASSWORD = "Elytron".toCharArray(); private static final String CA_JKS_LOCATION = "./target/test-classes/jks"; @@ -113,7 +114,7 @@ public void testTwoWayTLS13() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-tls13.org", "wildfly-ssl-test-config-v1_5.xml", CIPHER_SUITE, true); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-tls13.org", CLIENT_CONFIG, CIPHER_SUITE, true); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -132,7 +133,7 @@ public void testDifferentPreferredTLS13Suites() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-different-preferred-tls13-suites.org", "wildfly-ssl-test-config-v1_5.xml", REQUIRED_CIPHER_SUITE, true); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-different-preferred-tls13-suites.org", CLIENT_CONFIG, REQUIRED_CIPHER_SUITE, true); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -153,7 +154,7 @@ public void testClientTLS12Only() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-client-tls12-only.org", "wildfly-ssl-test-config-v1_5.xml", TLS12_CIPHER_SUITE, false); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-client-tls12-only.org", CLIENT_CONFIG, TLS12_CIPHER_SUITE, false); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -170,7 +171,7 @@ public void testServerTLS12Only() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-server-tls12-only.org", "wildfly-ssl-test-config-v1_5.xml", SERVER_CIPHER_SUITE, false); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-server-tls12-only.org", CLIENT_CONFIG, SERVER_CIPHER_SUITE, false); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -184,7 +185,7 @@ public void testOneWayTLS13() throws Exception { .setKeyManager(getKeyManager("/jks/scarab.keystore")) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-one-way-tls13.org", "wildfly-ssl-test-config-v1_5.xml", CIPHER_SUITE, true); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-one-way-tls13.org", CLIENT_CONFIG, CIPHER_SUITE, true); assertNull(identity); } diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/ssl-authentication-config.xml similarity index 99% rename from tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml rename to tests/base/src/test/resources/org/wildfly/security/ssl/ssl-authentication-config.xml index a323343d443..5577e556fe2 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/ssl-authentication-config.xml @@ -17,6 +17,8 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/sslv2-hello-authentication-config.xml similarity index 98% rename from tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml rename to tests/base/src/test/resources/org/wildfly/security/ssl/sslv2-hello-authentication-config.xml index 197b3d44798..6269aefcace 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/sslv2-hello-authentication-config.xml @@ -17,6 +17,8 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/tls13-authentication-config.xml similarity index 98% rename from tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml rename to tests/base/src/test/resources/org/wildfly/security/ssl/tls13-authentication-config.xml index e23e2fa28ee..84c57691b1c 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/tls13-authentication-config.xml @@ -17,6 +17,8 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> + + From bc085490d8531b22a7ccbd8ffb8d8f6c1fa8277c Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 26 Jun 2024 11:51:34 -0400 Subject: [PATCH 31/75] [ELY-2779] Release WildFly Elytron 2.5.0.CR1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 1d5870a49ed..1bb2101a112 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index ee3aeb60e7f..13d4fa6399b 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 3aeca13633d..70e475fd3ee 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index c8aeb636339..b61484f576a 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 76c3377cbea..1102c47a950 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 71e459eec67..447ae787d89 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 8c7584d297c..8caa455b249 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index a5a73fb96a7..9c726f00354 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 14de6c34c2f..19f3ec7dab6 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index a5dec68a4e5..46fa373215b 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index dead47e6357..55e347bc454 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index dd2e695b889..584b5489ce8 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 598a6cca097..8f349e52f62 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 5343bd1feeb..17afc96418f 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 1f8d4fa4a1f..b114c32ebb0 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 93a89f2c0df..02f79b7a192 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 707606c202b..beb6d7dff8f 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index b3f4dd560eb..b2d51542a3d 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index e0d7248116a..c79722692ac 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b8fa608f8bb..46134f47ffc 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 4fa5e15bb61..90fb36303cb 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 4c94881b7dd..3839e677749 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 1bdfe47d500..92afda08da5 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index cb28748e2aa..ee871f14d13 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 2bc423a2d57..b867481e172 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index f3ef094dc9d..39e51acb174 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index e1f17952803..4f1cb10fbf5 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 9f42da89bba..380e0113b93 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index f5ea32e740c..177d969020a 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 5f3a6504fda..e30ed295d57 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 7d452717d31..dafb5d778e5 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 3e53575ee4d..b198de9308e 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index c557c78a896..ccaf0149b63 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 0b0b50ba2f6..0509366415f 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 9c6941587f3..fba0fa259fa 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 7e4bb3e80b7..12bdb900d54 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 2ec4684d21e..107e34a33e5 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index a984ae39bf4..60a997a740e 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 75961d93671..9501b4f4c89 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 0f20345e31c..ba33f8f7242 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 09a74c3f7b5..847331cd891 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index cd7f998a223..cbe7a82f91a 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 6b6ee6768d8..74ca3ef94e0 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index ec0ff16786a..519a3ac14b1 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 780b6ca04b2..ce2b8e1e1ca 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index d451cca80ac..4ec509fc3c0 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 1be768c6d23..9d99cc8df2d 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index e17dbcf59be..350b855e907 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/pom.xml b/pom.xml index e71dc5e2d33..2f415265865 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index def67496fc9..1454fb77b08 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 0e9f6b0347c..a04a39d4dd0 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 761f139cb54..9975b76079f 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index a55a8a35b8c..34655d6ffff 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 4ca87d6ca7f..19673708591 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index a9b980883b2..1c8a2f982c8 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 9b74b2a0ae9..19102fe0dac 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index a7e1eda01f8..0b10d80da27 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 63a95229ec9..454da3e44a4 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 58a9e199656..c3b836a18a5 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 7f5f4f830af..5624ab72757 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 46ea7fce61f..8c820afc749 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 911e0579b06..2f2446a3eac 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index a29c76e2d84..2d54c62c531 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 33642878ba5..047a38269da 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index dd2fea2d833..0407b808862 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index e44b6d1e7ec..d5b55643aa9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index cedca3b8c1f..b6a36f5f1bd 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index b8ff41dd49e..413af0dcc10 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index d8764ee6801..e1fce688e7f 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 679b9015040..507c86c71be 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 088c8b422e0..fcf69f98a02 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 8629038dd82..2471bded36d 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index e9538c516de..13e68517cf5 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index d1fab09d68b..e6ced79f8e0 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index f6efb59bc58..9fc1ec036d4 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 20a2705af1c..4cce9fc6b8e 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 271c7c24b83..46d423db5e3 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml From ef030181e959498f2e05130534c4bf479a2fbef7 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 26 Jun 2024 11:52:38 -0400 Subject: [PATCH 32/75] Next is 2.5.0.CR2 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 1bb2101a112..2049b067764 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 13d4fa6399b..9aa7bf8eb53 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 70e475fd3ee..7294d228fa3 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index b61484f576a..6d913c89e0f 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 1102c47a950..750971c13cd 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 447ae787d89..0cc7ec4af30 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 8caa455b249..9460e093a14 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 9c726f00354..4783a8c8f5d 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 19f3ec7dab6..1adafc80e1d 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 46fa373215b..06ca9b049f6 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 55e347bc454..12e8172afde 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 584b5489ce8..24c10e95df8 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 8f349e52f62..56d99abab7b 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 17afc96418f..7cb76abd798 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index b114c32ebb0..26da6e01fa3 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 02f79b7a192..9bc93bcabd8 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index beb6d7dff8f..36c5e9081de 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index b2d51542a3d..877966d3310 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index c79722692ac..1d5fa1defd5 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 46134f47ffc..2d162ce8acb 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 90fb36303cb..22c0940c81c 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 3839e677749..6841e5c5986 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 92afda08da5..2686354cf15 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index ee871f14d13..e6159c669c7 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index b867481e172..6a52f74cafe 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 39e51acb174..27b12641810 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 4f1cb10fbf5..3020bb68828 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 380e0113b93..cc7081c679b 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 177d969020a..01eaa9b8887 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index e30ed295d57..4f207e9480b 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index dafb5d778e5..d2d4aa74fa0 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index b198de9308e..8897d40327b 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index ccaf0149b63..10273e8c6f3 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 0509366415f..25fdf3b66c7 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index fba0fa259fa..98c8adaca2a 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 12bdb900d54..77a513860c5 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 107e34a33e5..efb397c5f0e 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 60a997a740e..0c11bd1adaa 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 9501b4f4c89..3433c5c8a66 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index ba33f8f7242..d4cc6df4fb5 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 847331cd891..86da621f2f6 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index cbe7a82f91a..cba5eb55ab0 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 74ca3ef94e0..6f68b3ab45b 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 519a3ac14b1..a1f3bc9bdba 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index ce2b8e1e1ca..0f9496edf43 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 4ec509fc3c0..d4b29fac69e 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 9d99cc8df2d..aa7de136de0 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 350b855e907..1402836303e 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 2f415265865..b13fae1cea5 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 1454fb77b08..d448e5188c9 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index a04a39d4dd0..a94b8100a83 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 9975b76079f..a76393c2b8d 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 34655d6ffff..24c1c138e53 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 19673708591..6d3427da055 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 1c8a2f982c8..ae44c73cda5 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 19102fe0dac..7d89646316f 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 0b10d80da27..84e336b7860 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 454da3e44a4..b199bf16d51 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index c3b836a18a5..c0c9022b4c9 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 5624ab72757..001d899f230 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 8c820afc749..97d0e8395bf 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 2f2446a3eac..ade71404b0e 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 2d54c62c531..bc926157a0a 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 047a38269da..651f6f930a7 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 0407b808862..9971c237e77 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index d5b55643aa9..7ac742a33e9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index b6a36f5f1bd..26a85203e47 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 413af0dcc10..d0a819e1981 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index e1fce688e7f..808d02cf28c 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 507c86c71be..de4371c77d6 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index fcf69f98a02..22d2f8fc7c6 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 2471bded36d..c9f7a53c713 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 13e68517cf5..602283fa6bd 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index e6ced79f8e0..26434c8ce68 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 9fc1ec036d4..b02136ee546 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 4cce9fc6b8e..8e0d64e35f2 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 46d423db5e3..93f0b0b398a 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml From a5cea70ed0123de73574f1e24b2049e54b49a75e Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Thu, 27 Jun 2024 19:42:56 +0100 Subject: [PATCH 33/75] [ELY-2774] Also make it possible to get the KeyStore type and location. --- .../security/ssl/test/util/CAGenerationTool.java | 10 +++++++++- .../wildfly/security/ssl/test/util/CommonIdentity.java | 7 +++++++ .../wildfly/security/ssl/test/util/CustomIdentity.java | 5 +++++ .../security/ssl/test/util/DefinedIdentity.java | 6 ++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 5b5963794d4..e28f884d999 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -144,6 +144,10 @@ public KeyStore getBeetlesKeyStore() { return loadKeyStore(new File(workingDir, BEETLES_STORE)); } + public String getKeyStoreType() { + return KEYSTORE_TYPE; + } + /** * @deprecated Use {@link CommonIdentity#getCertificate()} instead. */ @@ -364,8 +368,12 @@ private static KeyStore createEmptyKeyStore() { } } + File getKeyStoreFile(Identity identity) { + return new File(workingDir, identity.getKeyStoreName()); + } + KeyStore loadKeyStore(final Identity identity) { - return loadKeyStore(new File(workingDir, identity.getKeyStoreName())); + return loadKeyStore(getKeyStoreFile(identity)); } static KeyStore loadKeyStore(final File location) { diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java index 2d8f3664015..ffd89fbdf0a 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java @@ -16,6 +16,7 @@ package org.wildfly.security.ssl.test.util; +import java.io.File; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -42,8 +43,14 @@ public X509Certificate getCertificate() { return certificate; } + public String getKeyStoreType() { + return caGenerationTool.getKeyStoreType(); + } + public abstract KeyStore loadKeyStore(); + public abstract File getKeyStoreFile(); + public X509ExtendedKeyManager createKeyManager() { caGenerationTool.assertNotClosed(); diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java index a1ce69a2b5e..f7f2100c53f 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java @@ -34,4 +34,9 @@ public KeyStore loadKeyStore() { return CAGenerationTool.loadKeyStore(keyStoreFile); } + @Override + public File getKeyStoreFile() { + return keyStoreFile; + } + } diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java index 28595b8e112..0983b2e928d 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java @@ -16,6 +16,7 @@ package org.wildfly.security.ssl.test.util; +import java.io.File; import java.security.KeyStore; import java.security.cert.X509Certificate; @@ -38,4 +39,9 @@ public KeyStore loadKeyStore() { return caGenerationTool.loadKeyStore(identity); } + @Override + public File getKeyStoreFile() { + return caGenerationTool.getKeyStoreFile(identity); + } + } From 91e9b0bacaae4b6497443b710d3893a6c267e246 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Wed, 26 Jun 2024 16:25:21 -0400 Subject: [PATCH 34/75] ELY-2776 Add tests to the OIDC testsuite to test for cases where request/request_uri parameters are not supported by the OpenID provider --- .../oidc/MockOidcClientConfiguration.java | 167 ++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java new file mode 100644 index 00000000000..b59d75a192f --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java @@ -0,0 +1,167 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import com.gargoylesoftware.htmlunit.TextPage; +import io.restassured.RestAssured; +import mockit.Mock; +import mockit.MockUp; +import mockit.integration.junit4.JMockit; +import okhttp3.mockwebserver.MockWebServer; +import org.apache.http.HttpStatus; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.net.URI; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; +import java.util.Map; + +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA256; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.ALICE; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.ALICE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; +import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; +import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; + +/** + * Tests for cases where the OpenID provider does not support + * request parameters when sending the request object as a JWT. + * The OidcClientConfiguration class is mocked to return values + * indicating a lack of support for request parameters. + * + * @author Prarthona Paul + */ +@RunWith(JMockit.class) +public class MockOidcClientConfiguration extends OidcBaseTest { + + @BeforeClass + public static void startTestContainers() throws Exception { + assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); + KEYCLOAK_CONTAINER = new KeycloakContainer(); + KEYCLOAK_CONTAINER.start(); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, false)); + client = new MockWebServer(); + client.start(CLIENT_PORT); + } + + @AfterClass + public static void generalCleanup() throws Exception { + if (KEYCLOAK_CONTAINER != null) { + RestAssured + .given() + .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) + .when() + .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); + KEYCLOAK_CONTAINER.stop(); + } + if (client != null) { + client.shutdown(); + } + } + + @BeforeClass + public static void beforeClass() { + System.setProperty("oidc.provider.url", KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM); + } + + @AfterClass + public static void afterClass() { + System.clearProperty("oidc.provider.url"); + } + + @Test + public void testOidcWithRequestParameterUnsupported() throws Exception { + mockOidcClientConfig(); + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue()), REQUEST.getValue()); + } + + @Test + public void testOidcWithRequestUriParameterUnsupported() throws Exception { + mockOidcClientConfig(); + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST_URI.getValue()), REQUEST_URI.getValue()); + } + + public void performAuthentication(InputStream oidcConfig, String requestFormat) throws Exception { + Map props = new HashMap<>(); + OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); + assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); + OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); + oidcFactory = new OidcMechanismFactory(oidcClientContext); + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + + URI requestUri = new URI(getClientUrl()); + TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); + mechanism.evaluateRequest(request); + TestingHttpServerResponse response = request.getResponse(); + assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusCode()); + assertEquals(Status.NO_AUTH, request.getResult()); + assertFalse(response.getFirstResponseHeaderValue("Location").contains(requestFormat + "=")); + assertTrue(response.getFirstResponseHeaderValue("Location").contains("scope=" + OIDC_SCOPE + "+phone+profile+email")); //ALL scopes should be added to the URL directly + + client.setDispatcher(createAppResponse(mechanism, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT)); + + TextPage page = loginToKeycloak(ALICE, ALICE_PASSWORD, requestUri, response.getLocation(), + response.getCookies()).click(); + assertTrue(page.getContent().contains(CLIENT_PAGE_TEXT)); + } + + + private void mockOidcClientConfig(){ + new MockUp(){ + // Used to indicate that the OpenID provider does not support request_uri parameter + @Mock + boolean getRequestUriParameterSupported(){ + return false; + } + + // Used to indicate that the OpenID provider does not support request parameter + @Mock + boolean getRequestParameterSupported(){ + return false; + } + }; + } + + private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + HMAC_SHA256 + "\",\n" + + " \"scope\" : \"profile email phone\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } +} From bce826795ab8d8320d150f765dafcdfa1953f486 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 8 Jul 2024 13:24:14 -0400 Subject: [PATCH 35/75] [ELY-2782] Release WildFly Elytron 2.5.0.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 2049b067764..ba5636fde7f 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 9aa7bf8eb53..886d95cd35c 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 7294d228fa3..72e52b8d4f6 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 6d913c89e0f..d5fc9882a3d 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 750971c13cd..4ea41367ba3 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 0cc7ec4af30..0e00976830b 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 9460e093a14..61f5949f9ee 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 4783a8c8f5d..10db0045fd1 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 1adafc80e1d..29ba72cfb24 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 06ca9b049f6..6a4a89a7e26 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 12e8172afde..b2e50a32e1f 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 24c10e95df8..5eaea307927 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 56d99abab7b..fb11acc1443 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 7cb76abd798..b7099b8a9e6 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 26da6e01fa3..7dacf0794b4 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 9bc93bcabd8..e92449d8056 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 36c5e9081de..41a32839041 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 877966d3310..2138375c428 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 1d5fa1defd5..db9759029be 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 2d162ce8acb..ded0e5d1e13 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 22c0940c81c..f65cb1adb19 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 6841e5c5986..8fe9f814c61 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 2686354cf15..cc58462d6d6 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index e6159c669c7..0161d656151 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 6a52f74cafe..67a3121c049 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 27b12641810..33f1874b1b5 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 3020bb68828..c1bff0ebf48 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index cc7081c679b..875da1e593f 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 01eaa9b8887..39cef99ed00 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 4f207e9480b..33c6e186f84 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index d2d4aa74fa0..b85693666b7 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 8897d40327b..7d7235d838f 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 10273e8c6f3..bc8de7fdd8d 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 25fdf3b66c7..f7447afb86c 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 98c8adaca2a..6e885007926 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 77a513860c5..b11de9802d6 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index efb397c5f0e..596292bc4d3 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 0c11bd1adaa..af5aba32890 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 3433c5c8a66..860044282af 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index d4cc6df4fb5..4220d210902 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 86da621f2f6..33ac416b449 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index cba5eb55ab0..0e042793569 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 6f68b3ab45b..c57506e9593 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index a1f3bc9bdba..cda42cc1557 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 0f9496edf43..7cd65da8914 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index d4b29fac69e..2ba2d6bef70 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index aa7de136de0..5fb746034ef 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 1402836303e..4b3def3bf55 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/pom.xml b/pom.xml index b13fae1cea5..c85b514eef0 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index d448e5188c9..e93d005da8c 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index a94b8100a83..6bf38325b3d 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index a76393c2b8d..fb6d2904103 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 24c1c138e53..e12a23a1c2e 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 6d3427da055..e0510d21e6b 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index ae44c73cda5..e7fe5510d6c 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 7d89646316f..b2c2ff81232 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 84e336b7860..21a9c2d6ca5 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index b199bf16d51..71e39f14cfd 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index c0c9022b4c9..74333f698a4 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 001d899f230..6a0bfd4a06e 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 97d0e8395bf..ebdfc6b7d75 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index ade71404b0e..393f082f172 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index bc926157a0a..f5280ba56ef 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 651f6f930a7..a2c9535ddae 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 9971c237e77..629624be26f 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 7ac742a33e9..a1b459b4409 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 26a85203e47..99984abb135 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index d0a819e1981..4baec19c722 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 808d02cf28c..436ee8aac3d 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index de4371c77d6..68acd21c2c2 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 22d2f8fc7c6..96c5eea9acb 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index c9f7a53c713..db57ca757e9 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 602283fa6bd..83a43f15219 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 26434c8ce68..58856969e54 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index b02136ee546..c738ca1adb5 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 8e0d64e35f2..06284818b4b 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 93f0b0b398a..fb5492bd718 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml From dac1abc18f94e4f7bbb2ba4932d44aec9d63e345 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 8 Jul 2024 13:24:49 -0400 Subject: [PATCH 36/75] Next is 2.5.1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index ba5636fde7f..17d217aa03b 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 886d95cd35c..f1309641cd7 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 72e52b8d4f6..0280389a985 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index d5fc9882a3d..5c81f8abd4a 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 4ea41367ba3..6ad7a764fbb 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 0e00976830b..53771e0992a 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 61f5949f9ee..612eb58e4f7 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 10db0045fd1..9959bf41e83 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 29ba72cfb24..64d0212d743 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 6a4a89a7e26..40d41f502b5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index b2e50a32e1f..23e1405e73c 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 5eaea307927..f098bff90e0 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index fb11acc1443..567269a0bcc 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index b7099b8a9e6..d1e4fde738b 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 7dacf0794b4..f8f651001db 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index e92449d8056..567e2898d66 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 41a32839041..34a43a3d4d3 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 2138375c428..850092ade46 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index db9759029be..b7509fd76c2 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index ded0e5d1e13..0dc7c4e6dab 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index f65cb1adb19..9f5d25fb712 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 8fe9f814c61..7c6b0a780a2 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index cc58462d6d6..41d6088eb48 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 0161d656151..f109668ee07 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 67a3121c049..ba442678819 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 33f1874b1b5..555709ebf7f 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index c1bff0ebf48..63b684280c5 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 875da1e593f..4f969bed7e6 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 39cef99ed00..44758b79b0c 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 33c6e186f84..d425be12549 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index b85693666b7..3137d415a1a 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 7d7235d838f..e57ac0f3753 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index bc8de7fdd8d..f2f01e78861 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index f7447afb86c..36219ec7d14 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 6e885007926..9aa8169a4f8 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index b11de9802d6..31ce391bf50 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 596292bc4d3..f269c8be7fd 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index af5aba32890..c0561c83ba4 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 860044282af..464b7cd5b7e 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 4220d210902..80484b800e3 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 33ac416b449..4db7db93b33 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 0e042793569..f6643be8be7 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index c57506e9593..7365a240e02 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index cda42cc1557..20a334b3392 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 7cd65da8914..e688852a11b 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 2ba2d6bef70..4b5efa8837e 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 5fb746034ef..743cdbce880 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 4b3def3bf55..2259afb4ae2 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index c85b514eef0..1f156c50776 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index e93d005da8c..57f043e5e16 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 6bf38325b3d..7545ec1b05c 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index fb6d2904103..96df765c59f 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index e12a23a1c2e..320f1cb15e6 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index e0510d21e6b..938a92c3dd7 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index e7fe5510d6c..8718cb1f40f 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index b2c2ff81232..d264e610b86 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 21a9c2d6ca5..d85cdb34f81 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 71e39f14cfd..8b4a8120c74 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 74333f698a4..4e47eae672f 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 6a0bfd4a06e..751c67512b9 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index ebdfc6b7d75..304f30da23d 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 393f082f172..be7e3312472 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index f5280ba56ef..8ad61f03743 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index a2c9535ddae..7cb2fce3483 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 629624be26f..af3b62b18b3 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index a1b459b4409..5502ca52742 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 99984abb135..08930997149 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 4baec19c722..82455a3ebd3 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 436ee8aac3d..8bc44ac2f96 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 68acd21c2c2..6d072cf4ec2 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 96c5eea9acb..12f4949ee9d 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index db57ca757e9..bbf002144fd 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 83a43f15219..2052a5c8d83 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 58856969e54..633b4b1720d 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index c738ca1adb5..0db7cf98026 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 06284818b4b..ebc333a8e73 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index fb5492bd718..e1e0b8a3ab8 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml From dd978af96f7902cc69a0a2d75fa87bb9e7748d05 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 8 Jul 2024 13:43:31 -0400 Subject: [PATCH 37/75] [ELY-2782] Perform API check against 2.5.0.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 12f4949ee9d..098550c3fb6 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.4.2.Final + 2.5.0.Final jar From ecce0fe9e0b792ed48f2d9c2c0abd3746c7c4410 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 22 Jul 2024 12:11:48 -0400 Subject: [PATCH 38/75] ELY-2789 OIDCSecurityContext deserialization issue --- .../http/oidc/OidcSecurityContext.java | 4 +-- .../security/http/oidc/BearerTest.java | 33 +++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java index 5556f311967..c539a2e6224 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java @@ -76,8 +76,8 @@ public String getRealm() { private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException { in.defaultReadObject(); try { - token = new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(tokenString)); - idToken = new IDToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(idTokenString)); + token = tokenString == null ? null : new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(tokenString)); + idToken = idTokenString == null ? null : new IDToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(idTokenString)); } catch (InvalidJwtException e) { throw log.unableToParseToken(); } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java index 18c4b2f087d..275c9b181ac 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java @@ -27,7 +27,10 @@ import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.InputStream; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; import java.net.URI; import java.nio.charset.StandardCharsets; import java.util.Collections; @@ -36,6 +39,7 @@ import java.util.Map; import org.apache.http.HttpStatus; +import org.jose4j.jwt.consumer.JwtConsumerBuilder; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; @@ -146,6 +150,35 @@ public static void generalCleanup() throws Exception { } } + @Test + public void testOIDCSecurityContextDeserialization() throws Exception { + String accessTokenString = KeycloakConfiguration.getAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl(), TEST_REALM, KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, CLIENT_ID, CLIENT_SECRET); + AccessToken accessToken = new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(accessTokenString)); + OidcSecurityContext oidcSecurityContext = new OidcSecurityContext(accessTokenString, accessToken, null, null); + OidcPrincipal oidcPrincipal = new OidcPrincipal("alice", oidcSecurityContext); + + // Serialize + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream); + objectOutputStream.writeObject(oidcPrincipal); + objectOutputStream.close(); + + //deserialize + byte[] bytes = byteArrayOutputStream.toByteArray(); + ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes); + ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream); + OidcPrincipal deserializedOidcPrincipal = (OidcPrincipal)objectInputStream.readObject(); + OidcSecurityContext deserializedOidcSecurityContext = deserializedOidcPrincipal.getOidcSecurityContext(); + AccessToken deserializedAccessToken = deserializedOidcSecurityContext.getToken(); + + assertEquals(accessTokenString, deserializedOidcSecurityContext.getTokenString()); + assertEquals(KeycloakConfiguration.ALICE, deserializedOidcPrincipal.getName()); + assertEquals(KeycloakConfiguration.ALICE, deserializedAccessToken.getPreferredUsername()); + assertEquals("alice@gmail.com", deserializedAccessToken.getEmail()); + assertEquals(TEST_REALM, deserializedOidcSecurityContext.getRealm()); + objectInputStream.close(); + } + @Test public void testSucessfulAuthenticationWithAuthServerUrl() throws Exception { performBearerAuthentication(getOidcConfigurationInputStream(), SECURED_ENDPOINT, KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, From b873518504735f5fa5b0b6fdd971e967e49fd8a9 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 22 Jul 2024 15:20:23 -0400 Subject: [PATCH 39/75] ELY-2790 Upgrade commons-lang3 from 3.15.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1f156c50776..86616fa442d 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ ${version.com.fasterxml.jackson} 1.6.0 4.0.1 - 3.14.0 + 3.15.0 2.0.0.AM27 2.1.6 2.0.3 From 4384881bf4f7ea7f811a314247454d8c0102cef0 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 8 Aug 2024 11:38:50 -0400 Subject: [PATCH 40/75] [ELY-2795] Upgrade io.rest-assured from 4.3.3 to 5.5.0 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 1f156c50776..3e59f9cd594 100644 --- a/pom.xml +++ b/pom.xml @@ -95,8 +95,8 @@ 3.0.0 0.9.6 1.15.3 - 18.0.2 - 4.3.3 + 25.0.2 + 5.5.0 2.40.0 2.3.0 3.1.0.Final From 456d84d1b67fd0a5be57ea6b161be6122cdd505b Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 8 Aug 2024 09:51:41 -0400 Subject: [PATCH 41/75] [ELY-2794] Upgrade the keycloak-services and keycloak test dependencies to the versions 23.0.7 and 25.0.2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3e59f9cd594..c2c630f0d9d 100644 --- a/pom.xml +++ b/pom.xml @@ -99,7 +99,7 @@ 5.5.0 2.40.0 2.3.0 - 3.1.0.Final + 23.0.7 INFO From 779ee61679236041a545e3669487355d99ad401f Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Tue, 13 Aug 2024 15:43:47 -0400 Subject: [PATCH 42/75] [ELY-2796] Release WildFly Elytron 2.5.1.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 17d217aa03b..545e8f95917 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index f1309641cd7..b42303d2458 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 0280389a985..85d263fea7e 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 5c81f8abd4a..b805fb93af9 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 6ad7a764fbb..a43174a40b4 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 53771e0992a..cbdae80b321 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 612eb58e4f7..bbf2ef90b83 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 9959bf41e83..b218b00e298 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 64d0212d743..901d5e60ddd 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 40d41f502b5..105e5a45352 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 23e1405e73c..86a4734634b 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index f098bff90e0..cb9818995b7 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 567269a0bcc..8f4ab4889cc 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index d1e4fde738b..08bcc550f28 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index f8f651001db..16ee2dcd419 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 567e2898d66..67b266c3358 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 34a43a3d4d3..50fb279e5c4 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 850092ade46..143030bb2be 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index b7509fd76c2..5432bfdf838 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 0dc7c4e6dab..b72dcd3aa61 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 9f5d25fb712..d5523b1071a 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 7c6b0a780a2..46200c8a1d7 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 41d6088eb48..38957e19d12 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index f109668ee07..7f7e66885f6 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index ba442678819..a1e953a09fe 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 555709ebf7f..66173ba36f3 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 63b684280c5..52d99efd381 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 4f969bed7e6..ddfc8a1a9a4 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 44758b79b0c..d04d59f79d5 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index d425be12549..b404c80201f 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 3137d415a1a..ef5f6a8df95 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index e57ac0f3753..c4470e6e5af 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index f2f01e78861..b7755310e9f 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 36219ec7d14..358b178e74d 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 9aa8169a4f8..f33889099e9 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 31ce391bf50..d256a2e9915 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index f269c8be7fd..142a2e69240 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index c0561c83ba4..2120f9c1865 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 464b7cd5b7e..e8aa2d09c44 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 80484b800e3..d49ba536df5 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 4db7db93b33..cdcdc6f1a6e 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index f6643be8be7..99f1113be6e 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 7365a240e02..3a075b48ab6 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 20a334b3392..f918d2f7c9b 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index e688852a11b..3afef2ad08f 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 4b5efa8837e..ed3e9d7c0f3 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 743cdbce880..ffdb7698d13 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 2259afb4ae2..3f287a19b25 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 1f156c50776..9b358a82fd4 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 57f043e5e16..3624a9a941f 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 7545ec1b05c..f6c77d324dd 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 96df765c59f..2f11d218c72 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 320f1cb15e6..413b4d94399 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 938a92c3dd7..cb94af2bb89 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 8718cb1f40f..08f5b98def6 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index d264e610b86..d9036ea7f01 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index d85cdb34f81..cb6580d7149 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 8b4a8120c74..74a5b4bad53 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 4e47eae672f..3fb585930b8 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 751c67512b9..9f0042ad59f 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 304f30da23d..8ee63bf9ae8 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index be7e3312472..a9b721cef3e 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 8ad61f03743..998f3101769 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 7cb2fce3483..05ec6086101 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index af3b62b18b3..4e0896f89a7 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 5502ca52742..3862ef8d5f9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 08930997149..8f121cca8ab 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 82455a3ebd3..960274fcc82 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 8bc44ac2f96..2e4e9d49cb5 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 6d072cf4ec2..d474180638f 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 098550c3fb6..1316d424299 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index bbf002144fd..13298be7be1 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 2052a5c8d83..4511cdc54f6 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 633b4b1720d..4486d633a23 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 0db7cf98026..5f9d2485cf0 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index ebc333a8e73..7874593f0e4 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index e1e0b8a3ab8..6cd5da260df 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml From 9fbcc650eae2482b0d1d0250b204e982deffa50f Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Tue, 13 Aug 2024 15:44:26 -0400 Subject: [PATCH 43/75] Next is 2.5.2 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 545e8f95917..1eefb6c1f3f 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index b42303d2458..d4f6c840eda 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 85d263fea7e..0661646ab8b 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index b805fb93af9..2ab12bd36ca 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index a43174a40b4..6cd31e3a957 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index cbdae80b321..6e48afe2a25 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index bbf2ef90b83..2243df70dfd 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index b218b00e298..c691385b5e9 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 901d5e60ddd..a63d8942f3f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 105e5a45352..a30057a6abc 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 86a4734634b..bafda60cf0b 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index cb9818995b7..58ce9bfc75e 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 8f4ab4889cc..df27ef751ed 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 08bcc550f28..50ec88ea27a 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 16ee2dcd419..7c1976839e1 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 67b266c3358..8f6938ab3fa 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 50fb279e5c4..5be0f3844b4 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 143030bb2be..53f6d726221 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 5432bfdf838..6005943ae52 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b72dcd3aa61..98618df9ef8 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index d5523b1071a..193f81c319d 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 46200c8a1d7..06370d1c6d3 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 38957e19d12..3690a681977 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 7f7e66885f6..29b5f908d29 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index a1e953a09fe..e5fe1afd830 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 66173ba36f3..4cb7fa865c5 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 52d99efd381..187158d2dee 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index ddfc8a1a9a4..fdf26ca42f8 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index d04d59f79d5..6703cc6e6c7 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index b404c80201f..0d98cb9cdae 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index ef5f6a8df95..e8e9ae7dfaa 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index c4470e6e5af..56c9713ff77 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index b7755310e9f..7844474a2cf 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 358b178e74d..92c37b726d3 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index f33889099e9..b85827d9283 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index d256a2e9915..e5321b18071 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 142a2e69240..8ad8fe59a16 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 2120f9c1865..6729d438516 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index e8aa2d09c44..f6d2e42def8 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index d49ba536df5..915c5814f25 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index cdcdc6f1a6e..8603e2d2e7d 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 99f1113be6e..d8a70b5a869 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 3a075b48ab6..3d34c66ede4 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index f918d2f7c9b..64a8c725123 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 3afef2ad08f..10ae56f74c3 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index ed3e9d7c0f3..e0cd26073b1 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index ffdb7698d13..53bc46cdd76 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 3f287a19b25..24e307ac07c 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 9b358a82fd4..f3fdca5b17d 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 3624a9a941f..7620c98e1ab 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index f6c77d324dd..c6f5056e9de 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 2f11d218c72..72ffdfcd601 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 413b4d94399..7e4a99222d5 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index cb94af2bb89..6b090270a67 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 08f5b98def6..fa455c4aac5 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index d9036ea7f01..8d02e4ee250 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index cb6580d7149..e7382a254d1 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 74a5b4bad53..92a0f0126be 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 3fb585930b8..f9404532ffe 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 9f0042ad59f..ed2f8cfc933 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 8ee63bf9ae8..6d5ac6fe7fa 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index a9b721cef3e..707ddb548a1 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 998f3101769..d6ffd8f95a7 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 05ec6086101..95cee45589d 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 4e0896f89a7..f935d139e37 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 3862ef8d5f9..59a5ccff1b9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 8f121cca8ab..81bacad327a 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 960274fcc82..2406ce66298 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 2e4e9d49cb5..eae2363ffc1 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index d474180638f..5c4ad863994 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1316d424299..25427bd30a3 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 13298be7be1..b0b912c4974 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 4511cdc54f6..11e6eaf787c 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 4486d633a23..0a5baf9a738 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 5f9d2485cf0..536305499c0 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 7874593f0e4..f93de8dea27 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 6cd5da260df..caf08adca64 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml From 7a8fd8cee12fd18c6fd638e8d18fc738fed969c1 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Tue, 13 Aug 2024 16:45:42 -0400 Subject: [PATCH 44/75] [ELY-2796] Perform API check against 2.5.1.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 25427bd30a3..c4428245d15 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.5.0.Final + 2.5.1.Final jar From 2270981641aac2eccebf3c3a2367c521412ab900 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 19 Aug 2024 09:41:39 -0400 Subject: [PATCH 45/75] Fixes to ELY-2756 Add tests to the elytron test suite to test to test OCSP with revoked and unknown certificates --- .../security/ssl/SSLAuthenticationTest.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 2e8458ada47..b1005514045 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -719,12 +719,14 @@ public void testOcspGood() throws Throwable { @Test public void testOcspRevoked() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setNeedClientAuth(true) @@ -736,12 +738,14 @@ public void testOcspRevoked() throws Throwable { @Test public void testOcspUnknown() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setNeedClientAuth(true) From a8886e3fa038d176af60a527b38f987135ab240d Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 27 Jun 2024 10:32:41 -0400 Subject: [PATCH 46/75] ELY-2778 Replace string literals inside the OidcJsonConfiguration class with constants --- .../org/wildfly/security/http/oidc/Oidc.java | 53 ++++ .../http/oidc/OidcJsonConfiguration.java | 197 +++++++++------ .../security/http/oidc/OidcBaseTest.java | 12 +- .../wildfly/security/http/oidc/OidcTest.java | 237 ++++++++++-------- 4 files changed, 312 insertions(+), 187 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index 575809f2f4b..c6b38c9ef4d 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -45,7 +45,13 @@ public class Oidc { public static final String ACCEPT = "Accept"; + public static final String ADAPTER_STATE_COOKIE_PATH = "adapter-state-cookie-path"; + public static final String ALLOW_ANY_HOSTNAME = "allow-any-hostname"; + public static final String ALWAYS_REFRESH_TOKEN = "always-refresh-token"; + public static final String AUTH_SERVER_URL = "auth-server-url"; public static final String AUTHENTICATION_REQUEST_FORMAT = "authentication-request-format"; + public static final String AUTODETECT_BEARER_ONLY = "autodetect-bearer-only"; + public static final String BEARER_ONLY = "bearer-only"; public static final String OIDC_NAME = "OIDC"; public static final String JSON_CONTENT_TYPE = "application/json"; public static final String HTML_CONTENT_TYPE = "text/html"; @@ -55,14 +61,27 @@ public class Oidc { public static final String KEYCLOAK_REALMS_PATH = "realms/"; public static final String JSON_CONFIG_CONTEXT_PARAM = "org.wildfly.security.http.oidc.json.config"; static final String ACCOUNT_PATH = "account"; + public static final String CORS_MAX_AGE = "cors-max-age"; + public static final String CORS_ALLOWED_HEADERS = "cors-allowed-headers"; + public static final String CORS_ALLOWED_METHODS = "cors-allowed-methods"; + public static final String CORS_EXPOSED_HEADERS = "cors-exposed-headers"; + public static final String CONNECTION_POOL_SIZE = "connection-pool-size"; public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node"; public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node"; + public static final String CREDENTIALS = "credentials"; + public static final String DISABLE_TRUST_MANAGER = "disable-trust-manager"; public static final String SLASH = "/"; public static final String OIDC_CLIENT_CONTEXT_KEY = OidcClientContext.class.getName(); public static final String CLIENT_ID = "client_id"; + public static final String CLIENT_ID_JSON_VALUE = "client-id"; + public static final String CLIENT_KEYSTORE = "client-keystore"; + public static final String CLIENT_KEYSTORE_PASSWORD = "client-keystore-password"; + public static final String CLIENT_KEY_PASSWORD = "client-key-password"; public static final String CODE = "code"; + public static final String ENABLE_CORS = "enable-cors"; public static final String ERROR = "error"; public static final String ERROR_DESCRIPTION = "error_description"; + public static final String EXPOSE_TOKEN = "expose-token"; public static final String FACES_REQUEST = "Faces-Request"; public static final String GRANT_TYPE = "grant_type"; public static final String INVALID_TOKEN = "invalid_token"; @@ -74,9 +93,17 @@ public class Oidc { public static final String OPTIONS = "OPTIONS"; public static final String PARTIAL = "partial/"; public static final String PASSWORD = "password"; + public static final String PRINCIPAL_ATTRIBUTE = "principal-attribute"; public static final String PROMPT = "prompt"; + public static final String PROXY_URL = "proxy-url"; + public static final String PUBLIC_CLIENT = "public-client"; + public static final String REALM = "realm"; + public static final String REALM_PUBLIC_KEY = "realm-public-key"; + public static final String REGISTER_NODE_AT_STARTUP = "register-node-at-startup"; + public static final String REGISTER_NODE_PERIOD = "register-node-period"; public static final String REQUEST = "request"; public static final String REQUEST_URI = "request_uri"; + public static final String RESOURCE = "resource"; public static final String SCOPE = "scope"; public static final String UI_LOCALES = "ui_locales"; public static final String USERNAME = "username"; @@ -86,6 +113,7 @@ public class Oidc { public static final String RESPONSE_TYPE = "response_type"; public static final String SESSION_STATE = "session_state"; public static final String SOAP_ACTION = "SOAPAction"; + public static final String SSL_REQUIRED = "ssl-required"; public static final String STALE_TOKEN = "Stale token"; public static final String STATE = "state"; public static final int INVALID_ISSUED_FOR_CLAIM = -1; @@ -118,8 +146,33 @@ public class Oidc { static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256"; public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME = "wildfly.elytron.oidc.disable.typ.claim.validation"; public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME = "wildfly.elytron.oidc.allow.query.params"; + public static final String TOKEN_MINIMUM_TIME_TO_LIVE = "token-minimum-time-to-live"; + public static final String TOKEN_SIGNATURE_ALGORITHM = "token-signature-algorithm"; + public static final String TOKEN_STORE = "token-store"; + public static final String TRUSTSTORE = "truststore"; + public static final String TRUSTSTORE_PASSWORD = "truststore-password"; + public static final String TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN = "turn-off-change-session-id-on-login"; + public static final String USE_RESOURCE_ROLE_MAPPINGS = "use-resource-role-mappings"; + public static final String USE_REALM_ROLE_MAPPINGS = "use-realm-role-mappings"; public static final String X_REQUESTED_WITH = "X-Requested-With"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; + public static final String MIN_TIME_BETWEEN_JWKS_REQUESTS = "min-time-between-jwks-requests"; + public static final String PUBLIC_KEY_CACHE_TTL = "public-key-cache-ttl"; + public static final String IGNORE_OAUTH_QUERY_PARAMETER = "ignore-oauth-query-parameter"; + public static final String VERIFY_TOKEN_AUDIENCE = "verify-token-audience"; + public static final String REQUEST_OBJECT_SIGNING_ALGORITHM = "request-object-signing-algorithm"; + public static final String REQUEST_OBJECT_ENCRYPTION_ALG_VALUE = "request-object-encryption-alg-value"; + public static final String REQUEST_OBJECT_ENCRYPTION_ENC_VALUE = "request-object-encryption-enc-value"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_FILE = "request-object-signing-keystore-file"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD = "request-object-signing-keystore-password"; + public static final String REQUEST_OBJECT_SIGNING_KEY_PASSWORD = "request-object-signing-key-password"; + public static final String REQUEST_OBJECT_SIGNING_KEY_ALIAS = "request-object-signing-key-alias"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE = "request-object-signing-keystore-type"; + public static final String REDIRECT_REWRITE_RULES = "redirect-rewrite-rules"; + public static final String ENABLE_PKCE = "enable-pkce"; + public static final String CONFIDENTIAL_PORT = "confidential-port"; + public static final String ENABLE_BASIC_AUTH = "enable-basic-auth"; + public static final String PROVIDER_URL = "provider-url"; /** * Bearer token pattern. diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java index 29d2d785e3c..4f107b79591 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java @@ -19,6 +19,61 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.Oidc.DEFAULT_TOKEN_SIGNATURE_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.ADAPTER_STATE_COOKIE_PATH; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_ANY_HOSTNAME; +import static org.wildfly.security.http.oidc.Oidc.ALWAYS_REFRESH_TOKEN; +import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL; +import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT; +import static org.wildfly.security.http.oidc.Oidc.AUTODETECT_BEARER_ONLY; +import static org.wildfly.security.http.oidc.Oidc.BEARER_ONLY; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID_JSON_VALUE; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.CONFIDENTIAL_PORT; +import static org.wildfly.security.http.oidc.Oidc.CONNECTION_POOL_SIZE; +import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_HEADERS; +import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_METHODS; +import static org.wildfly.security.http.oidc.Oidc.CORS_EXPOSED_HEADERS; +import static org.wildfly.security.http.oidc.Oidc.CORS_MAX_AGE; +import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS; +import static org.wildfly.security.http.oidc.Oidc.DISABLE_TRUST_MANAGER; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_BASIC_AUTH; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_CORS; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_PKCE; +import static org.wildfly.security.http.oidc.Oidc.EXPOSE_TOKEN; +import static org.wildfly.security.http.oidc.Oidc.IGNORE_OAUTH_QUERY_PARAMETER; +import static org.wildfly.security.http.oidc.Oidc.MIN_TIME_BETWEEN_JWKS_REQUESTS; +import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE; +import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL; +import static org.wildfly.security.http.oidc.Oidc.PROXY_URL; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_KEY_CACHE_TTL; +import static org.wildfly.security.http.oidc.Oidc.REDIRECT_REWRITE_RULES; +import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_AT_STARTUP; +import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_PERIOD; +import static org.wildfly.security.http.oidc.Oidc.REALM; +import static org.wildfly.security.http.oidc.Oidc.REALM_PUBLIC_KEY; +import static org.wildfly.security.http.oidc.Oidc.RESOURCE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.SCOPE; +import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_MINIMUM_TIME_TO_LIVE; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_STORE; +import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE; +import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN; +import static org.wildfly.security.http.oidc.Oidc.USE_RESOURCE_ROLE_MAPPINGS; +import static org.wildfly.security.http.oidc.Oidc.USE_REALM_ROLE_MAPPINGS; +import static org.wildfly.security.http.oidc.Oidc.VERIFY_TOKEN_AUDIENCE; import java.util.Map; import java.util.TreeMap; @@ -34,143 +89,143 @@ * @author John D. Ament * @author Farah Juma */ -@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-required", - "resource", "public-client", "credentials", - "use-resource-role-mappings", "use-realm-role-mappings", - "enable-cors", "cors-max-age", "cors-allowed-methods", "cors-exposed-headers", - "expose-token", "bearer-only", "autodetect-bearer-only", "connection-pool-size", - "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password", - "client-keystore", "client-keystore-password", "client-key-password", - "always-refresh-token", - "register-node-at-startup", "register-node-period", "token-store", "adapter-state-cookie-path", "principal-attribute", - "proxy-url", "turn-off-change-session-id-on-login", "token-minimum-time-to-live", - "min-time-between-jwks-requests", "public-key-cache-ttl", - "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope", - "authentication-request-format", "request-object-signing-algorithm", "request-object-encryption-alg-value", - "request-object-encryption-enc-value", "request-object-signing-keystore-file", - "request-object-signing-keystore-password","request-object-signing-key-password", "request-object-signing-key-alias", - "request-object-signing-keystore-type" +@JsonPropertyOrder({REALM, REALM_PUBLIC_KEY, AUTH_SERVER_URL, SSL_REQUIRED, + RESOURCE, PUBLIC_CLIENT, CREDENTIALS, + USE_RESOURCE_ROLE_MAPPINGS, USE_REALM_ROLE_MAPPINGS, + ENABLE_CORS, CORS_MAX_AGE, CORS_ALLOWED_METHODS, CORS_EXPOSED_HEADERS, + EXPOSE_TOKEN, BEARER_ONLY, AUTODETECT_BEARER_ONLY, CONNECTION_POOL_SIZE, + ALLOW_ANY_HOSTNAME, DISABLE_TRUST_MANAGER, TRUSTSTORE, TRUSTSTORE_PASSWORD, + CLIENT_KEYSTORE, CLIENT_KEYSTORE_PASSWORD, CLIENT_KEY_PASSWORD, + ALWAYS_REFRESH_TOKEN, + REGISTER_NODE_AT_STARTUP, REGISTER_NODE_PERIOD, TOKEN_STORE, ADAPTER_STATE_COOKIE_PATH, PRINCIPAL_ATTRIBUTE, + PROXY_URL, TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN, TOKEN_MINIMUM_TIME_TO_LIVE, + MIN_TIME_BETWEEN_JWKS_REQUESTS, PUBLIC_KEY_CACHE_TTL, + IGNORE_OAUTH_QUERY_PARAMETER, VERIFY_TOKEN_AUDIENCE, TOKEN_SIGNATURE_ALGORITHM, SCOPE, + AUTHENTICATION_REQUEST_FORMAT, REQUEST_OBJECT_SIGNING_ALGORITHM, REQUEST_OBJECT_ENCRYPTION_ALG_VALUE, + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE, REQUEST_OBJECT_SIGNING_KEYSTORE_FILE, + REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD,REQUEST_OBJECT_SIGNING_KEY_PASSWORD, REQUEST_OBJECT_SIGNING_KEY_ALIAS, + REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE }) public class OidcJsonConfiguration { - @JsonProperty("allow-any-hostname") + @JsonProperty(ALLOW_ANY_HOSTNAME) protected boolean allowAnyHostname; - @JsonProperty("disable-trust-manager") + @JsonProperty(DISABLE_TRUST_MANAGER) protected boolean disableTrustManager; - @JsonProperty("truststore") + @JsonProperty(TRUSTSTORE) protected String truststore; - @JsonProperty("truststore-password") + @JsonProperty(TRUSTSTORE_PASSWORD) protected String truststorePassword; - @JsonProperty("client-keystore") + @JsonProperty(CLIENT_KEYSTORE) protected String clientKeystore; - @JsonProperty("client-keystore-password") + @JsonProperty(CLIENT_KEYSTORE_PASSWORD) protected String clientKeystorePassword; - @JsonProperty("client-key-password") + @JsonProperty(CLIENT_KEY_PASSWORD) protected String clientKeyPassword; - @JsonProperty("request-object-signing-keystore-file") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_FILE) protected String requestObjectSigningKeyStoreFile; - @JsonProperty("request-object-signing-keystore-password") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD) protected String requestObjectSigningKeyStorePassword; - @JsonProperty("request-object-signing-key-password") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_PASSWORD) protected String requestObjectSigningKeyPassword; - @JsonProperty("request-object-signing-key-alias") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_ALIAS) protected String requestObjectSigningKeyAlias; - @JsonProperty("request-object-signing-keystore-type") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE) protected String requestObjectSigningKeyStoreType; - @JsonProperty("connection-pool-size") + @JsonProperty(CONNECTION_POOL_SIZE) protected int connectionPoolSize = 20; - @JsonProperty("always-refresh-token") + @JsonProperty(ALWAYS_REFRESH_TOKEN) protected boolean alwaysRefreshToken = false; - @JsonProperty("register-node-at-startup") + @JsonProperty(REGISTER_NODE_AT_STARTUP) protected boolean registerNodeAtStartup = false; - @JsonProperty("register-node-period") + @JsonProperty(REGISTER_NODE_PERIOD) protected int registerNodePeriod = -1; - @JsonProperty("token-store") + @JsonProperty(TOKEN_STORE) protected String tokenStore; - @JsonProperty("adapter-state-cookie-path") + @JsonProperty(ADAPTER_STATE_COOKIE_PATH) protected String tokenCookiePath; - @JsonProperty("principal-attribute") + @JsonProperty(PRINCIPAL_ATTRIBUTE) protected String principalAttribute; - @JsonProperty("turn-off-change-session-id-on-login") + @JsonProperty(TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN) protected Boolean turnOffChangeSessionIdOnLogin; - @JsonProperty("token-minimum-time-to-live") + @JsonProperty(TOKEN_MINIMUM_TIME_TO_LIVE) protected int tokenMinimumTimeToLive = 0; - @JsonProperty("min-time-between-jwks-requests") + @JsonProperty(MIN_TIME_BETWEEN_JWKS_REQUESTS) protected int minTimeBetweenJwksRequests = 10; - @JsonProperty("public-key-cache-ttl") + @JsonProperty(PUBLIC_KEY_CACHE_TTL) protected int publicKeyCacheTtl = 86400; // 1 day // https://tools.ietf.org/html/rfc7636 - @JsonProperty("enable-pkce") + @JsonProperty(ENABLE_PKCE) protected boolean pkce = false; - @JsonProperty("ignore-oauth-query-parameter") + @JsonProperty(IGNORE_OAUTH_QUERY_PARAMETER) protected boolean ignoreOAuthQueryParameter = false; - @JsonProperty("verify-token-audience") + @JsonProperty(VERIFY_TOKEN_AUDIENCE) protected boolean verifyTokenAudience = false; - @JsonProperty("confidential-port") + @JsonProperty(CONFIDENTIAL_PORT) protected int confidentialPort; - @JsonProperty("resource") + @JsonProperty(RESOURCE) protected String resource; - @JsonProperty("use-resource-role-mappings") + @JsonProperty(USE_RESOURCE_ROLE_MAPPINGS) protected boolean useResourceRoleMappings; - @JsonProperty("use-realm-role-mappings") + @JsonProperty(USE_REALM_ROLE_MAPPINGS) protected boolean useRealmRoleMappings = true; - @JsonProperty("enable-cors") + @JsonProperty(ENABLE_CORS) protected boolean cors; - @JsonProperty("cors-max-age") + @JsonProperty(CORS_MAX_AGE) protected int corsMaxAge = -1; - @JsonProperty("cors-allowed-headers") + @JsonProperty(CORS_ALLOWED_HEADERS) protected String corsAllowedHeaders; - @JsonProperty("cors-allowed-methods") + @JsonProperty(CORS_ALLOWED_METHODS) protected String corsAllowedMethods; - @JsonProperty("cors-exposed-headers") + @JsonProperty(CORS_EXPOSED_HEADERS) protected String corsExposedHeaders; - @JsonProperty("expose-token") + @JsonProperty(EXPOSE_TOKEN) protected boolean exposeToken; - @JsonProperty("bearer-only") + @JsonProperty(BEARER_ONLY) protected boolean bearerOnly; - @JsonProperty("autodetect-bearer-only") + @JsonProperty(AUTODETECT_BEARER_ONLY) protected boolean autodetectBearerOnly; - @JsonProperty("enable-basic-auth") + @JsonProperty(ENABLE_BASIC_AUTH) protected boolean enableBasicAuth; - @JsonProperty("public-client") + @JsonProperty(PUBLIC_CLIENT) protected boolean publicClient; - @JsonProperty("credentials") + @JsonProperty(CREDENTIALS) protected Map credentials = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); - @JsonProperty("redirect-rewrite-rules") + @JsonProperty(REDIRECT_REWRITE_RULES) protected Map redirectRewriteRules; - @JsonProperty("realm") + @JsonProperty(REALM) protected String realm; - @JsonProperty("realm-public-key") + @JsonProperty(REALM_PUBLIC_KEY) protected String realmKey; - @JsonProperty("auth-server-url") + @JsonProperty(AUTH_SERVER_URL) protected String authServerUrl; - @JsonProperty("ssl-required") + @JsonProperty(SSL_REQUIRED) protected String sslRequired; - @JsonProperty("provider-url") + @JsonProperty(PROVIDER_URL) protected String providerUrl; - @JsonProperty("client-id") + @JsonProperty(CLIENT_ID_JSON_VALUE) protected String clientId; - @JsonProperty("token-signature-algorithm") + @JsonProperty(TOKEN_SIGNATURE_ALGORITHM) protected String tokenSignatureAlgorithm = DEFAULT_TOKEN_SIGNATURE_ALGORITHM; - @JsonProperty("scope") + @JsonProperty(SCOPE) protected String scope; - @JsonProperty("authentication-request-format") + @JsonProperty(AUTHENTICATION_REQUEST_FORMAT) protected String authenticationRequestFormat; - @JsonProperty("request-object-signing-algorithm") + @JsonProperty(REQUEST_OBJECT_SIGNING_ALGORITHM) protected String requestObjectSigningAlgorithm; - @JsonProperty("request-object-encryption-alg-value") + @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ALG_VALUE) protected String requestObjectEncryptionAlgValue; - @JsonProperty("request-object-encryption-enc-value") + @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ENC_VALUE) protected String requestObjectEncryptionEncValue; /** * The Proxy url to use for requests to the auth-server, configurable via the adapter config property {@code proxy-url}. */ - @JsonProperty("proxy-url") + @JsonProperty(PROXY_URL) protected String proxyUrl; public boolean isAllowAnyHostname() { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index b604af8a8f8..6eb698160a0 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -413,12 +413,12 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + Oidc.PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + Oidc.PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + Oidc.SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + Oidc.CREDENTIALS + "\" : {\n" + + " \"" + Oidc.ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index fdda1aac447..4dede8b5ed6 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -44,8 +44,28 @@ import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT1_USER; import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_PASSWORD; import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_USER; +import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL; +import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT; +import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS; +import static org.wildfly.security.http.oidc.Oidc.ClientCredentialsProviderType; +import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL; import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT; +import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE; +import static org.wildfly.security.http.oidc.Oidc.RESOURCE; +import static org.wildfly.security.http.oidc.Oidc.REALM; +import static org.wildfly.security.http.oidc.Oidc.SCOPE; +import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; @@ -664,13 +684,13 @@ private InputStream getOidcConfigurationInputStream(String clientSecret) { private InputStream getOidcConfigurationInputStream(String clientSecret, String authServerUrl) { String oidcConfig = "{\n" + - " \"realm\" : \"" + TEST_REALM + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"auth-server-url\" : \"" + authServerUrl + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + clientSecret + "\"\n" + + " \"" + REALM + "\" : \"" + TEST_REALM + "\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + AUTH_SERVER_URL + "\" : \"" + authServerUrl + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + clientSecret + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -678,12 +698,12 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -691,12 +711,12 @@ private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpres private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"${oidc.provider.url}\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"${oidc.provider.url}\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -704,12 +724,12 @@ private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression( private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -717,11 +737,11 @@ private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash( private InputStream getOidcConfigurationMissingRequiredOption() { String oidcConfig = "{\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -729,45 +749,43 @@ private InputStream getOidcConfigurationMissingRequiredOption() { private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() { String oidcConfig = "{\n" + - " \"token-signature-algorithm\" : \"RS256\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + TOKEN_SIGNATURE_ALGORITHM + "\" : \"RS256\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"scope\" : \"" + scopeValue + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SCOPE + "\" : \"" + scopeValue + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + - " \"scope\" : \"profile email phone\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" + + " \"" + SCOPE + "\" : \"profile email phone\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -775,16 +793,15 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r private InputStream getOidcConfigurationInputStreamWithoutEncValue(String requestParameter, String encryptionAlgorithm){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"scope\" : \"profile email phone\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + SCOPE + "\" : \"profile email phone\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -792,22 +809,22 @@ private InputStream getOidcConfigurationInputStreamWithoutEncValue(String reques private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod, String keyStorePath, String alias, String keyStoreType){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + - " \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" + - " \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" + - " \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" + - " \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" + - " \"request-object-signing-key-alias\" : \"" + alias + "\",\n" + - " \"scope\" : \"email phone profile\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_FILE + "\" : \"" + keyStorePath + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE + "\" : \"" + keyStoreType + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEY_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEY_ALIAS + "\" : \"" + alias + "\",\n" + + " \"" + SCOPE + "\" : \"email phone profile\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -815,26 +832,26 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r private InputStream getOidcConfigurationInputStreamWithRequestObjectPublicClient(String requestParameter, String signingAlgorithm){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"true\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"scope\" : \"email phone profile\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"true\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + SCOPE + "\" : \"email phone profile\"\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { String oidcConfig = "{\n" + - " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PRINCIPAL_ATTRIBUTE + "\" : \"" + principalAttributeValue + "\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -842,13 +859,13 @@ private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String static InputStream getTenantConfigWithAuthServerUrl(String tenant) { String oidcConfig = "{\n" + - " \"realm\" : \"" + tenant + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"auth-server-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + REALM + "\" : \"" + tenant + "\",\n" + + " \""+ RESOURCE +"\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT +"\" : \"false\",\n" + + " \"" + AUTH_SERVER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -856,12 +873,12 @@ static InputStream getTenantConfigWithAuthServerUrl(String tenant) { static InputStream getTenantConfigWithProviderUrl(String tenant) { String oidcConfig = "{\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); From 882fae78ad58f37e64ebe7268392ad78d06db102 Mon Sep 17 00:00:00 2001 From: R Searls Date: Mon, 26 Aug 2024 11:17:17 -0400 Subject: [PATCH 47/75] [ELY-2797] check for null Boolean and return boolean --- .../http/oidc/OidcProviderMetadata.java | 24 +- .../http/oidc/OidcProviderMetadataTest.java | 378 ++++++++++++++++++ 2 files changed, 390 insertions(+), 12 deletions(-) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java index 6c964dbfe1b..7619a89b4b0 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java @@ -329,8 +329,8 @@ public void setClaimTypesSupported(List claimTypesSupported) { this.claimTypesSupported = claimTypesSupported; } - public Boolean getClaimsParameterSupported() { - return claimsParameterSupported; + public boolean getClaimsParameterSupported() { + return claimsParameterSupported == null ? false : claimsParameterSupported; } public void setClaimsParameterSupported(Boolean claimsParameterSupported) { @@ -345,16 +345,16 @@ public void setScopesSupported(List scopesSupported) { this.scopesSupported = scopesSupported; } - public Boolean getRequestParameterSupported() { - return requestParameterSupported; + public boolean getRequestParameterSupported() { + return requestParameterSupported == null ? false : requestParameterSupported; } public void setRequestParameterSupported(Boolean requestParameterSupported) { this.requestParameterSupported = requestParameterSupported; } - public Boolean getRequestUriParameterSupported() { - return requestUriParameterSupported; + public boolean getRequestUriParameterSupported() { + return requestUriParameterSupported == null ? false : requestUriParameterSupported; } public void setRequestUriParameterSupported(Boolean requestUriParameterSupported) { @@ -393,12 +393,12 @@ public void setRevocationEndpointAuthSigningAlgValuesSupported(List revo this.revocationEndpointAuthSigningAlgValuesSupported = revocationEndpointAuthSigningAlgValuesSupported; } - public Boolean getBackchannelLogoutSupported() { - return backchannelLogoutSupported; + public boolean getBackchannelLogoutSupported() { + return backchannelLogoutSupported == null ? false : backchannelLogoutSupported; } - public Boolean getBackchannelLogoutSessionSupported() { - return backchannelLogoutSessionSupported; + public boolean getBackchannelLogoutSessionSupported() { + return backchannelLogoutSessionSupported == null ? false : backchannelLogoutSessionSupported; } public void setBackchannelLogoutSessionSupported(Boolean backchannelLogoutSessionSupported) { @@ -416,8 +416,8 @@ public List getCodeChallengeMethodsSupported() { // KEYCLOAK-6771 Certificate Bound Token // https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.2 - public Boolean getTlsClientCertificateBoundAccessTokens() { - return tlsClientCertificateBoundAccessTokens; + public boolean getTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens == null ? false : tlsClientCertificateBoundAccessTokens; } public List getRequestObjectEncryptionAlgValuesSupported() { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java new file mode 100644 index 00000000000..3773451f682 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java @@ -0,0 +1,378 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import org.wildfly.security.jose.util.JsonSerialization; + +import org.junit.BeforeClass; +import org.junit.Test; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.List; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +/** + * Test OIDC json config class to return of values. + */ +public class OidcProviderMetadataTest { + private static OidcProviderMetadata oidcProviderMetadata; + private static OidcProviderMetadata emptyOidcProviderMetadata; + private static OidcProviderMetadata withoutOptionalsOidcProviderMetadata; + + @BeforeClass + public static void setUp() throws IOException { + // load the control data + ByteArrayInputStream is = new ByteArrayInputStream(providerMetaData.getBytes()); + oidcProviderMetadata = JsonSerialization.readValue(is, OidcProviderMetadata.class); + is.close(); + + // control data to check variable inits in OidcProviderMetadata + is = new ByteArrayInputStream(emptyProviderMetaData.getBytes()); + emptyOidcProviderMetadata = JsonSerialization.readValue(is, OidcProviderMetadata.class); + is.close(); + + is = new ByteArrayInputStream(withoutOptionalsProviderMetaData.getBytes()); + withoutOptionalsOidcProviderMetadata = JsonSerialization.readValue(is, OidcProviderMetadata.class); + is.close(); + } + + @Test + public void testIssuer() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm".equals(oidcProviderMetadata.getIssuer())); + assertTrue("http://localhost:8080/realms/myrealm".equals(withoutOptionalsOidcProviderMetadata.getIssuer())); + assertNull(emptyOidcProviderMetadata.getIssuer()); + } + + @Test + public void testAuthorizationEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/auth".equals(oidcProviderMetadata.getAuthorizationEndpoint())); + assertTrue("http://localhost:8080/auth".equals(withoutOptionalsOidcProviderMetadata.getAuthorizationEndpoint())); + assertNull(emptyOidcProviderMetadata.getAuthorizationEndpoint()); + } + + @Test + public void testTokenEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/token".equals(oidcProviderMetadata.getTokenEndpoint())); + assertTrue("http://localhost:8080/token".equals(withoutOptionalsOidcProviderMetadata.getTokenEndpoint())); + assertNull(emptyOidcProviderMetadata.getTokenEndpoint()); + } + + @Test + public void testIntrospectionEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/token/introspect".equals(oidcProviderMetadata.getIntrospectionEndpoint())); + assertTrue("http://localhost:8080/introspect".equals(withoutOptionalsOidcProviderMetadata.getIntrospectionEndpoint())); + assertNull(emptyOidcProviderMetadata.getIntrospectionEndpoint()); + } + + @Test + public void testUserinfoEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/userinfo".equals(oidcProviderMetadata.getUserinfoEndpoint())); + assertTrue("http://localhost:8080/userinfo".equals(withoutOptionalsOidcProviderMetadata.getUserinfoEndpoint())); + assertNull(emptyOidcProviderMetadata.getUserinfoEndpoint()); + } + + @Test + public void testLogoutEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/logout".equals(oidcProviderMetadata.getLogoutEndpoint())); + assertTrue("http://localhost:8080/logout".equals(withoutOptionalsOidcProviderMetadata.getLogoutEndpoint())); + assertNull(emptyOidcProviderMetadata.getLogoutEndpoint()); + } + + @Test + public void testJwksUri() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/certs".equals(oidcProviderMetadata.getJwksUri())); + assertTrue("http://localhost:8080/certs".equals(withoutOptionalsOidcProviderMetadata.getJwksUri())); + assertNull(emptyOidcProviderMetadata.getJwksUri()); + } + + @Test + public void testCheckSessionIframe() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/login-status-iframe.html".equals(oidcProviderMetadata.getCheckSessionIframe())); + assertTrue("http://localhost:8080/login-status-iframe.html".equals(withoutOptionalsOidcProviderMetadata.getCheckSessionIframe())); + assertNull(emptyOidcProviderMetadata.getCheckSessionIframe()); + } + + @Test + public void testGrantTypesSupported() throws Exception { + List l = oidcProviderMetadata.getGrantTypesSupported(); + assertTrue(l.contains("refresh_token")); + assertNull(emptyOidcProviderMetadata.getGrantTypesSupported()); + } + + @Test + public void testResponseTypesSupported() throws Exception { + List l = oidcProviderMetadata.getResponseTypesSupported(); + assertTrue(l.contains("code id_token")); + assertNull(emptyOidcProviderMetadata.getResponseTypesSupported()); + } + + @Test + public void testSubjectTypesSupported() throws Exception { + List l = oidcProviderMetadata.getSubjectTypesSupported(); + assertTrue(l.contains("pairwise")); + assertNull(emptyOidcProviderMetadata.getSubjectTypesSupported()); + } + + @Test + public void testIdTokenSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getIdTokenSigningAlgValuesSupported(); + assertTrue(l.contains("HS256")); + assertNull(emptyOidcProviderMetadata.getIdTokenSigningAlgValuesSupported()); + } + + @Test + public void testIdTokenEncryptionAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getIdTokenEncryptionAlgValuesSupported(); + assertTrue(l.contains("RSA1_5")); + assertNull(emptyOidcProviderMetadata.getIdTokenEncryptionAlgValuesSupported()); + } + + @Test + public void testIdTokenEncryptionEncValuesSupported() throws Exception { + List l = oidcProviderMetadata.getIdTokenEncryptionEncValuesSupported(); + assertTrue(l.contains("A128CBC-HS256")); + assertNull(emptyOidcProviderMetadata.getIdTokenEncryptionEncValuesSupported()); + } + + @Test + public void testUserInfoSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getUserInfoSigningAlgValuesSupported(); + assertTrue(l.contains("EdDSA")); + assertNull(emptyOidcProviderMetadata.getUserInfoSigningAlgValuesSupported()); + } + + @Test + public void testRequestObjectSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRequestObjectSigningAlgValuesSupported(); + assertTrue(l.contains("RS384")); + assertNull(emptyOidcProviderMetadata.getRequestObjectSigningAlgValuesSupported()); + assertNull(withoutOptionalsOidcProviderMetadata.getRequestObjectSigningAlgValuesSupported()); + } + + @Test + public void testResponseModesSupported() throws Exception { + List l = oidcProviderMetadata.getResponseModesSupported(); + assertTrue(l.contains("query.jwt")); + assertNull(emptyOidcProviderMetadata.getResponseModesSupported()); + } + + @Test + public void testRegistrationEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/clients-registrations/openid-connect".equals(oidcProviderMetadata.getRegistrationEndpoint())); + assertTrue("http://localhost:8080/openid-connect".equals(withoutOptionalsOidcProviderMetadata.getRegistrationEndpoint())); + assertNull(emptyOidcProviderMetadata.getRegistrationEndpoint()); + } + + @Test + public void testTokenEndpointAuthMethodsSupported() throws Exception { + List l = oidcProviderMetadata.getTokenEndpointAuthMethodsSupported(); + assertTrue(l.contains("client_secret_basic")); + assertNull(emptyOidcProviderMetadata.getTokenEndpointAuthMethodsSupported()); + } + + @Test + public void testTokenEndpointAuthSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getTokenEndpointAuthSigningAlgValuesSupported(); + assertTrue(l.contains("PS384")); + assertNull(emptyOidcProviderMetadata.getTokenEndpointAuthSigningAlgValuesSupported()); + } + + @Test + public void testClaimsSupported() throws Exception { + List l = oidcProviderMetadata.getClaimsSupported(); + assertTrue(l.contains("given_name")); + assertNull(emptyOidcProviderMetadata.getClaimsSupported()); + } + + @Test + public void testClaimTypesSupported() throws Exception { + List l = oidcProviderMetadata.getClaimTypesSupported(); + assertTrue(l.contains("normal")); + assertNull(emptyOidcProviderMetadata.getClaimTypesSupported()); + } + + @Test + public void testClaimsParameterSupported() throws Exception { + assertTrue(oidcProviderMetadata.getClaimsParameterSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getClaimsParameterSupported()); + } + + @Test + public void testScopesSupported() throws Exception { + List l = oidcProviderMetadata.getScopesSupported(); + assertTrue(l.contains("offline_access")); + assertNull(emptyOidcProviderMetadata.getScopesSupported()); + } + + @Test + public void testRequestParameterSupported() throws Exception { + assertTrue(oidcProviderMetadata.getRequestParameterSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getRequestParameterSupported()); + } + + @Test + public void testRequestUriParameterSupported() throws Exception { + assertTrue(oidcProviderMetadata.getRequestUriParameterSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getRequestUriParameterSupported()); + } + + @Test + public void testPushedAuthorizationRequestEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/ext/par/request".equals(oidcProviderMetadata.getPushedAuthorizationRequestEndpoint())); + assertNull(emptyOidcProviderMetadata.getPushedAuthorizationRequestEndpoint()); + assertNull(withoutOptionalsOidcProviderMetadata.getPushedAuthorizationRequestEndpoint()); + } + + @Test + public void testRevocationEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/revoke".equals(oidcProviderMetadata.getRevocationEndpoint())); + assertTrue("http://localhost:8080/revoke".equals(withoutOptionalsOidcProviderMetadata.getRevocationEndpoint())); + assertNull(emptyOidcProviderMetadata.getRevocationEndpoint()); + } + + @Test + public void testRevocationEndpointAuthMethodsSupported() throws Exception { + List l = oidcProviderMetadata.getRevocationEndpointAuthMethodsSupported(); + assertTrue(l.contains("client_secret_basic")); + assertNull(emptyOidcProviderMetadata.getRevocationEndpointAuthMethodsSupported()); + } + + @Test + public void testRevocationEndpointAuthSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRevocationEndpointAuthSigningAlgValuesSupported(); + assertTrue(l.contains("RS384")); + assertNull(emptyOidcProviderMetadata.getRevocationEndpointAuthSigningAlgValuesSupported()); + } + + @Test + public void testBackchannelLogoutSupported() throws Exception { + assertTrue(oidcProviderMetadata.getBackchannelLogoutSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getBackchannelLogoutSupported()); + } + + @Test + public void testBackchannelLogoutSessionSupported() throws Exception { + assertTrue(oidcProviderMetadata.getBackchannelLogoutSessionSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getBackchannelLogoutSessionSupported()); + } + + @Test + public void testCodeChallengeMethodsSupported() throws Exception { + List l = oidcProviderMetadata.getCodeChallengeMethodsSupported(); + assertTrue(l.contains("S256")); + assertNull(emptyOidcProviderMetadata.getCodeChallengeMethodsSupported()); + } + + @Test + public void testTlsClientCertificateBoundAccessTokens() throws Exception { + assertTrue(oidcProviderMetadata.getTlsClientCertificateBoundAccessTokens()); + assertFalse(withoutOptionalsOidcProviderMetadata.getTlsClientCertificateBoundAccessTokens()); + } + + @Test + public void testRequestObjectEncryptionEncValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported(); + assertTrue(l.contains("A192GCM")); + assertNull(emptyOidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported()); + assertNull(withoutOptionalsOidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported()); + } + + @Test + public void testRequestObjectEncryptionAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported(); + assertTrue(l.contains("RSA1_5")); + assertNull(emptyOidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported()); + assertNull(withoutOptionalsOidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported()); + } + + // Control data taken from keycloak + private static final String providerMetaData = "{\n" + + "\"issuer\":\"http://localhost:8080/realms/myrealm\"\n" + + ",\"authorization_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/auth\"\n" + + ",\"token_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/token\"\n" + + ",\"introspection_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/token/introspect\"\n" + + ",\"userinfo_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/userinfo\"\n" + + ",\"end_session_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/logout\"\n" + + ",\"jwks_uri\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/certs\"\n" + + ",\"check_session_iframe\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/login-status-iframe.html\"\n" + + ",\"grant_types_supported\":[\"authorization_code\",\"implicit\",\"refresh_token\",\"password\",\"client_credentials\",\"urn:openid:params:grant-type:ciba\",\"urn:ietf:params:oauth:grant-type:device_code\"]\n" + + ",\"response_types_supported\":[\"code\",\"none\",\"id_token\",\"token\",\"id_token token\",\"code id_token\",\"code token\",\"code id_token token\"]\n" + + ",\"subject_types_supported\":[\"public\",\"pairwise\"]\n" + + ",\"id_token_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]\n" + + ",\"id_token_encryption_alg_values_supported\":[\"RSA-OAEP\",\"RSA-OAEP-256\",\"RSA1_5\"]\n" + + ",\"id_token_encryption_enc_values_supported\":[\"A256GCM\",\"A192GCM\",\"A128GCM\",\"A128CBC-HS256\",\"A192CBC-HS384\",\"A256CBC-HS512\"]\n" + + ",\"userinfo_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\",\"none\"]\n" + + ",\"request_object_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\",\"none\"]\n" + + ",\"response_modes_supported\":[\"query\",\"fragment\",\"form_post\",\"query.jwt\",\"fragment.jwt\",\"form_post.jwt\",\"jwt\"]\n" + + ",\"registration_endpoint\":\"http://localhost:8080/realms/myrealm/clients-registrations/openid-connect\"\n" + + ",\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\",\"tls_client_auth\",\"client_secret_jwt\"]\n" + + ",\"token_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]\n" + + ",\"claims_supported\":[\"aud\",\"sub\",\"iss\",\"auth_time\",\"name\",\"given_name\",\"family_name\",\"preferred_username\",\"email\",\"acr\"]\n" + + ",\"claim_types_supported\":[\"normal\"]\n" + + ",\"claims_parameter_supported\":true\n" + + ",\"scopes_supported\":[\"openid\",\"address\",\"profile\",\"offline_access\",\"microprofile-jwt\",\"acr\",\"web-origins\",\"basic\",\"email\",\"roles\",\"phone\"]\n" + + ",\"request_parameter_supported\":true\n" + + ",\"request_uri_parameter_supported\":true\n" + + ",\"pushed_authorization_request_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/ext/par/request\"\n" + + ",\"revocation_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/revoke\"\n" + + ",\"revocation_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\",\"tls_client_auth\",\"client_secret_jwt\"]\n" + + ",\"revocation_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]\n" + + ",\"backchannel_logout_supported\":true\n" + + ",\"backchannel_logout_session_supported\":true\n" + + ",\"code_challenge_methods_supported\":[\"plain\",\"S256\"]\n" + + ",\"tls_client_certificate_bound_access_tokens\":true\n" + + ",\"request_object_encryption_enc_values_supported\":[\"A256GCM\",\"A192GCM\",\"A128GCM\",\"A128CBC-HS256\",\"A192CBC-HS384\",\"A256CBC-HS512\"]\n" + + ",\"request_object_encryption_alg_values_supported\":[\"RSA-OAEP\",\"RSA-OAEP-256\",\"RSA1_5\"]\n" + + "}"; + + private static final String emptyProviderMetaData = "{}"; + + private static final String withoutOptionalsProviderMetaData = "{\n" + + "\"issuer\":\"http://localhost:8080/realms/myrealm\"\n" + + ",\"authorization_endpoint\":\"http://localhost:8080/auth\"\n" + + ",\"token_endpoint\":\"http://localhost:8080/token\"\n" + + ",\"introspection_endpoint\":\"http://localhost:8080/introspect\"\n" + + ",\"userinfo_endpoint\":\"http://localhost:8080/userinfo\"\n" + + ",\"end_session_endpoint\":\"http://localhost:8080/logout\"\n" + + ",\"jwks_uri\":\"http://localhost:8080/certs\"\n" + + ",\"check_session_iframe\":\"http://localhost:8080/login-status-iframe.html\"\n" + + ",\"grant_types_supported\":[\"authorization_code\",\"implicit\"]\n" + + ",\"response_types_supported\":[\"code\",\"none\",\"id_token\",\"token\"]\n" + + ",\"subject_types_supported\":[\"public\",\"pairwise\"]\n" + + ",\"id_token_signing_alg_values_supported\":[\"PS384\"]\n" + + ",\"id_token_encryption_alg_values_supported\":[\"RSA-OAEP\",\"RSA-OAEP-256\",\"RSA1_5\"]\n" + + ",\"id_token_encryption_enc_values_supported\":[\"A256GCM\"]\n" + + ",\"userinfo_signing_alg_values_supported\":[\"PS384\",\"none\"]\n" + + ",\"response_modes_supported\":[\"query\",\"fragment\",\"form_post.jwt\",\"jwt\"]\n" + + ",\"registration_endpoint\":\"http://localhost:8080/openid-connect\"\n" + + ",\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\"]\n" + + ",\"token_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\"]\n" + + ",\"claims_supported\":[\"aud\",\"sub\"]\n" + + ",\"claim_types_supported\":[\"normal\"]\n" + + ",\"scopes_supported\":[\"openid\",\"address\",\"profile\"]\n" + + ",\"revocation_endpoint\":\"http://localhost:8080/revoke\"\n" + + ",\"revocation_endpoint_auth_methods_supported\":[\"private_key_jwt\"]\n" + + ",\"revocation_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\"]\n" + + ",\"code_challenge_methods_supported\":[\"plain\",\"S256\"]\n" + + "}"; +} From 5ed42fd628815a297bc154d26bcbbd4d9886a56b Mon Sep 17 00:00:00 2001 From: petrberan Date: Fri, 3 Jun 2022 14:17:43 +0200 Subject: [PATCH 48/75] [ELY-2082] Optimise Tool Help Text --- pom.xml | 6 + tool/pom.xml | 4 + .../security/tool/CredentialStoreCommand.java | 21 +-- .../wildfly/security/tool/ElytronTool.java | 37 ++++-- .../security/tool/ElytronToolMessages.java | 35 ++--- .../tool/FileSystemEncryptRealmCommand.java | 21 +-- .../security/tool/FileSystemRealmCommand.java | 21 +-- .../tool/FileSystemRealmIntegrityCommand.java | 21 +-- .../wildfly/security/tool/MaskCommand.java | 21 +-- .../wildfly/security/tool/VaultCommand.java | 21 +-- .../security/tool/help/CommandsSection.java | 114 ++++++++++++++++ .../tool/help/DescriptionSection.java | 43 ++++++ .../security/tool/help/HelpCommand.java | 115 +++++++++++++++++ .../security/tool/help/HelpSection.java | 122 ++++++++++++++++++ .../security/tool/help/OptionsSection.java | 55 ++++++++ .../security/tool/help/UsageSection.java | 56 ++++++++ 16 files changed, 641 insertions(+), 72 deletions(-) create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java diff --git a/pom.xml b/pom.xml index f3fdca5b17d..a8777581051 100644 --- a/pom.xml +++ b/pom.xml @@ -100,6 +100,7 @@ 2.40.0 2.3.0 3.1.0.Final + 2.7 INFO @@ -1001,6 +1002,11 @@ jose4j ${version.org.bitbucket.b_c.jose4j} + + org.aesh + aesh + ${version.org.aesh} + diff --git a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java index 493d5df134c..3f6d765d73a 100644 --- a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java @@ -46,7 +46,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; @@ -69,6 +68,10 @@ import org.wildfly.security.password.interfaces.ClearPassword; import org.wildfly.security.pem.Pem; import org.wildfly.security.ssh.util.SshUtil; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import static org.wildfly.security.tool.Params.ALIAS_PARAM; import static org.wildfly.security.tool.Params.CREATE_CREDENTIAL_STORE_PARAM; @@ -959,13 +962,15 @@ protected Set aliases() { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), CREDENTIAL_STORE_COMMAND), - ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(CREDENTIAL_STORE_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } static Map parseCredentialStoreProperties(final String attributeString) { diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java b/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java index 2cae692d978..1111c9ad6af 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java @@ -20,10 +20,17 @@ import org.apache.commons.cli.AlreadySelectedException; import org.apache.commons.cli.Option; import org.wildfly.security.WildFlyElytronProvider; +import org.wildfly.security.tool.help.CommandsSection; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import java.security.Security; import java.util.HashMap; import java.util.Map; +import java.util.SortedMap; +import java.util.TreeMap; /** * Elytron Tool main class which drives all registered commands. @@ -131,15 +138,27 @@ private static void configureLogManager() { } private void generalHelp() { - System.out.print(ElytronToolMessages.msg.generalHelpTitle()); - System.out.println(); - for (Command c: commandRegistry.values()) { - if (scriptName != null) { - c.setToolCommand(scriptName); - } - c.help(); - System.out.println(); - } + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdElytronToolDescription()); + UsageSection usageSection = new UsageSection(null, null); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.generalHelpOptionsOpening(), null); + + // Using SortedMap so commands are in alphabetical order + SortedMap commandsMap = new TreeMap<>(); + commandsMap.put(CredentialStoreCommand.CREDENTIAL_STORE_COMMAND, ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader()); + commandsMap.put(VaultCommand.VAULT_COMMAND, ElytronToolMessages.msg.cmdVaultHelpHeader()); + commandsMap.put(FileSystemRealmCommand.FILE_SYSTEM_REALM_COMMAND, ElytronToolMessages.msg.cmdFileSystemRealmHelpHeader()); + commandsMap.put(FileSystemEncryptRealmCommand.FILE_SYSTEM_ENCRYPT_COMMAND, ElytronToolMessages.msg.cmdFileSystemEncryptHelpHeader()); + commandsMap.put(MaskCommand.MASK_COMMAND, ElytronToolMessages.msg.cmdMaskHelpHeader()); + commandsMap.put(FileSystemRealmIntegrityCommand.FILE_SYSTEM_REALM_INTEGRITY_COMMAND, ElytronToolMessages.msg.cmdFileSystemIntegrityHelpHeader()); + CommandsSection commandsSection = new CommandsSection(commandsMap); + + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .commands(commandsSection) + .build(); + helpCommand.printHelp(); } Command findCommand(String commandName) { diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java index 6a023c4f1d2..4b876d33b25 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java @@ -105,25 +105,25 @@ public interface ElytronToolMessages extends BasicLogger { "Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.") String cmdLineCustomCredentialStoreProviderDesc(); - @Message(id = NONE, value = "Create credential store (Action)") + @Message(id = NONE, value = "* Create credential store") String cmdLineCreateCredentialStoreDesc(); @Message(id = NONE, value = "Credential store type") String cmdLineCredentialStoreTypeDesc(); - @Message(id = NONE, value = "Add new alias to the credential store (Action)") + @Message(id = NONE, value = "* Add new alias to the credential store") String cmdLineAddAliasDesc(); - @Message(id = NONE, value = "Remove alias from the credential store (Action)") + @Message(id = NONE, value = "* Remove alias from the credential store") String cmdLineRemoveAliasDesc(); - @Message(id = NONE, value = "Check if alias exists within the credential store (Action)") + @Message(id = NONE, value = "* Check if alias exists within the credential store") String cmdLineCheckAliasDesc(); - @Message(id = NONE, value = "Display all aliases (Action)") + @Message(id = NONE, value = "* Display all aliases") String cmdLineAliasesDesc(); - @Message(id = NONE, value = "Display all types of stored credentials for given alias (Action)") + @Message(id = NONE, value = "* Display all types of stored credentials for given alias") String cmdLineAliasTypes(); @Message(id = NONE, value = "Generate private and public key pair and store them as a KeyPairCredential") @@ -159,7 +159,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Print summary, especially command how to create this credential store") String cmdLinePrintSummary(); - @Message(id = NONE, value = "Get help with usage of this command (Action)") + @Message(id = NONE, value = "* Get help with usage of this command") String cmdLineHelp(); @Message(id = NONE, value = "Alias \"%s\" exists") @@ -281,7 +281,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "CLI command to add new credential store:%n") String cliCommandToNewCredentialStore(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. All options have no default value and should be set in the file. (Action)%n" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. All options have no default value and should be set in the file.%n" + "All options are required with the exceptions:%n" + " - \"properties\" option%n - \"type\" option (defaults to \"KeyStoreCredentialStore\")%n - \"credential-store-provider\" option%n - \"other-providers\" option%n" + " - \"salt\" and \"iteration\" options can be omitted when plain-text password is used%n" + @@ -406,7 +406,7 @@ public interface ElytronToolMessages extends BasicLogger { String longOptionDescription(String option, String longOption); // filesystem-realm command - @Message(id = NONE, value = "'FileSystemRealm' command is used to convert legacy properties files and scripts to an Elytron FileSystemRealm.") + @Message(id = NONE, value = "\"filesystem-realm\" command is used to convert legacy properties files and scripts to an Elytron FileSystemRealm.") String cmdFileSystemRealmHelpHeader(); @Message(id = NONE, value = "The relative or absolute path to the users file.") @@ -489,7 +489,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Name of the security-domain to be configured.") String cmdFileSystemRealmSecurityDomainNameDesc(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %n" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. Optional options have default values, required options do not.%n" + "The options fileSystemRealmName and securityDomainName are optional. %n" + "These optional options have default values of: converted-properties-filesystem-realm and converted-properties-security-domain. %n" + "Values are required for the following options: users-file, roles-file, and output-location. %n" + @@ -498,7 +498,7 @@ public interface ElytronToolMessages extends BasicLogger { "Blocks of options must be separated by a blank line.") String cmdFileSystemRealmBulkConvertDesc(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %n" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. Optional options have default values, required options do not. %n" + "The options realm-name, hash-encoding, levels, secret-key, create, populate, keystore, type, password, password-env, and key-pair are optional. %n" + "Values are required for the following options: input-location, output-location, and credential-store. %n" + "The default values of realm-name, hash-encoding, hash-charset, levels, secret-key, create, and populate are encrypted-filesystem-realm, BASE64, UTF-8, 2, key, true, and true respectively. %n" + @@ -508,7 +508,7 @@ public interface ElytronToolMessages extends BasicLogger { "Blocks of options must be separated by a blank line.") String cmdFileSystemRealmEncryptBulkConvertDesc(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. (Action)" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. " + "Optional options have defaults and can be skipped ([type, default_or_NULL]), required options do not (). %n" + "One of either password or password-env is required. %n" + "Blocks of options must be separated by a blank line; order is not important. Syntax: %n" + @@ -519,7 +519,7 @@ public interface ElytronToolMessages extends BasicLogger { String cmdFileSystemRealmIntegrityBulkConvertDesc(); // filesystem-realm encrypt command - @Message(id = NONE, value = "'FileSystemRealmEncrypt' command is used to convert non-empty, un-encrypted FileSystemSecurityRealm(s) to encrypted FileSystemSecurityRealm(s) with a SecretKey.") + @Message(id = NONE, value = "\"filesystem-realm-encrypt\" command is used to convert non-empty, un-encrypted FileSystemSecurityRealm(s) to encrypted FileSystemSecurityRealm(s) with a SecretKey.") String cmdFileSystemEncryptHelpHeader(); @Message(id = NONE, value = "Secret Key was not found in the Credential Store at %s, and populate option was not set. Skipping descriptor file block number %d.") @@ -669,7 +669,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Should file %s be overwritten? (y/n) ") String shouldFileBeOverwritten(String file); - @Message(id = NONE, value = "\nSome of the parameters below are mutually exclusive actions which are marked with (Action) in the description.") + @Message(id = NONE, value = "Some of the parameters below are mutually exclusive actions which are marked with * in the description.") String cmdLineActionsHelpHeader(); @Message(id = NONE, value = "Key size (bits).") @@ -738,8 +738,13 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "No Credential Store location or Secret Key Alias specified.") MissingOptionException missingCredentialStoreSecretKey(); + @Message(id = NONE, value = "To get list of options for a specific command, please specify the command by using ./elytron-tool.sh [command] --help") + String generalHelpOptionsOpening(); + + @Message(id = NONE, value = "A tool that assists with Elytron configuration") + String cmdElytronToolDescription(); + // Numeric Errors @Message(id = 35, value = "Only one of '%s' and '%s' can be specified at the same time") IllegalArgumentException mutuallyExclusiveOptions(String first, String second); - } diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java index c5e858827a4..844332d76de 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java @@ -65,7 +65,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; @@ -73,6 +72,10 @@ import org.wildfly.security.auth.realm.FileSystemSecurityRealm; import org.wildfly.security.auth.realm.FileSystemSecurityRealmBuilder; import org.wildfly.security.password.spec.Encoding; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; /** * Elytron-Tool command to convert un-encrypted FileSystemRealms into an encrypted realm with the use of a SecretKey. @@ -576,13 +579,15 @@ public void execute(String[] args) throws Exception { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), FILE_SYSTEM_ENCRYPT_COMMAND), - ElytronToolMessages.msg.cmdFileSystemEncryptHelpHeader(), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(FILE_SYSTEM_ENCRYPT_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdFileSystemEncryptHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } /** diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java index 2bf21d4e484..aff167ece0b 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java @@ -48,7 +48,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.lang3.ArrayUtils; @@ -63,6 +62,10 @@ import org.wildfly.security.password.interfaces.DigestPassword; import org.wildfly.security.password.spec.DigestPasswordSpec; import org.wildfly.security.password.spec.PasswordSpec; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; /** * Elytron-Tool command to convert legacy properties file into a FileSystemRealm. @@ -298,13 +301,15 @@ public void execute(String[] args) throws Exception { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), FILE_SYSTEM_REALM_COMMAND), - ElytronToolMessages.msg.cmdFileSystemRealmHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(FILE_SYSTEM_REALM_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdFileSystemRealmHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } @Override diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java index 176b824dfd1..33de909669f 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java @@ -72,7 +72,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; @@ -80,6 +79,10 @@ import org.wildfly.security.auth.realm.FileSystemSecurityRealm; import org.wildfly.security.auth.realm.FileSystemSecurityRealmBuilder; import org.wildfly.security.password.spec.Encoding; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; /** * Elytron Tool command to enable integrity checking in filesystem realms that previously did not have it enabled. If @@ -610,13 +613,15 @@ public void execute(String[] args) throws Exception { /** Displays the help screen for the command */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), FILE_SYSTEM_REALM_INTEGRITY_COMMAND), - ElytronToolMessages.msg.cmdFileSystemIntegrityHelpHeader(), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(FILE_SYSTEM_REALM_INTEGRITY_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdFileSystemIntegrityHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } /** diff --git a/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java b/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java index bf029f0e6ee..154a95d9582 100644 --- a/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java @@ -23,9 +23,12 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import org.wildfly.security.util.PasswordBasedEncryptionUtil; import static org.wildfly.security.tool.Params.DEBUG_PARAM; @@ -158,12 +161,14 @@ static char[] decryptMasked(String maskedPassword) throws GeneralSecurityExcepti */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), MASK_COMMAND), - ElytronToolMessages.msg.cmdMaskHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(MASK_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdMaskHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } } diff --git a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java index edf7fb18acb..3637c9ba667 100644 --- a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java @@ -54,7 +54,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.wildfly.security.auth.SupportLevel; @@ -67,6 +66,10 @@ import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore; import org.wildfly.security.credential.store.impl.VaultCredentialStore; import org.wildfly.security.password.interfaces.ClearPassword; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import org.wildfly.security.util.PasswordBasedEncryptionUtil; /** @@ -245,13 +248,15 @@ private void checkInvalidOptions(String... invalidOptions) throws Exception { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), VAULT_COMMAND), - ElytronToolMessages.msg.cmdVaultHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(VAULT_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdVaultHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } private String convertedStoreName(String encryptionDirectory, Map implProps) { diff --git a/tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java b/tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java new file mode 100644 index 00000000000..46fa6086c9c --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java @@ -0,0 +1,114 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import java.util.Map; + +/** + * Command section of Elytron help command + * + * @author Petr Beran + */ +public class CommandsSection extends HelpSection { + + private final String sectionTitle; + private final Map sectionContent; + + public CommandsSection(Map commands) { + this.sectionTitle = "Commands"; + this.sectionContent = commands; + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + if (sectionContent != null) { + + // Find the longest commandName + // This is needed to make sure that all descriptions start at the same index + int longestCommand = 0; + for (String command : sectionContent.keySet()) { + if (command.length() > longestCommand) { + longestCommand = command.length(); + } + } + for (Map.Entry command : sectionContent.entrySet()) { + formatAndPrintCommand(command.getKey(), command.getValue(), longestCommand); + } + } + } + + /** + * Formats and prints command and it's respective description + * + * @param commandName Command's name + * @param commandDescription Command's description + * @param longestCommand Length of the longest commands. Ensures that all descriptions start at the same column + */ + protected void formatAndPrintCommand(String commandName, final CharSequence commandDescription, final int longestCommand) { + CharSequence descriptionText = commandDescription; + final StringBuilder stringBuilder = new StringBuilder(); + + int minCommandAndDescGap = 4; // Gap between the longest commandName and its commandDescription + int commandDescriptionStartingIndex = longestCommand + minCommandAndDescGap + leftPadding; // Starting index of all commandDescriptions in the map + int commandDescriptionLength = lineWidth - commandDescriptionStartingIndex; + + appendGap(stringBuilder, leftPadding); + stringBuilder.append(commandName); + + // Append a gap so that all commandDescriptions in the map start at the same index + int realGap = commandDescriptionStartingIndex - leftPadding - commandName.length(); + appendGap(stringBuilder, realGap); + + // If the commandDescription fits one line, simply append it + if (descriptionText.length() <= commandDescriptionLength) { + stringBuilder.append(descriptionText); + stringBuilder.append(System.lineSeparator()); + } + else { + int lineIndex = checkForWhitespaceIndex(descriptionText, commandDescriptionLength); + + // Append the commandDescription that fits on a single line and remove it from the descriptionText + stringBuilder.append(descriptionText.subSequence(0,lineIndex)); + descriptionText = descriptionText.subSequence(lineIndex+1, descriptionText.length()); + stringBuilder.append(System.lineSeparator()); + + // Appends commandDescriptions from second row onward + while(0 < descriptionText.length()) { + + // Append a gap so that all commandDescriptions in the map start at the same index + appendGap(stringBuilder, commandDescriptionStartingIndex); + + // If the commandDescription fits one line, simply append it and end the while loop + if (descriptionText.length() <= commandDescriptionLength) { + stringBuilder.append(descriptionText); + stringBuilder.append(System.lineSeparator()); + break; + } + + lineIndex = checkForWhitespaceIndex(descriptionText, commandDescriptionLength); + + // Append the commandDescription that fits on a single line and remove it from the descriptionText + stringBuilder.append(descriptionText.subSequence(0,lineIndex)); + descriptionText = descriptionText.subSequence(lineIndex+1, descriptionText.length()); + stringBuilder.append(System.lineSeparator()); + } + } + printText(stringBuilder.toString()); + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java b/tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java new file mode 100644 index 00000000000..8721093e15f --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java @@ -0,0 +1,43 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +/** + * Description section of Elytron help command + * + * @author Petr Beran + */ +public class DescriptionSection extends HelpSection { + + private final String sectionTitle; + private final String sectionContent; + + + public DescriptionSection(String sectionContent) { + this.sectionTitle = "Description"; + this.sectionContent = sectionContent; + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + if (sectionContent != null) { + formatAndPrintSectionContext(sectionContent); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java b/tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java new file mode 100644 index 00000000000..342cd2457af --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java @@ -0,0 +1,115 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import org.aesh.readline.tty.terminal.TerminalConnection; + +import java.io.IOException; +import java.nio.charset.Charset; +import java.util.ArrayList; +import java.util.List; + +/** + * Provides help for the Elytron Tool command + * + * @author Petr Beran + */ +public class HelpCommand { + + private final List helpSections; + private static TerminalConnection terminalConnection; + + private HelpCommand(HelpCommandBuilder helpCommandBuilder) { + this.helpSections = helpCommandBuilder.helpSections; + } + + /** + * Displays all sections for the help command + */ + public void printHelp() { + if (terminalConnection == null) { + try { + terminalConnection = new TerminalConnection(Charset.defaultCharset(), System.in, System.out); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + terminalConnection.write(System.lineSeparator()); + for (HelpSection helpSection : helpSections){ + helpSection.printHelp(); + } + terminalConnection.close(); + } + + public static TerminalConnection getTerminal() { + return terminalConnection; + } + + public static class HelpCommandBuilder { + + private UsageSection usageSection; + private DescriptionSection descriptionSection; + private CommandsSection commandsSection; + private OptionsSection optionsSection; + + private final List helpSections = new ArrayList<>(); + + private HelpCommandBuilder() {} + + public static HelpCommandBuilder builder() { + return new HelpCommandBuilder(); + } + + public HelpCommandBuilder usage(UsageSection usageSection) { + this.usageSection = usageSection; + return this; + } + + public HelpCommandBuilder description(DescriptionSection descriptionSection) { + this.descriptionSection = descriptionSection; + return this; + } + + public HelpCommandBuilder commands(CommandsSection commandsSection) { + this.commandsSection = commandsSection; + return this; + } + + public HelpCommandBuilder options(OptionsSection optionsSection) { + this.optionsSection = optionsSection; + return this; + } + + public HelpCommand build() { + // Ensures that all sections are in specific order and the order cannot be tampered with + if (descriptionSection != null) { + helpSections.add(descriptionSection); + } + if (usageSection != null) { + helpSections.add(usageSection); + } + if (commandsSection != null) { + helpSections.add(commandsSection); + } + if (optionsSection != null) { + helpSections.add(optionsSection); + } + return new HelpCommand(this); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java b/tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java new file mode 100644 index 00000000000..a6f5a6727f4 --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java @@ -0,0 +1,122 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import org.aesh.readline.terminal.formatting.CharacterType; +import org.aesh.readline.terminal.formatting.Color; +import org.aesh.readline.terminal.formatting.TerminalColor; +import org.aesh.readline.terminal.formatting.TerminalString; +import org.aesh.readline.terminal.formatting.TerminalTextStyle; +import org.aesh.readline.tty.terminal.TerminalConnection; + +/** + * General section of Elytron help command + * All Elytron help command sections should extend this one + * + * @author Petr Beran + */ +public abstract class HelpSection { + + final int leftPadding = 4; + final int lineWidth = 120; + final int textWidth = lineWidth - leftPadding; + + /** + * Displays help of specific section + */ + public abstract void printHelp(); + + /** + * Formats and prints a simple block of text + * For printing commands see {@link CommandsSection} + * + * @param text Text to print + */ + protected void formatAndPrintSectionContext(final CharSequence text) { + final StringBuilder stringBuilder = new StringBuilder(); + CharSequence contentText = text; + while(0 < contentText.length()) { + appendGap(stringBuilder, leftPadding); + // If the text fits one line, simply append it and end the while loop + if (contentText.length() <= textWidth) { + stringBuilder.append(contentText); + stringBuilder.append(System.lineSeparator()); + break; + } + int lineIndex = checkForWhitespaceIndex(contentText, textWidth); + // Append the text that fits on a single line and remove it from the contentText + stringBuilder.append(contentText.subSequence(0,lineIndex)); + contentText = contentText.subSequence(lineIndex+1, contentText.length()); + stringBuilder.append(System.lineSeparator()); + } + printText(stringBuilder.toString()); + } + + /** + * Formats and prints headers across all sections + * + * @param sectionTitle Title to format and print + */ + protected void formatAndPrintTitle(String sectionTitle) { + String titleText = new TerminalString(sectionTitle.toUpperCase(), + new TerminalColor(Color.CYAN, Color.DEFAULT, Color.Intensity.BRIGHT), + new TerminalTextStyle(CharacterType.BOLD)).toString(); + printText(titleText); + System.out.print(System.lineSeparator()); + } + + /** + * Finds the index of text that still fits on a single line and is a whitespace. + * We don't want to break words at the end of the line + * + * @param text Text to iterate + * @param maxWidth Max width of the line, start of the iteration + * @return Last whitespace index before the end of the line + */ + protected int checkForWhitespaceIndex(CharSequence text, int maxWidth) { + int lastWhitespaceIndex = maxWidth; + while (0 <= lastWhitespaceIndex && !Character.isWhitespace(text.charAt(lastWhitespaceIndex))) { + lastWhitespaceIndex--; + } + return lastWhitespaceIndex; + } + + /** + * Appends a gap of certain width + * + * @param text Text to which the gap should be appended + * @param gapWidth Width of the gap + */ + protected void appendGap(StringBuilder text, int gapWidth) { + for (int i = 0; i < gapWidth; i++){ + text.append(' '); + } + } + + /** + * Prints the text via system terminal and adds a line separator at the end. Doesn't add any formatting. + * + * @param text Text to print. Leave {@code null} for just a line separator. + */ + void printText(String text) { + TerminalConnection terminalConnection = HelpCommand.getTerminal(); + if (text != null) { + terminalConnection.write(text); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java b/tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java new file mode 100644 index 00000000000..d82f0186619 --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java @@ -0,0 +1,55 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Options; +import org.wildfly.security.tool.ElytronToolMessages; + +/** + * Options section of Elytron help tool + * @author Petr Beran + */ +public class OptionsSection extends HelpSection { + + private final String sectionTitle; + private final String sectionHeader; + private final Options sectionContent; + + public OptionsSection(String sectionHeader, Options options) { + this.sectionTitle = "Options"; + this.sectionHeader = sectionHeader; + this.sectionContent = options; + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + if (sectionHeader != null) { + formatAndPrintSectionContext(sectionHeader); + } + if (sectionContent != null) { + HelpFormatter help = new HelpFormatter(); + help.setSyntaxPrefix(""); + help.setLeftPadding(4); + help.setWidth(120); + help.printHelp(ElytronToolMessages.msg.cmdHelp("", ""), sectionContent); + printText(null); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java b/tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java new file mode 100644 index 00000000000..01c235c318d --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java @@ -0,0 +1,56 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +/** + * Usage section of Elytron help command + * + * @author Petr Beran + */ +public class UsageSection extends HelpSection { + + private final String sectionTitle; + private final String sectionContent; + + public UsageSection(String command, String option) { + StringBuilder stringBuilder = new StringBuilder(); + stringBuilder.append("./elytron-tool.sh"); + + if (command != null) { + stringBuilder.append(" " + command); + } + else { + stringBuilder.append(" [command]"); + } + + if (option != null) { + stringBuilder.append(" " + option); + } + else { + stringBuilder.append(" [options]"); + } + this.sectionTitle = "Usage"; + this.sectionContent = stringBuilder.toString(); + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + formatAndPrintSectionContext(sectionContent); + } +} From 93995758e8ee1a3380e397057b28ef12bf505335 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 29 Aug 2024 11:42:22 -0400 Subject: [PATCH 49/75] [ELY-2799] Release WildFly Elytron 2.5.2.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 1eefb6c1f3f..44d5ea39e3a 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index d4f6c840eda..a8fd1ebebd4 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 0661646ab8b..9cd2b308e2c 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 2ab12bd36ca..1289f95ae0f 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 6cd31e3a957..9fbe39742a7 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 6e48afe2a25..5c3df719c39 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 2243df70dfd..cbeae3cd62f 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index c691385b5e9..6adcc780294 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index a63d8942f3f..62ad32cf2cf 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index a30057a6abc..d2a6c26f6c5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index bafda60cf0b..12c9f8269ba 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 58ce9bfc75e..cc6e38f0966 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index df27ef751ed..29994a024e2 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 50ec88ea27a..8591373d435 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 7c1976839e1..2b9659962ec 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 8f6938ab3fa..1e083353393 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 5be0f3844b4..61bbc03ecf4 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 53f6d726221..81ddc52dc7f 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 6005943ae52..81ced414552 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 98618df9ef8..d966937dc16 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 193f81c319d..303b699b807 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 06370d1c6d3..73af6cddc17 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 3690a681977..4f95f98393b 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 29b5f908d29..a85d5078387 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index e5fe1afd830..124838304fe 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 4cb7fa865c5..3f89343ae99 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 187158d2dee..177cbf5ebfe 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index fdf26ca42f8..c41e7efe829 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 6703cc6e6c7..b61fc5676af 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 0d98cb9cdae..1a192fb0ed7 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index e8e9ae7dfaa..b2afa96dfb8 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 56c9713ff77..5dc26e2e402 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 7844474a2cf..fe46990b1c2 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 92c37b726d3..7aa9ae4c0eb 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index b85827d9283..abfb5e668be 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index e5321b18071..705c3268ab3 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 8ad8fe59a16..7b191e574cd 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 6729d438516..18de685fe28 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index f6d2e42def8..6536e1f5153 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 915c5814f25..53b19a08d7b 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 8603e2d2e7d..ae3c3b76336 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index d8a70b5a869..ac11533f799 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 3d34c66ede4..5b16a8f0b49 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 64a8c725123..270257557a2 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 10ae56f74c3..71c423ea83b 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index e0cd26073b1..37c0d82846d 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 53bc46cdd76..bb2698bc9de 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 24e307ac07c..f5231c6b465 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/pom.xml b/pom.xml index f3fdca5b17d..9132ac4d159 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 7620c98e1ab..23333fec84e 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index c6f5056e9de..6b3fb368505 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 72ffdfcd601..4650c10d9f9 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 7e4a99222d5..5fec010fc08 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 6b090270a67..3b54d9d423b 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index fa455c4aac5..9096b077830 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 8d02e4ee250..31c904d677d 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index e7382a254d1..e00919e13af 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 92a0f0126be..89557a0744d 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index f9404532ffe..6b6a896e878 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index ed2f8cfc933..225c3069056 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 6d5ac6fe7fa..436335dcc9c 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 707ddb548a1..80707d584ca 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index d6ffd8f95a7..55bb5a6fe33 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 95cee45589d..cc688728338 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index f935d139e37..302ae0e0b4e 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 59a5ccff1b9..278f1148fce 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 81bacad327a..c880d73ee58 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 2406ce66298..c6e55a643ae 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index eae2363ffc1..41a75180c71 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 5c4ad863994..c0d3e5758f5 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index c4428245d15..1dae7e0c834 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index b0b912c4974..8de769d66bb 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 11e6eaf787c..b81cc1c8183 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 0a5baf9a738..9f607fed626 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 536305499c0..ae9a99f6a2e 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index f93de8dea27..88bd9738232 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index caf08adca64..6dcb61f8cea 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml From 369233908b0f4f28fcbfd18c7321e5405aaebbb2 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 29 Aug 2024 11:43:11 -0400 Subject: [PATCH 50/75] Next is 2.5.3 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 44d5ea39e3a..d32e1c5e9b1 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index a8fd1ebebd4..5ec36c76f84 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 9cd2b308e2c..ccc48a6e164 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 1289f95ae0f..0065663bcb8 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 9fbe39742a7..43236bc18d6 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 5c3df719c39..8b4ff83135a 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index cbeae3cd62f..aa1220dd8c4 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 6adcc780294..9193e7faeba 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 62ad32cf2cf..e60743f492f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index d2a6c26f6c5..f383afe00a8 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 12c9f8269ba..a000994a7c9 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index cc6e38f0966..fc66a12e511 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 29994a024e2..9269e6cf515 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 8591373d435..af8295c93be 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 2b9659962ec..b4f61ba2b2c 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 1e083353393..c1c32fe439d 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 61bbc03ecf4..0029ab0f026 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 81ddc52dc7f..a7703d47302 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 81ced414552..c9c0586cc57 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index d966937dc16..ebca916a974 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 303b699b807..46f30a4e892 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 73af6cddc17..47633b7b43a 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 4f95f98393b..b05e5d82a3b 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index a85d5078387..b5815c1037f 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 124838304fe..f225ac4367e 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 3f89343ae99..acad9484258 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 177cbf5ebfe..8694401c3af 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index c41e7efe829..0aa29176cbe 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index b61fc5676af..a33ef70519f 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 1a192fb0ed7..2f065d67215 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index b2afa96dfb8..6637658a12b 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 5dc26e2e402..a4ade354696 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index fe46990b1c2..a7e83bd85d2 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 7aa9ae4c0eb..0b388b19dc9 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index abfb5e668be..43ef025c195 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 705c3268ab3..58dcbd4bb03 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 7b191e574cd..c521191e659 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 18de685fe28..c6f6ec47058 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 6536e1f5153..1aeb2229ff7 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 53b19a08d7b..cf0b3a738b7 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index ae3c3b76336..9e1b9a0ddd5 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index ac11533f799..e19dd5d25da 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 5b16a8f0b49..99a7feac7a4 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 270257557a2..43cbaf90d25 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 71c423ea83b..447611b30cc 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 37c0d82846d..1c825d1cd04 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index bb2698bc9de..e2c4ffa4b4a 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index f5231c6b465..ad959fe7327 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 9132ac4d159..5ad20cb88ca 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 23333fec84e..aec357e1f6a 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 6b3fb368505..7e4f7aacff7 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 4650c10d9f9..6840642e603 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 5fec010fc08..4e3cf94e504 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 3b54d9d423b..60c74bd4e6c 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 9096b077830..8757135ad62 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 31c904d677d..75a673a53d8 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index e00919e13af..ca807f73bc4 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 89557a0744d..9a47f463fde 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 6b6a896e878..8439267dd75 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 225c3069056..f059b7f75da 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 436335dcc9c..23948779801 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 80707d584ca..05f8b24236e 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 55bb5a6fe33..cb931c966d7 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index cc688728338..d264605b5fc 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 302ae0e0b4e..a602fa5157d 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 278f1148fce..ca01f34fa0a 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index c880d73ee58..0b1926b1074 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index c6e55a643ae..b09dc85170d 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 41a75180c71..0ac20115571 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index c0d3e5758f5..7ddf47449ce 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1dae7e0c834..ae1be67fb33 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 8de769d66bb..e451eb0108b 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index b81cc1c8183..e207b03edda 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 9f607fed626..8e714784e8f 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index ae9a99f6a2e..530c5ae6586 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 88bd9738232..45851a01a43 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 6dcb61f8cea..3ed4d80fa13 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml From 62634b2f95cb930f9bd8a27e3dde933ae37079c5 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 29 Aug 2024 12:03:26 -0400 Subject: [PATCH 51/75] [ELY-2799] Perform API check against 2.5.2.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index ae1be67fb33..a9f39f0c20b 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.5.1.Final + 2.5.2.Final jar From 6917c625ecd29d50134f805635a97bf1ab1ac9b4 Mon Sep 17 00:00:00 2001 From: Tomas Hofman Date: Mon, 18 Mar 2024 16:21:33 +0100 Subject: [PATCH 52/75] ELY-2731 Use SecureRandom instead of ThreadLocalRandom --- .../impl/BSDUnixDESCryptPasswordImpl.java | 7 ++-- .../security/password/impl/PasswordUtil.java | 21 ++++++++++-- .../impl/ThreadLocalSecureRandom.java | 32 +++++++++++++++++++ .../impl/UnixDESCryptPasswordImpl.java | 5 ++- .../password/impl/PasswordUtilTest.java | 32 +++++++++++++++++++ 5 files changed, 88 insertions(+), 9 deletions(-) create mode 100644 password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java create mode 100644 password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java b/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java index cb918d2ebe6..c7fb6a44b5b 100644 --- a/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java @@ -30,7 +30,6 @@ import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import java.util.Arrays; -import java.util.concurrent.ThreadLocalRandom; import org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword; import org.wildfly.security.password.spec.ClearPasswordSpec; @@ -72,11 +71,11 @@ class BSDUnixDESCryptPasswordImpl extends AbstractPasswordImpl implements BSDUni } BSDUnixDESCryptPasswordImpl(final ClearPasswordSpec passwordSpec) throws InvalidKeySpecException { - this(passwordSpec.getEncodedPassword(), ThreadLocalRandom.current().nextInt() & 0xffffff, DEFAULT_ITERATION_COUNT); + this(passwordSpec.getEncodedPassword(), PasswordUtil.generateRandomSaltInt() & 0xffffff, DEFAULT_ITERATION_COUNT); } BSDUnixDESCryptPasswordImpl(final char[] password, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { - this(password, ThreadLocalRandom.current().nextInt() & 0xffffff, DEFAULT_ITERATION_COUNT, hashCharset); + this(password, PasswordUtil.generateRandomSaltInt() & 0xffffff, DEFAULT_ITERATION_COUNT, hashCharset); } BSDUnixDESCryptPasswordImpl(final char[] password, final IteratedSaltedPasswordAlgorithmSpec spec, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { @@ -84,7 +83,7 @@ class BSDUnixDESCryptPasswordImpl extends AbstractPasswordImpl implements BSDUni } BSDUnixDESCryptPasswordImpl(final char[] password, final IteratedPasswordAlgorithmSpec spec, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { - this(password, ThreadLocalRandom.current().nextInt() & 0xffffff, spec.getIterationCount(), hashCharset); + this(password, PasswordUtil.generateRandomSaltInt() & 0xffffff, spec.getIterationCount(), hashCharset); } BSDUnixDESCryptPasswordImpl(final char[] password, final SaltedPasswordAlgorithmSpec spec, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java b/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java index 21e1f8a58f1..9327f4b5ac0 100644 --- a/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java @@ -17,7 +17,7 @@ */ package org.wildfly.security.password.impl; -import java.util.concurrent.ThreadLocalRandom; +import org.wildfly.common.Assert; /** * Helper utility methods for operations on passwords. @@ -27,6 +27,8 @@ */ final class PasswordUtil { + private static final ThreadLocalSecureRandom THREAD_LOCAL_SECURE_RANDOM = new ThreadLocalSecureRandom(); + /** * Generate a random salt as byte array. * @@ -35,7 +37,22 @@ final class PasswordUtil { */ public static byte[] generateRandomSalt(int saltSize) { byte[] randomSalt = new byte[saltSize]; - ThreadLocalRandom.current().nextBytes(randomSalt); + THREAD_LOCAL_SECURE_RANDOM.get().nextBytes(randomSalt); return randomSalt; } + + /** + * Generate a random salt as int. + * + * @return a byte array representing the random salt + */ + static int generateRandomSaltInt() { + byte[] saltBytes = generateRandomSalt(4); + return convertBytesToInt(saltBytes); + } + + static int convertBytesToInt(byte[] saltBytes) { + Assert.assertTrue(saltBytes.length == 4); + return (saltBytes[0] & 0xff) << 24 | (saltBytes[1] & 0xff) << 16 | (saltBytes[2] & 0xff) << 8 | saltBytes[3] & 0xff; + } } diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java b/password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java new file mode 100644 index 00000000000..5a99da754e8 --- /dev/null +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java @@ -0,0 +1,32 @@ +/* + * JBoss, Home of Professional Open Source + * + * Copyright 2024 Red Hat, Inc. and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.password.impl; + +import java.security.SecureRandom; +import java.util.function.Supplier; + +class ThreadLocalSecureRandom implements Supplier { + final ThreadLocal localInstance = new ThreadLocal<>(); + + public SecureRandom get() { + if (localInstance.get() == null) { + localInstance.set(new SecureRandom()); + } + return localInstance.get(); + } +} diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java b/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java index 00ad94110da..267dfd70200 100644 --- a/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java @@ -31,7 +31,6 @@ import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import java.util.Arrays; -import java.util.concurrent.ThreadLocalRandom; import org.wildfly.security.password.interfaces.UnixDESCryptPassword; import org.wildfly.security.password.spec.ClearPasswordSpec; @@ -68,11 +67,11 @@ class UnixDESCryptPasswordImpl extends AbstractPasswordImpl implements UnixDESCr } UnixDESCryptPasswordImpl(final ClearPasswordSpec spec) throws InvalidKeySpecException, InvalidKeyException { - this((short) (ThreadLocalRandom.current().nextInt() & 0xfff), spec.getEncodedPassword()); + this((short) (PasswordUtil.generateRandomSaltInt() & 0xfff), spec.getEncodedPassword()); } UnixDESCryptPasswordImpl(final char[] passwordChars, final Charset hashCharset) throws InvalidKeyException { - this((short) (ThreadLocalRandom.current().nextInt() & 0xfff), passwordChars, hashCharset); + this((short) (PasswordUtil.generateRandomSaltInt() & 0xfff), passwordChars, hashCharset); } UnixDESCryptPasswordImpl(final char[] passwordChars, SaltedPasswordAlgorithmSpec algorithmSpec, final Charset hashCharset) throws InvalidParameterSpecException, InvalidKeyException { diff --git a/password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java b/password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java new file mode 100644 index 00000000000..ace17e04677 --- /dev/null +++ b/password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java @@ -0,0 +1,32 @@ +/* + * JBoss, Home of Professional Open Source + * + * Copyright 2024 Red Hat, Inc. and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.password.impl; + +import org.junit.Assert; +import org.junit.Test; + +public class PasswordUtilTest { + + @Test + public void testConvertBytesToInt() { + Assert.assertEquals(0, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00})); + Assert.assertEquals(Integer.MAX_VALUE, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff})); + Assert.assertEquals(Integer.MIN_VALUE, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0x80, (byte) 0x00, (byte) 0x00, (byte) 0x00})); + Assert.assertEquals(-1, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff})); + } +} From 421a8002d4dbfb74d4f7e8013b794bc88278955a Mon Sep 17 00:00:00 2001 From: lvydra Date: Wed, 14 Aug 2024 15:36:03 +0200 Subject: [PATCH 53/75] [ELY-2780] Logging in aggregaterealm changes authentication and authorization flow --- .../auth/realm/AggregateSecurityRealm.java | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java index dde13678819..198c5e8331c 100644 --- a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java +++ b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java @@ -79,18 +79,14 @@ public AggregateSecurityRealm(final SecurityRealm authenticationRealm, Function< public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnavailableException { boolean ok = false; final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(evidence); - if (authenticationIdentity.exists()) { - log.tracef("Authentication identity for principal [%s] found.", evidence.getDecodedPrincipal()); - } + log.tracef("Authentication identity for principal [%s] obtained.", evidence.getDecodedPrincipal()); final RealmIdentity[] authorizationIdentities = new RealmIdentity[authorizationRealms.length]; try { for (int i = 0; i < authorizationIdentities.length; i++) { SecurityRealm authorizationRealm = authorizationRealms[i]; authorizationIdentities[i] = (authorizationRealm == authenticationRealm) ? authenticationIdentity : getAuthorizationIdentity(authorizationRealm, evidence, principalTransformer, authenticationIdentity); - if (authorizationIdentities[i].exists()) { - log.tracef("Authorization identity for principal [%s] found.", evidence.getDecodedPrincipal()); - } + log.tracef("Authorization identity for principal [%s] obtained.", evidence.getDecodedPrincipal()); } final Identity identity = new Identity(authenticationIdentity, authorizationIdentities); @@ -111,9 +107,7 @@ public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnava public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException { boolean ok = false; final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(principal); - if (authenticationIdentity.exists()) { - log.tracef("Authentication identity for principal [%s] found.", principal); - } + log.tracef("Authentication identity for principal [%s] obtained.", principal); Principal authorizationPrincipal = principal; if (principalTransformer != null) { authorizationPrincipal = principalTransformer.apply(authorizationPrincipal); @@ -125,9 +119,7 @@ public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUna for (int i = 0; i < authorizationIdentities.length; i++) { SecurityRealm authorizationRealm = authorizationRealms[i]; authorizationIdentities[i] = (authorizationRealm == authenticationRealm) && (principalTransformer == null) ? authenticationIdentity : authorizationRealm.getRealmIdentity(authorizationPrincipal); - if (authorizationIdentities[i].exists()) { - log.tracef("Authorization identity for principal [%s] found.", principal); - } + log.tracef("Authorization identity for principal [%s] obtained.", principal); } final Identity identity = new Identity(authenticationIdentity, authorizationIdentities); From 4e58f8d5cc8c36881c5f26d3101aba2635c3add4 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Tue, 17 Sep 2024 13:14:36 +0100 Subject: [PATCH 54/75] [ELY-2805] Revert "[ELY-2547] Add Elytron Tool option to overwrite CLI script" This reverts commit 7242ebe048d4b5bbe114dd61db3a10b4d4fe2d74. --- .../org/wildfly/security/tool/Command.java | 1 - .../security/tool/ElytronToolMessages.java | 3 - .../tool/FileSystemEncryptRealmCommand.java | 45 +++------- .../tool/FileSystemRealmIntegrityCommand.java | 42 +++------ .../FileSystemEncryptRealmCommandTest.java | 50 ----------- .../FileSystemRealmIntegrityCommandTest.java | 86 ------------------- .../fsRealmAl/a/l/alice-MFWGSY3F.xml | 8 -- 7 files changed, 20 insertions(+), 215 deletions(-) delete mode 100644 tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml diff --git a/tool/src/main/java/org/wildfly/security/tool/Command.java b/tool/src/main/java/org/wildfly/security/tool/Command.java index 4f06b917fe7..4b29a26b881 100644 --- a/tool/src/main/java/org/wildfly/security/tool/Command.java +++ b/tool/src/main/java/org/wildfly/security/tool/Command.java @@ -498,7 +498,6 @@ class Params { static final String SILENT_PARAM = "silent"; static final String STORE_LOCATION_PARAM = "location"; static final String SUMMARY_PARAM = "summary"; - static final String OVERWRITE_SCRIPT_FILE = "overwrite-script-file"; // Other constants static final Pattern BOOLEAN_ARG_REGEX = Pattern.compile("(true|false)", Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE); diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java index 7d4bc482527..4b876d33b25 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java @@ -589,9 +589,6 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Provides a detailed summary of all operations performed, once the command finishes.") String cmdFileSystemRealmSummaryDesc(); - @Message(id = NONE, value = "Whether the cli script file will be overwritten, if attempting to write to an existing file.") - String cmdFileSystemRealmOverwriteCliScriptFileDesc(); - @Message(id = NONE, value = "No users file specified. Please use either --bulk-convert or specify a users file using --users-file ") MissingOptionException missingUsersFile(); diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java index 76a76d95e9d..844332d76de 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java @@ -17,7 +17,6 @@ */ package org.wildfly.security.tool; -import static org.wildfly.security.tool.Params.BOOLEAN_PARAM; import static org.wildfly.security.tool.Params.BULK_CONVERT_PARAM; import static org.wildfly.security.tool.Params.CREATE_CREDENTIAL_STORE_PARAM; import static org.wildfly.security.tool.Params.CREDENTIAL_STORE_LOCATION_PARAM; @@ -39,7 +38,6 @@ import static org.wildfly.security.tool.Params.LINE_SEPARATOR; import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; -import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -178,10 +176,6 @@ class FileSystemEncryptRealmCommand extends Command { option.setArgName(FILE_PARAM); options.addOption(option); - option = new Option("w", OVERWRITE_SCRIPT_FILE, true, ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()); - option.setArgName(BOOLEAN_PARAM); - options.addOption(option); - option = Option.builder().longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()).build(); options.addOption(option); @@ -214,7 +208,6 @@ private static final class Descriptor { private Boolean encoded; private Boolean createCredentialStore; private Boolean populate; - private Boolean overwriteScriptFile; Descriptor() { } @@ -237,7 +230,6 @@ private static final class Descriptor { this.createCredentialStore = descriptor.createCredentialStore; this.secretKeyAlias = descriptor.secretKeyAlias; this.populate = descriptor.populate; - this.overwriteScriptFile = descriptor.overwriteScriptFile; } public Encoding getHashEncoding() { @@ -370,14 +362,6 @@ void setKeyPairAlias(String keyPairAlias) { this.keyPairAlias = keyPairAlias; } - public Boolean getOverwriteScriptFile() { - return overwriteScriptFile; - } - - public void setOverwriteScriptFile(Boolean overwriteScriptFile) { - this.overwriteScriptFile = overwriteScriptFile; - } - void reset() { this.inputRealmLocation = null; this.outputRealmLocation = null; @@ -395,7 +379,6 @@ void reset() { this.encoded = null; this.levels = null; this.populate = null; - this.overwriteScriptFile = null; } } @@ -441,7 +424,6 @@ public void execute(String[] args) throws Exception { String encodedOption = cmdLine.getOptionValue("f"); String bulkConvert = cmdLine.getOptionValue("b"); String populateOption = cmdLine.getOptionValue("p"); - String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvert == null) { if (realmNameOption == null) { @@ -491,9 +473,6 @@ public void execute(String[] args) throws Exception { } else { descriptor.setPopulate(Boolean.valueOf(populateOption)); } - if (overwriteScriptFileOption != null) { - descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); - } if (levelsOption == null) { descriptor.setLevels(DEFAULT_LEVELS); @@ -949,7 +928,6 @@ private void createWildFlyScript() throws Exception { String keyStoreType = descriptor.getKeyStoreType(); char[] password = descriptor.getPassword(); String keyPairAlias = descriptor.getKeyPairAlias(); - Boolean overwriteScript = descriptor.getOverwriteScriptFile(); if (hashCharset == null) { hashCharset = StandardCharsets.UTF_8; @@ -964,20 +942,17 @@ private void createWildFlyScript() throws Exception { Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmLocation, fileSystemRealmName)); - if (overwriteScript == null) { - if (scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; - } - - overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); + if (scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; } + boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { // Generate a random file for the CLI script do { scriptPath = Paths.get(String.format("%s/%s.cli", @@ -1031,7 +1006,7 @@ private void createWildFlyScript() throws Exception { if (overwriteScript) { // Create a new script file, or overwrite the existing one Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); } else { - Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE); + Files.write(scriptPath, scriptLines, StandardOpenOption.APPEND); } counter++; } diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java index 9e9225ba370..33de909669f 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java @@ -39,7 +39,6 @@ import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.NUMBER_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; -import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -161,9 +160,6 @@ public class FileSystemRealmIntegrityCommand extends Command { options.addOption(Option.builder("b").longOpt(BULK_CONVERT_PARAM).desc(ElytronToolMessages.msg.cmdFileSystemRealmIntegrityBulkConvertDesc()) .hasArg().argName(FILE_PARAM) .build()); - options.addOption(Option.builder("w").longOpt(OVERWRITE_SCRIPT_FILE).desc(ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()) - .hasArg().argName(BOOLEAN_PARAM) - .build()); // General options options.addOption(Option.builder("h").longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()) @@ -192,7 +188,6 @@ private static final class Descriptor { private Encoding hashEncoding; private Charset hashCharset; private Boolean encoded; - private Boolean overwriteScriptFile; private Boolean upgradeInPlace; private Boolean missingRequiredValue; @@ -220,7 +215,6 @@ private static final class Descriptor { this.hashEncoding = descriptor.hashEncoding; this.hashCharset = descriptor.hashCharset; this.encoded = descriptor.encoded; - this.overwriteScriptFile = descriptor.overwriteScriptFile; this.upgradeInPlace = descriptor.upgradeInPlace; this.missingRequiredValue = descriptor.missingRequiredValue; @@ -331,9 +325,6 @@ public Boolean getMissingRequiredValue() { public Boolean getRealmUpgraded() { return realmUpgraded; } - public Boolean getOverwriteScriptFile() { - return overwriteScriptFile; - } public void setInputRealmPath(String inputRealmPath) { setInputRealmPath(Paths.get(inputRealmPath).normalize().toAbsolutePath()); @@ -422,9 +413,6 @@ public void setMissingRequiredValue() { public void setRealmUpgraded() { this.realmUpgraded = true; } - public void setOverwriteScriptFile(Boolean overwriteScriptFile) { - this.overwriteScriptFile = overwriteScriptFile; - } void reset(boolean resetMissingValues) { // Required values are set to null if contents are null, or equal "MISSING" @@ -443,7 +431,6 @@ void reset(boolean resetMissingValues) { hashEncoding = null; hashCharset = null; encoded = null; - overwriteScriptFile = null; upgradeInPlace = false; realmUpgraded = false; @@ -492,7 +479,6 @@ public void execute(String[] args) throws Exception { String hashCharsetOption = cmdLine.getOptionValue("u"); String encodedOption = cmdLine.getOptionValue("f"); String bulkConvertOption = cmdLine.getOptionValue("b"); - String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvertOption == null) { if (summaryMode) { @@ -591,10 +577,6 @@ public void execute(String[] args) throws Exception { descriptor.setEncoded(Boolean.parseBoolean(encodedOption)); } - if (overwriteScriptFileOption != null) { - descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); - } - descriptors.add(descriptor); findMissingRequiredValuesAndSetValues(0, descriptor); } else if (nonBulkConvertOptionSet(inputRealmPathOption, outputRealmPathOption, realmNameOption, keyStorePathOption, @@ -973,26 +955,22 @@ private void createWildFlyScript() throws Exception { String fileSystemRealmName = descriptor.getFileSystemRealmName(); Path outputRealmPath = descriptor.getOutputRealmPath(); boolean upgradeInPlace = descriptor.getUpgradeInPlace(); - Boolean overwriteScript = descriptor.getOverwriteScriptFile(); String createScriptCheck = ""; Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmPath, fileSystemRealmName)); - if (overwriteScript == null) { - // Ask to overwrite CLI script, if already exists - if(scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; - } - - overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); + // Ask to overwrite CLI script, if already exists + if(scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; } + boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { do { scriptPath = Paths.get(String.format("%s/%s.cli", diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java index 910f78580f9..32ff3c29f2d 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java @@ -17,8 +17,6 @@ */ package org.wildfly.security.tool; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.ELYTRON_KS_PASS_PROVIDERS; @@ -68,12 +66,6 @@ private void runCommand(String inputLocation, String outputLocation, String file executeCommandAndCheckStatus(requiredArgs, expectedStatus); } - private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, String encoded, boolean create, int expectedStatus, boolean overwriteScriptFile) { - String[] requiredArgs; - requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH, "--overwrite-script-file", String.valueOf(overwriteScriptFile)}; - executeCommandAndCheckStatus(requiredArgs, expectedStatus); - } - private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, int levels, String encoded, boolean create, int expectedStatus) { String[] requiredArgs; requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--levels", String.valueOf(levels), "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH}; @@ -167,48 +159,6 @@ public void testSingleUser() throws Exception { } } - @Test - public void testOverwritingScriptFileTrue() throws Exception { - String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; - String fileSystemRealmName = "overwrite-script-true"; - String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-true.cli"; - - String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); - - assertTrue(fileExists(file)); - File scriptFile = new File(file); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, true); - - Long modifiedAfter = scriptFile.lastModified(); - - assertNotEquals(modifiedBefore, modifiedAfter); - } - - @Test - public void testOverwritingScriptFileFalse() throws Exception { - String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; - String fileSystemRealmName = "overwrite-script-false"; - String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-false.cli"; - - String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); - - assertTrue(fileExists(file)); - File scriptFile = new File(file); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, false); - - Long modifiedAfter = scriptFile.lastModified(); - - assertEquals(modifiedBefore, modifiedAfter); - } - @Test public void testSingleUserMissingParam() throws Exception { String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java index 7db8da89604..2d134d31d7f 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java @@ -17,7 +17,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.GENERAL_CONFIGURATION_ERROR; @@ -37,7 +36,6 @@ import static org.wildfly.security.tool.Params.KEY_PAIR_ALIAS_PARAM; import static org.wildfly.security.tool.Params.LEVELS_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; -import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -118,90 +116,6 @@ public void testSingleUserRealmWithJCEKS() throws IOException { validateScript(params, FS_REALM_SIGNED_PATH.resolve(realmName + ".cli")); } - @Test - public void testScriptFileOverwriteFalse() throws IOException { - String realmName = "scriptOverwriteFalse"; - Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); - String keyStoreType = "JCEKS"; - String keyPairAlias = "curveKeyPair"; - - Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); - String[] firstRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD - }; - - runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); - - File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); - String[] secondRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, - "--" + OVERWRITE_SCRIPT_FILE, "false" - }; - - runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); - - Long modifiedAfter = scriptFile.lastModified(); - - assertEquals(modifiedBefore, modifiedAfter); - } - - @Test - public void testScriptFileOverwriteTrue() throws IOException { - String realmName = "scriptOverwriteTrue"; - Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); - String keyStoreType = "JCEKS"; - String keyPairAlias = "curveKeyPair"; - - Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); - String[] firstRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD - }; - - runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); - - File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); - String[] secondRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, - "--" + OVERWRITE_SCRIPT_FILE, "true" - }; - - runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); - - Long modifiedAfter = scriptFile.lastModified(); - - assertNotEquals(modifiedBefore, modifiedAfter); - } - @Test public void testMultiUserRealmWithSummary() throws IOException { String realmName = "fsRealmMultiUser"; diff --git a/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml b/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml deleted file mode 100644 index 3e94e6776f9..00000000000 --- a/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file From 350e06e20e23e010bb9d1f3f396856383793109f Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 18 Sep 2024 10:39:48 +0100 Subject: [PATCH 55/75] [ELY-2890] Upgrade XNIO to 3.8.16.Final --- pom.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 690b4eb68fc..43bb7a6c5d7 100644 --- a/pom.xml +++ b/pom.xml @@ -101,6 +101,7 @@ 2.3.0 23.0.7 2.7 + 3.8.16.Final INFO @@ -1138,7 +1139,7 @@ org.jboss.xnio xnio-api - 3.8.8.Final + ${version.org.xnio} test From 0855335947734824ab1c46a1a3af145f5e9808eb Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 18 Sep 2024 11:35:54 +0100 Subject: [PATCH 56/75] [ELY-2810] Upgrade com.nimbusds:nimbus-jose-jwt to 9.37.3 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 690b4eb68fc..01d1fdcd2d6 100644 --- a/pom.xml +++ b/pom.xml @@ -85,7 +85,7 @@ 1.34 2.7.1 2.4.9 - 9.31 + 9.37.3 3.8.1 1.0.8.Final 1.0.1.Final From 637dd3383b6f2bc4f0fac1d5a88d1308a3fb350c Mon Sep 17 00:00:00 2001 From: R Searls Date: Tue, 28 May 2024 17:32:56 -0400 Subject: [PATCH 57/75] [ELY-2738] creating X509Certificate using CAGenerationTool. --- dynamic-ssl/pom.xml | 5 + .../dynamic/ssl/DynamicSSLContextTest.java | 8 +- .../dynamic/ssl/DynamicSSLTestUtils.java | 91 +++++++------------ .../ssl/SSLServerSocketTestInstance.java | 2 +- ...ic-ssl-test-without-default-sslcontext.xml | 18 ++-- .../ssl/wildfly-config-dynamic-ssl-test.xml | 24 ++--- 6 files changed, 62 insertions(+), 86 deletions(-) diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index ebca916a974..c7f2ac19546 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -39,6 +39,11 @@ org.wildfly.security wildfly-elytron-client + + org.wildfly.security + wildfly-elytron-tests-common + test-jar + org.kohsuke.metainf-services metainf-services diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java index cd74cba609f..6c4378f34f6 100644 --- a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java @@ -330,7 +330,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep SSLSocketFactory socketFactory = dynamicSSLContext.getSocketFactory(); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10001), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 10001); checkOutputIsOK((SSLSocket) clientSslSocket); @@ -341,7 +341,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep }); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10002), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client2.keystore.jks", RESOURCES + "client2.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client2.keystore.jks", RESOURCES + "client2.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 10002); checkOutputIsOK((SSLSocket) clientSslSocket); @@ -352,7 +352,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep }); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10003), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client3.keystore.jks", RESOURCES + "client3.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client3.keystore.jks", RESOURCES + "client3.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 10003); checkOutputIsOK((SSLSocket) clientSslSocket); @@ -371,7 +371,7 @@ public void testThrowAnExceptionWhenLoop() throws NoSuchAlgorithmException { SSLContext previousDefaultSSLContext = SSLContext.getDefault(); SSLContext.setDefault(dynamicSSLContext); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10000), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 12345); checkOutputIsOK((SSLSocket) clientSslSocket); diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java index 3f73dec2930..1f60cbdc64a 100644 --- a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java @@ -20,8 +20,6 @@ package org.wildfly.security.dynamic.ssl; import org.junit.Assert; -import org.wildfly.security.x500.cert.BasicConstraintsExtension; -import org.wildfly.security.x500.cert.X509CertificateBuilder; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; @@ -33,17 +31,15 @@ import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import org.wildfly.security.ssl.test.util.CAGenerationTool; +import org.wildfly.security.x500.cert.X509CertificateExtension; + /** * Utility class for DynamicSSLContextTest class. * @@ -54,10 +50,9 @@ public class DynamicSSLTestUtils { private static final String CLIENT_ALIAS = "client"; private static final String LOCALHOST_ALIAS = "localhost"; private static final String KEYSTORE_TYPE = "JKS"; - private static final String SHA_1_WITH_RSA = "SHA1withRSA"; private static final String TLS_PROTOCOL_VERSION = "TLSv1.2"; public static final String KEY_MANAGER_FACTORY_ALGORITHM = "SunX509"; - private static char[] PASSWORD = "secret".toCharArray(); + private static char[] PASSWORD = "Elytron".toCharArray(); private static File KEYSTORES_DIR = new File("./target/keystores"); private static String CLIENT1_KEYSTORE_FILENAME = "client1.keystore.jks"; @@ -92,6 +87,7 @@ static SSLContext createSSLContext(String keystorePath, String truststorePath, S KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE); trustStore.load(new FileInputStream(truststorePath), password.toCharArray()); + // Create trust manager TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); trustManagerFactory.init(trustStore); @@ -112,6 +108,7 @@ static void createKeystores() throws KeyStoreException, CertificateException, No if (!KEYSTORES_DIR.exists()) { KEYSTORES_DIR.mkdirs(); } + generateTwoWaySSLKeystoresAndTruststores(CLIENT1_KEYSTORE_FILENAME, SERVER1_KEYSTORE_FILENAME, CLIENT1_TRUSTSTORE_FILENAME, SERVER1_TRUSTSTORE_FILENAME); generateTwoWaySSLKeystoresAndTruststores(CLIENT2_KEYSTORE_FILENAME, SERVER2_KEYSTORE_FILENAME, CLIENT2_TRUSTSTORE_FILENAME, SERVER2_TRUSTSTORE_FILENAME); generateTwoWaySSLKeystoresAndTruststores(CLIENT3_KEYSTORE_FILENAME, SERVER3_KEYSTORE_FILENAME, CLIENT3_TRUSTSTORE_FILENAME, SERVER3_TRUSTSTORE_FILENAME); @@ -120,57 +117,30 @@ static void createKeystores() throws KeyStoreException, CertificateException, No private static void generateTwoWaySSLKeystoresAndTruststores(String clientKeystoreFilename, String serverKeystoreFilename, String clientTruststoreFilename, String serverTruststoreFilename) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - // Generates client certificate and keystore - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - KeyStore clientKeyStore = KeyStore.getInstance(KEYSTORE_TYPE); - clientKeyStore.load(null, null); - - KeyPair clientKeyPair = keyPairGenerator.generateKeyPair(); - PrivateKey signingKey = clientKeyPair.getPrivate(); - PublicKey publicKey = clientKeyPair.getPublic(); - - X500Principal testClient10DN = new X500Principal("CN=" + CLIENT_ALIAS); - X509Certificate clientCertificate = new X509CertificateBuilder() - .setIssuerDn(testClient10DN) - .setSubjectDn(new X500Principal("OU=Elytron")) - .setSignatureAlgorithmName(SHA_1_WITH_RSA) - .setSigningKey(signingKey) - .setPublicKey(publicKey) - .setSerialNumber(new BigInteger("3")) - .addExtension(new BasicConstraintsExtension(false, false, -1)) - .build(); - clientKeyStore.setKeyEntry(CLIENT_ALIAS, signingKey, PASSWORD, new X509Certificate[]{clientCertificate}); - - - // Generates server certificate and keystore - KeyStore serverKeyStore = KeyStore.getInstance(KEYSTORE_TYPE); - serverKeyStore.load(null, null); - - KeyPair serverKeyPair = keyPairGenerator.generateKeyPair(); - PrivateKey serverSigningKey = serverKeyPair.getPrivate(); - PublicKey serverPublicKey = serverKeyPair.getPublic(); - - X500Principal testServer10DN = new X500Principal("CN=" + LOCALHOST_ALIAS); - X509Certificate serverCertificate = new X509CertificateBuilder() - .setIssuerDn(testServer10DN) - .setSubjectDn(new X500Principal("OU=Elytron")) - .setSignatureAlgorithmName(SHA_1_WITH_RSA) - .setSigningKey(serverSigningKey) - .setPublicKey(serverPublicKey) - .setSerialNumber(new BigInteger("4")) - .addExtension(new BasicConstraintsExtension(false, false, -1)) - .build(); - serverKeyStore.setKeyEntry(LOCALHOST_ALIAS, serverSigningKey, PASSWORD, new X509Certificate[]{serverCertificate}); - - File clientKeystoreFile = new File(KEYSTORES_DIR, clientKeystoreFilename); - try (FileOutputStream clientStream = new FileOutputStream(clientKeystoreFile)) { - clientKeyStore.store(clientStream, PASSWORD); + CAGenerationTool caGenerationTool = null; + try { + caGenerationTool = CAGenerationTool.builder() + .setBaseDir(KEYSTORES_DIR.getCanonicalPath()) + .setRequestIdentities(CAGenerationTool.Identity.values()) + .build(); + } catch(Exception e) { + e.printStackTrace(); + Assert.fail(); } - File serverKeystoreFile = new File(KEYSTORES_DIR, serverKeystoreFilename); - try (FileOutputStream serverStream = new FileOutputStream(serverKeystoreFile)) { - serverKeyStore.store(serverStream, PASSWORD); - } + // Generates client certificate + X509Certificate clientCertificate = caGenerationTool.createIdentity(CLIENT_ALIAS, + new X500Principal("OU=Elytron"), + clientKeystoreFilename, + CAGenerationTool.Identity.CA, + new X509CertificateExtension[]{}); + + // Generates server certificate + X509Certificate serverCertificate = caGenerationTool.createIdentity(LOCALHOST_ALIAS, + new X500Principal("OU=Elytron"), + serverKeystoreFilename, + CAGenerationTool.Identity.CA, + new X509CertificateExtension[]{}); // create truststores KeyStore clientTrustStore = KeyStore.getInstance(KEYSTORE_TYPE); @@ -178,8 +148,9 @@ private static void generateTwoWaySSLKeystoresAndTruststores(String clientKeysto KeyStore serverTrustStore = KeyStore.getInstance(KEYSTORE_TYPE); serverTrustStore.load(null, null); - clientTrustStore.setCertificateEntry(LOCALHOST_ALIAS, serverKeyStore.getCertificate(LOCALHOST_ALIAS)); - serverTrustStore.setCertificateEntry(CLIENT_ALIAS, clientKeyStore.getCertificate(CLIENT_ALIAS) ); + + clientTrustStore.setCertificateEntry(LOCALHOST_ALIAS, serverCertificate); + serverTrustStore.setCertificateEntry(CLIENT_ALIAS, clientCertificate); File clientTrustFile = new File(KEYSTORES_DIR, clientTruststoreFilename); try (FileOutputStream clientStream = new FileOutputStream(clientTrustFile)) { diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java index e404fd3e622..b69715f1437 100644 --- a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java @@ -59,7 +59,7 @@ void setConfiguredEnabledCipherSuites(String[] configuredEnabledCipherSuite) { } public void run() { - String password = "secret"; + String password = "Elytron"; SSLContext sslContext = DynamicSSLTestUtils.createSSLContext(this.keystorePath, this.truststorePath, password); try { SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); diff --git a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml index 07bfe16b243..4bfe9365125 100644 --- a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml +++ b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml @@ -22,27 +22,27 @@ - + - + - + - + - + - + @@ -52,7 +52,7 @@ - + @@ -61,7 +61,7 @@ - + @@ -70,7 +70,7 @@ - + diff --git a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml index 5e01db70445..e857cbb9d08 100644 --- a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml +++ b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml @@ -22,38 +22,38 @@ - + - + - + - + - + - + - + - + @@ -63,7 +63,7 @@ - + @@ -72,7 +72,7 @@ - + @@ -81,7 +81,7 @@ - + @@ -90,7 +90,7 @@ - + From 5ecc563e2295cee8663721464652aaf6a1323835 Mon Sep 17 00:00:00 2001 From: R Searls Date: Fri, 21 Jun 2024 12:30:16 -0400 Subject: [PATCH 58/75] [ELY-2770] update javadoc's @link stmt to display fully qualified classname of deprecated classes. --- .../wildfly/security/auth/server/HttpAuthenticationFactory.java | 2 +- .../wildfly/security/auth/server/SaslAuthenticationFactory.java | 2 +- .../auth/server/SecurityIdentityServerMechanismFactory.java | 2 +- .../credential/source/CallbackHandlerCredentialSource.java | 2 +- .../security/credential/source/CommandCredentialSource.java | 2 +- .../credential/source/CredentialStoreCredentialSource.java | 2 +- .../security/credential/source/FactoryCredentialSource.java | 2 +- .../security/credential/source/KeyStoreCredentialSource.java | 2 +- .../credential/source/LocalKerberosCredentialSource.java | 2 +- .../http/util/sso/SingleSignOnServerMechanismFactory.java | 1 + .../main/java/org/wildfly/security/mechanism/MechanismUtil.java | 2 +- .../java/org/wildfly/security/permission/PermissionActions.java | 2 +- .../wildfly/security/sasl/util/UsernamePasswordHashUtil.java | 2 +- .../security/sasl/util/AuthenticationContextSaslClient.java | 2 +- .../sasl/util/AuthenticationContextSaslClientFactory.java | 2 +- .../security/sasl/util/AuthenticationContextSaslServer.java | 2 +- .../sasl/util/AuthenticationContextSaslServerFactory.java | 2 +- .../org/wildfly/security/ssl/X509CRLExtendedTrustManager.java | 2 +- .../wildfly/security/x500/X500AttributePrincipalDecoder.java | 2 +- 19 files changed, 19 insertions(+), 18 deletions(-) diff --git a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java index 403bc2f8696..c07a8a3ed03 100644 --- a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java +++ b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java @@ -46,7 +46,7 @@ * {@link HttpServerAuthenticationMechanismFactory} for obtaining configured mechanisms. * * @author Darran Lofthouse - * @deprecated Use {@link org.wildfly.security.auth.server.http.HttpAuthenticationFactory} instead + * @deprecated Use {@link org.wildfly.security.auth.server.http.HttpAuthenticationFactory org.wildfly.security.auth.server.http.HttpAuthenticationFactory} instead */ @Deprecated public final class HttpAuthenticationFactory extends AbstractMechanismAuthenticationFactory { diff --git a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java index 85636863d9b..e05351e9fcc 100644 --- a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java +++ b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java @@ -48,7 +48,7 @@ * A SASL server factory configuration. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory} instead + * @deprecated Use {@link org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory} instead */ @Deprecated public final class SaslAuthenticationFactory extends AbstractMechanismAuthenticationFactory { diff --git a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java index 430340ec0c1..9f63571f861 100644 --- a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java +++ b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java @@ -41,7 +41,7 @@ * the callback handler is returned instead. * * @author Darran Lofthouse - * @deprecated Use {@link org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory} instead + * @deprecated Use {@link org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory} instead */ @Deprecated class SecurityIdentityServerMechanismFactory implements HttpServerAuthenticationMechanismFactory { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java index 509491c2252..deb676a58e8 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java @@ -37,7 +37,7 @@ * A credential source which is backed by a callback handler. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource} instead */ @Deprecated public final class CallbackHandlerCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java index b5914bda876..2265e3da231 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java @@ -52,7 +52,7 @@ * A credential source which acquires a credential from the command line. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.credential.source.impl.CommandCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.CommandCredentialSource org.wildfly.security.credential.source.impl.CommandCredentialSource} instead */ @Deprecated public final class CommandCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java index 76e35fd81f9..234b0d32d66 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java @@ -37,7 +37,7 @@ * * @author David M. Lloyd * @author Peter Skopek - * @deprecated Use {@link org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource} instead */ @Deprecated public final class CredentialStoreCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java index 3e5944f3673..088ff37a36e 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java @@ -31,7 +31,7 @@ * A credential source which is backed by a credential security factory. * * @author Martin Mazanek - * @deprecated Use {@link org.wildfly.security.credential.source.impl.FactoryCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.FactoryCredentialSource org.wildfly.security.credential.source.impl.FactoryCredentialSource} instead */ @Deprecated public class FactoryCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java index 5b12588b703..40087d618b4 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java @@ -43,7 +43,7 @@ * A credential source which is backed by a key store entry. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.credential.source.impl.KeyStoreCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.KeyStoreCredentialSource org.wildfly.security.credential.source.impl.KeyStoreCredentialSource} instead */ @Deprecated public final class KeyStoreCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java index 11e521dc5ed..c27d20012b0 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java @@ -40,7 +40,7 @@ * * Successful obtaining from cache requires set system property {@code javax.security.auth.useSubjectCredsOnly} to {@code false}. * - * @deprecated Kerberos based authentication mechanism obtains credential himself, see {@link org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource} to use with the new wildfly-elytron-credential-source-impl module + * @deprecated Kerberos based authentication mechanism obtains credential himself, see {@link org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource} to use with the new wildfly-elytron-credential-source-impl module * * @author Jan Kalina */ diff --git a/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java b/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java index 867560e90eb..17dc3309357 100644 --- a/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java +++ b/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java @@ -46,6 +46,7 @@ *

The single sign-one capabilities provided by this factory is based on a HTTP Cookie to track SSO sessions and also an {@link IdentityCache} providing * a storage (eg.: using a shared or distributable cache/map) for these sessions and related data. * + * @deprecated Only inner class SingleSignOnConfiguration is deprecated. * @author Pedro Igor * @author Paul Ferraro */ diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java index c845093aeef..28243d661b5 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java @@ -37,7 +37,7 @@ * * @author David M. Lloyd * - * @deprecated Should not be part of public API. Moved into internal {@link org.wildfly.security.mechanism._private.MechanismUtil}. + * @deprecated Should not be part of public API. Moved into internal {@link org.wildfly.security.mechanism._private.MechanismUtil org.wildfly.security.mechanism._private.MechanismUtil}. */ @Deprecated public final class MechanismUtil { diff --git a/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java b/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java index a45c5fdad88..f4aa390da7c 100644 --- a/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java +++ b/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java @@ -38,7 +38,7 @@ * * @author David M. Lloyd * - * @deprecated Use one of the abstract permission classes like {@link AbstractActionSetPermission} instead. + * @deprecated Use one of the abstract permission classes like {@link org.wildfly.security.permission.AbstractActionSetPermission org.wildfly.security.permission.AbstractActionSetPermission} instead. */ @Deprecated public final class PermissionActions { diff --git a/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java b/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java index aa1a8e43403..d118dfbfb1e 100644 --- a/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java +++ b/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java @@ -34,7 +34,7 @@ * * @author Darran Lofthouse * - * @deprecated Use {@link org.wildfly.security.password.PasswordFactory} instead. + * @deprecated Use {@link org.wildfly.security.password.PasswordFactory org.wildfly.security.password.PasswordFactory} instead. */ @Deprecated public class UsernamePasswordHashUtil { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java index b7f54b4501f..6c98492af3f 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java @@ -28,7 +28,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClient} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClient org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClient} instead. */ @Deprecated public final class AuthenticationContextSaslClient extends AbstractDelegatingSaslClient { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java index 9afa9d31cfb..4b4a4980a2b 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java @@ -33,7 +33,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClientFactory} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClientFactory org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClientFactory} instead. */ @Deprecated public final class AuthenticationContextSaslClientFactory extends AbstractDelegatingSaslClientFactory { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java index 0ad16526b80..9daf5422ac2 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java @@ -29,7 +29,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServer} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServer org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServer} instead. */ @Deprecated public final class AuthenticationContextSaslServer extends AbstractDelegatingSaslServer { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java index 4c567577b51..e3eb37f4972 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java @@ -32,7 +32,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServerFactory} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServerFactory org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServerFactory} instead. */ @Deprecated public final class AuthenticationContextSaslServerFactory extends AbstractDelegatingSaslServerFactory { diff --git a/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java b/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java index 822d19282cd..53042f1305c 100644 --- a/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java +++ b/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java @@ -52,7 +52,7 @@ * Extension to the {@link X509TrustManager} interface to support CRL verification. * * @author Pedro Igor - * @deprecated use {@link X509RevocationTrustManager} instead + * @deprecated use {@link org.wildfly.security.ssl.X509RevocationTrustManager org.wildfly.security.ssl.X509RevocationTrustManager} instead */ @Deprecated public final class X509CRLExtendedTrustManager extends X509ExtendedTrustManager { diff --git a/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java b/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java index e311f0f2a21..13169db15af 100644 --- a/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java +++ b/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java @@ -31,7 +31,7 @@ * A principal decoder which decodes an attribute from an X.500 principal. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.x500.principal.X500AttributePrincipalDecoder} instead + * @deprecated Use {@link org.wildfly.security.x500.principal.X500AttributePrincipalDecoder org.wildfly.security.x500.principal.X500AttributePrincipalDecoder} instead */ @Deprecated public final class X500AttributePrincipalDecoder implements PrincipalDecoder { From c3108206ffdbdc40e6d0f125d7a24d1593c287c2 Mon Sep 17 00:00:00 2001 From: Ken Wills Date: Wed, 18 Sep 2024 16:40:35 -0500 Subject: [PATCH 59/75] [ELY-2455]: Add a "FAQ for New Contributors" section to the CONTRIBUTING.md file (rebased) from pr2091" --- CONTRIBUTING.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b4979fa4e68..5f45d5cc345 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,6 +8,10 @@ Welcome to the WildFly Elytron project! We welcome contributions from the commun - [Good First Issues](#good-first-issues) - [Setting up your Developer Environment](#setting-up-your-developer-environment) - [Contributing Guidelines](#contributing-guidelines) + - [Testing](#testing) + - [Pull Request Process](#pull-request-process) + - [Documentation](#documentation) +- [FAQ for New Contributors](#faq-for-new-contributors) - [Community](#community) @@ -85,8 +89,18 @@ Note: Some tests will fail if `localhost` is not listed first in `/etc/hosts` fi For more information, including details on how WildFly Elytron is integrated in WildFly Core and WildFly, check out our [developer guide](https://wildfly-security.github.io/wildfly-elytron/getting-started-for-developers/). + ## Contributing Guidelines +### Testing +Ensure that your changes are thoroughly tested before submitting a pull request. Follow these testing guidelines: + +- Run the existing unit tests using Maven: `mvn clean test` +- Include new unit tests for your code changes. + +If applicable, provide instructions on how to run integration tests or any additional testing procedures. + +### Pull Request Process When submitting a PR, please keep the following guidelines in mind: 1. In general, it's good practice to squash all of your commits into a single commit. For larger changes, it's ok to have multiple meaningful commits. If you need help with squashing your commits, feel free to ask us how to do this on your pull request. We're more than happy to help! @@ -97,6 +111,13 @@ When submitting a PR, please keep the following guidelines in mind: For an example of a properly formatted PR, take a look at https://github.com/wildfly-security/wildfly-elytron/pull/1532 +### Documentation +Contributors are encouraged to keep documentation up-to-date along with code changes. If your changes impact user-facing features, update the relevant documentation files in directory. +Community documentation can be found in the [wildfly repository](https://github.com/wildfly/wildfly/tree/main/docs) + +## FAQ for New Contributors +Check out our [Frequently Asked Questions](https://fjuma.github.io/wildfly-elytron/blog/frequently-asked-questions-new-contributors/) for New Contributors. + ## Code Reviews All submissions, including submissions by project members, need to be reviewed by at least two WildFly Elytron committers before being merged. @@ -110,4 +131,4 @@ your PR directly against the relevant maintenance branch. Once a fix for a maint merge the maintenance branch to the upstream branch to ensure changes are kept in sync. ## Community -For more information on how to get involved with WildFly Elytron, check out our [community](https://wildfly-security.github.io/wildfly-elytron/community/) page. +For more information on how to get involved with WildFly Elytron, check out our [community](https://wildfly-security.github.io/wildfly-elytron/community/) page. \ No newline at end of file From aefc98af84a5c0c628d64c4df6acdfdc9a72a3db Mon Sep 17 00:00:00 2001 From: lvydra Date: Tue, 13 Aug 2024 11:22:24 +0200 Subject: [PATCH 60/75] [ELY-2704] Missing keystore password does not throw a meaningful exception --- .../org/wildfly/security/auth/client/ElytronXmlParser.java | 3 +++ .../security/auth/client/_private/ElytronMessages.java | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java index 967df3725b8..8a933f4951c 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java @@ -3649,6 +3649,9 @@ protected AbstractLoadingKeyStoreFactory(final ExceptionSupplier expectedClass, Class actualClass); + @LogMessage(level = INFO) + @Message(id = 1138, value = "No Keystore password specified \"%s\"") + void noKeystorePasswordSpecified(Location location); + @Message(id = 1139, value = "Failed to create credential store") ConfigXMLParseException xmlFailedToCreateCredentialStore(@Param Location location, @Cause Throwable cause); From fdca5bc00822ec5b9928bb6e94eccc3eda589693 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 19 Sep 2024 18:33:12 -0400 Subject: [PATCH 61/75] [ELY-2811] Add missing scope to dynamic-ssl pom.xml for wildfly-elytron-tests-common --- dynamic-ssl/pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index c7f2ac19546..54363043586 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -42,6 +42,7 @@ org.wildfly.security wildfly-elytron-tests-common + test test-jar From 05eab9e75121e3688e4764fc944944c395e3047a Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 20 Sep 2024 10:39:16 -0400 Subject: [PATCH 62/75] [ELY-2812] Release WildFly Elytron 2.6.0.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index d32e1c5e9b1..c88f14de20b 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 5ec36c76f84..6e85cbd0a47 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index ccc48a6e164..f6117ce7b28 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 0065663bcb8..f25477b83d3 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 43236bc18d6..10605098904 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 8b4ff83135a..95141b4c996 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index aa1220dd8c4..1e45ae1ec46 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index c2c53ad6aaf..fdd250d317b 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index e60743f492f..d0ebe6813f8 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index f383afe00a8..722784163b5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index a000994a7c9..d585119df82 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index fc66a12e511..2400444bf60 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 9269e6cf515..2778437a1fa 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index af8295c93be..cbd1b26d7a5 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index b4f61ba2b2c..2ac24c7f127 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index c1c32fe439d..4bb4fe9bfc2 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 0029ab0f026..d283c2854c8 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index a7703d47302..287e0d8b7a2 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index c9c0586cc57..224958735cd 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 54363043586..b3f68b05aa0 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 46f30a4e892..a8efcb3afdb 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 47633b7b43a..84a289b8d65 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index b05e5d82a3b..26ef2e5e272 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index b5815c1037f..4263f360e64 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index f225ac4367e..c41848fd85a 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index acad9484258..47b65e349a4 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 8694401c3af..ecd5a64d9c5 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 0aa29176cbe..2d04b96c0ed 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index a33ef70519f..f672b85be2e 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 26ce02f7586..e058fcdf082 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 6637658a12b..2f8aa140e84 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index a4ade354696..c0e5908ec71 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index a7e83bd85d2..e5ca2ba1785 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 0b388b19dc9..88f26e62f3c 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 43ef025c195..50ec4dbe55c 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 58dcbd4bb03..1e1248a5e1a 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index c521191e659..93ee5c46316 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index c6f6ec47058..4af80aa535f 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 1aeb2229ff7..1856a685320 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index cf0b3a738b7..0c95809ffaa 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 9e1b9a0ddd5..1f236a89413 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index e19dd5d25da..5f31670c627 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 99a7feac7a4..de5aa2acb7a 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 43cbaf90d25..736710cfcc6 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 447611b30cc..b863d36aa92 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 1c825d1cd04..1299b607ad1 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index e2c4ffa4b4a..fc9897a67b1 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index ad959fe7327..94b67db2e0d 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 903e772f3f4..5dac88ef116 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index aec357e1f6a..3d743e2db76 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 7e4f7aacff7..897aca60270 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 6840642e603..c63df074b69 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 4e3cf94e504..58764c32c17 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 60c74bd4e6c..0d6c47606c6 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 8757135ad62..f52003c03b3 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 75a673a53d8..08088948855 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index ca807f73bc4..20b308d7f76 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 9a47f463fde..b245c6dc2ea 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 8439267dd75..870b4ed8763 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index f059b7f75da..ffcf944a24a 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 23948779801..b4aa9443f57 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 05f8b24236e..622aec73d2f 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index cb931c966d7..5a981101c5f 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index d264605b5fc..1c0447814cc 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index a602fa5157d..e02d8bc23a1 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index ca01f34fa0a..d3e86219be3 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index b16c213f2da..3e234c8ea07 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 4d456f4fbd3..ae42e13da5f 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 91c490d9b0e..67fa92a9952 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 7ddf47449ce..f5c876a5b4a 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index a9f39f0c20b..dbbca65fae7 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index e451eb0108b..630a39457c5 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index ac8d0abe351..14f814229da 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 8e714784e8f..9999f308bf4 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 595936911d3..f7e83899b11 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 45851a01a43..ac23c243c20 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 3ed4d80fa13..a427d0a56c6 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml From cbe5152c8baf6ff15447cd89a9144af9a434e6bb Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 20 Sep 2024 10:41:03 -0400 Subject: [PATCH 63/75] Next is 2.6.1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index c88f14de20b..fb4be4b879d 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 6e85cbd0a47..70673c851c8 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index f6117ce7b28..764d0639c6e 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index f25477b83d3..88375a5d569 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 10605098904..7011a4cf695 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 95141b4c996..d0092cd639b 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 1e45ae1ec46..27a3cda086a 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index fdd250d317b..e0cb18aa0f5 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index d0ebe6813f8..29a7ec9b566 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 722784163b5..10b865ef5e6 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index d585119df82..cec7657b45d 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 2400444bf60..8bf68a3ed45 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 2778437a1fa..6f39d9fa05e 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index cbd1b26d7a5..1c30ef98cd9 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 2ac24c7f127..2c98ff8943c 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 4bb4fe9bfc2..2c91de751de 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index d283c2854c8..64e2fb398a1 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 287e0d8b7a2..ac6bc803d5c 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 224958735cd..fd791d6cfde 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b3f68b05aa0..0149158d921 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index a8efcb3afdb..de9ed3fea5f 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 84a289b8d65..5fb11808f14 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 26ef2e5e272..382d0f54c79 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 4263f360e64..c7ca60a5060 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index c41848fd85a..669a855053d 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 47b65e349a4..190c1e7adc2 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index ecd5a64d9c5..8f6d77deb59 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 2d04b96c0ed..3951119cd99 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index f672b85be2e..2b72dc32603 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index e058fcdf082..f0a272321fb 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 2f8aa140e84..f44833a344d 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index c0e5908ec71..3db2fc06dc4 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index e5ca2ba1785..ff8fd8a810b 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 88f26e62f3c..3643831549e 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 50ec4dbe55c..4a82a6a3894 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 1e1248a5e1a..ce6101c1ffb 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 93ee5c46316..6ecab3a776c 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 4af80aa535f..4ab364a873b 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 1856a685320..b0b5cc6e8bd 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 0c95809ffaa..c43c374f491 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 1f236a89413..e8b21d9cb63 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 5f31670c627..c9989e73abb 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index de5aa2acb7a..adccd6cda1e 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 736710cfcc6..394a1de641d 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index b863d36aa92..e57683a7787 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 1299b607ad1..bee2afec31a 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index fc9897a67b1..2e71afafcf7 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 94b67db2e0d..de8707d9c43 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 5dac88ef116..1c3d9b88295 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 3d743e2db76..75d25211809 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 897aca60270..187cd392425 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index c63df074b69..b3464240776 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 58764c32c17..c69df220d9f 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 0d6c47606c6..670e9617d71 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index f52003c03b3..9b8ab397d77 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 08088948855..641fc593cb2 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 20b308d7f76..519e17253d6 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index b245c6dc2ea..185464c86c0 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 870b4ed8763..9e8c46f409e 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index ffcf944a24a..4d2dcb70815 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index b4aa9443f57..10585dc67e8 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 622aec73d2f..2ebcf826d96 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 5a981101c5f..ce0d479311a 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 1c0447814cc..6be4f3ec0aa 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index e02d8bc23a1..cfeab877b40 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index d3e86219be3..bf3c3e3ebe1 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 3e234c8ea07..10306ce7191 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index ae42e13da5f..106ac094654 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 67fa92a9952..6cf2c73c159 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index f5c876a5b4a..4ee89f9b23a 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index dbbca65fae7..42aeab43f05 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 630a39457c5..740db174f50 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 14f814229da..c2040a3d5ed 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 9999f308bf4..6af3f479612 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index f7e83899b11..5a548aa9725 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index ac23c243c20..27075a20280 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index a427d0a56c6..341c8a24c22 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml From 197587a8e7dc743e7c61acbe0a9d41c9fcea897a Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 20 Sep 2024 11:00:14 -0400 Subject: [PATCH 64/75] [ELY-2812] Perform API check against 2.6.0.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 42aeab43f05..2bf06d9be43 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.5.2.Final + 2.6.0.Final jar From 16703b4123a9929ec3c00b7099b715d1125337f5 Mon Sep 17 00:00:00 2001 From: Samith Date: Fri, 4 Oct 2024 14:11:13 -0400 Subject: [PATCH 65/75] [ELY-2850] Updated DEREncoder#flush to use isEmpty() instead of size() --- asn1/src/main/java/org/wildfly/security/asn1/DEREncoder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asn1/src/main/java/org/wildfly/security/asn1/DEREncoder.java b/asn1/src/main/java/org/wildfly/security/asn1/DEREncoder.java index 91ee56c1cb3..0ab91bd1253 100644 --- a/asn1/src/main/java/org/wildfly/security/asn1/DEREncoder.java +++ b/asn1/src/main/java/org/wildfly/security/asn1/DEREncoder.java @@ -470,7 +470,7 @@ public void writeEncoded(byte[] encoded) { @Override public void flush() { - while (states.size() != 0) { + while (!states.isEmpty()) { EncoderState lastState = states.peekLast(); if (lastState.getTag() == SEQUENCE_TYPE) { endSequence(); From a251154dd0b4c3d171ebfcdd3ca604c2ee7c83aa Mon Sep 17 00:00:00 2001 From: Samith Date: Fri, 4 Oct 2024 14:35:26 -0400 Subject: [PATCH 66/75] [ELY-2851] Updated ElytronXmlParser#parseLocalKerberos to use isEmpty() instead of size() --- .../java/org/wildfly/security/auth/client/ElytronXmlParser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java index 8a933f4951c..b731c2821b0 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java @@ -3466,7 +3466,7 @@ static CredentialSource parseLocalKerberos(ConfigurationXMLStreamReader reader) default: throw reader.unexpectedAttribute(i); } } - if (mechanismOids.size() == 0) { + if (mechanismOids.isEmpty()) { mechanismOids.add(GSSCredentialSecurityFactory.KERBEROS_V5); mechanismOids.add(GSSCredentialSecurityFactory.SPNEGO); } From 10219b244c06f30fc53025a5e8349c430299f62e Mon Sep 17 00:00:00 2001 From: Akarshi Jain Date: Fri, 4 Oct 2024 15:13:46 -0400 Subject: [PATCH 67/75] return value directly without using a temporary variable --- .../security/auth/realm/AggregateRealmEvidenceTest.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java b/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java index 579e109ec5e..c07245d2b06 100644 --- a/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java +++ b/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java @@ -275,8 +275,7 @@ private static X509Certificate populateCertificateChain() throws Exception { builder.setSignatureAlgorithmName("SHA256withRSA"); builder.setPublicKey(keyPair.getPublic()); - final X509Certificate orderedCertificate = builder.build(); - return orderedCertificate; + return builder.build(); } private Path getRootPath(String path, boolean deleteIfExists) throws Exception { From e6c6d72c6bab5615af0a2594ce01ef8bac37e074 Mon Sep 17 00:00:00 2001 From: Samith Date: Fri, 4 Oct 2024 15:20:27 -0400 Subject: [PATCH 68/75] [ELY-2826] Replaced wildcard imports with specific imports inside OAuth2TokenSecurityRealmTest.java --- .../auth/realm/token/OAuth2TokenSecurityRealmTest.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java b/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java index e2586601e37..720a43b4373 100644 --- a/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java +++ b/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java @@ -44,7 +44,10 @@ import java.util.Arrays; import java.util.function.Function; -import static org.junit.Assert.*; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; /** * @author Pedro Igor From bc877f3f08b56e9df9c0ca572f9a9f0b4be841f1 Mon Sep 17 00:00:00 2001 From: Samith Date: Fri, 4 Oct 2024 15:03:21 -0400 Subject: [PATCH 69/75] [ELY-2827] Replaced wildcard imports with specific imports inside X509CertificateBuilderTest.java --- .../security/x500/cert/X509CertificateBuilderTest.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/x500/cert/base/src/test/java/org/wildfly/security/x500/cert/X509CertificateBuilderTest.java b/x500/cert/base/src/test/java/org/wildfly/security/x500/cert/X509CertificateBuilderTest.java index 741398b254a..d07539aa0e0 100644 --- a/x500/cert/base/src/test/java/org/wildfly/security/x500/cert/X509CertificateBuilderTest.java +++ b/x500/cert/base/src/test/java/org/wildfly/security/x500/cert/X509CertificateBuilderTest.java @@ -18,7 +18,10 @@ package org.wildfly.security.x500.cert; -import static org.junit.Assert.*; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import java.math.BigInteger; import java.security.KeyFactory; From 38541d4195971308090691110434ec9ecc2c9082 Mon Sep 17 00:00:00 2001 From: luisa-ball <159193427+luisa-ball@users.noreply.github.com> Date: Fri, 4 Oct 2024 16:44:49 -0400 Subject: [PATCH 70/75] [ELY-2815] Renamed CA_JKS_LOCATION to CA_PKCS_LOCATION in TLS13AuthenticationTest https://issues.redhat.com/browse/ELY-2815 --- .../org/wildfly/security/ssl/TLS13AuthenticationTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 826916e29ca..c0c7142b2b3 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -65,7 +65,7 @@ public class TLS13AuthenticationTest { private static final String CLIENT_CONFIG = "tls13-authentication-config.xml"; private static final char[] PASSWORD = "Elytron".toCharArray(); - private static final String CA_JKS_LOCATION = "./target/test-classes/pkcs12"; + private static final String CA_PKCS_LOCATION = "./target/test-classes/pkcs12"; private static CAGenerationTool caGenerationTool = null; private static SecurityDomain securityDomain = null; @@ -74,7 +74,7 @@ public class TLS13AuthenticationTest { public static void setUp() throws Exception{ caGenerationTool = CAGenerationTool.builder() - .setBaseDir(CA_JKS_LOCATION) + .setBaseDir(CA_PKCS_LOCATION) .setRequestIdentities(Identity.LADYBIRD, Identity.SCARAB) .build(); From 881d038d1ebeea8c50e544521d25eef42e982c25 Mon Sep 17 00:00:00 2001 From: luisa-ball <159193427+luisa-ball@users.noreply.github.com> Date: Fri, 4 Oct 2024 16:55:03 -0400 Subject: [PATCH 71/75] [ELY-2819] Fix the import order in OAuth2Client.java https://issues.redhat.com/browse/ELY-2819 --- .../security/mechanism/oauth2/OAuth2Client.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java index ec78a73eeaa..4e687cda648 100644 --- a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java +++ b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java @@ -18,6 +18,11 @@ package org.wildfly.security.mechanism.oauth2; +import static org.wildfly.common.Assert.assertTrue; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + import org.wildfly.common.bytes.ByteStringBuilder; import org.wildfly.common.iteration.ByteIterator; import org.wildfly.security.auth.callback.CredentialCallback; @@ -27,11 +32,6 @@ import org.wildfly.security.mechanism.AuthenticationMechanismException; import org.wildfly.security.sasl.util.StringPrep; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.UnsupportedCallbackException; - -import static org.wildfly.common.Assert.assertTrue; - /** * Implementation of the client side of the OAuth2 SASL mechanism. * From b296d458e92da01fbd9e3c3362d3b93c1bc96d63 Mon Sep 17 00:00:00 2001 From: sles4050 Date: Fri, 4 Oct 2024 17:23:52 -0400 Subject: [PATCH 72/75] [ELY-2849] upgrade the commons-io.commons-io dependency from 2.7 to 2.16.1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1c3d9b88295..aa3af819018 100644 --- a/pom.xml +++ b/pom.xml @@ -91,7 +91,7 @@ 1.0.8.Final 1.0.1.Final 1.6.0.Final - 2.7 + 2.16.1 5.4.1 3.0.0 0.9.6 From 8177f8d78c40c1de8c510574b33ad7b00e7267ed Mon Sep 17 00:00:00 2001 From: luisa-ball <159193427+luisa-ball@users.noreply.github.com> Date: Fri, 4 Oct 2024 17:39:01 -0400 Subject: [PATCH 73/75] [ELY-2825] Fix the import order for SetRequestInformationCallbackMechanismFactory.java https://issues.redhat.com/browse/ELY-2825 --- ...etRequestInformationCallbackMechanismFactory.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/http/util/src/main/java/org/wildfly/security/http/util/SetRequestInformationCallbackMechanismFactory.java b/http/util/src/main/java/org/wildfly/security/http/util/SetRequestInformationCallbackMechanismFactory.java index 8252c361280..571442b4abd 100644 --- a/http/util/src/main/java/org/wildfly/security/http/util/SetRequestInformationCallbackMechanismFactory.java +++ b/http/util/src/main/java/org/wildfly/security/http/util/SetRequestInformationCallbackMechanismFactory.java @@ -17,11 +17,7 @@ */ package org.wildfly.security.http.util; -import org.wildfly.security.auth.callback.RequestInformationCallback; -import org.wildfly.security.http.HttpAuthenticationException; -import org.wildfly.security.http.HttpServerAuthenticationMechanism; -import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; -import org.wildfly.security.http.HttpServerRequest; +import static org.wildfly.common.Assert.checkNotNullParam; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -31,7 +27,11 @@ import java.util.Map; import java.util.function.Function; -import static org.wildfly.common.Assert.checkNotNullParam; +import org.wildfly.security.auth.callback.RequestInformationCallback; +import org.wildfly.security.http.HttpAuthenticationException; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; +import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; +import org.wildfly.security.http.HttpServerRequest; /** * A wrapper {@link HttpServerAuthenticationMechanismFactory} that sets the request information using the current authentication request. From 7d36b65dda0a12d8a2020465f1f2fd55d3066f07 Mon Sep 17 00:00:00 2001 From: Sidra Effendi Date: Fri, 4 Oct 2024 18:13:25 -0400 Subject: [PATCH 74/75] Replace wildcard imports with specific imports inside X500PrincipalBuilderTest --- .../org/wildfly/security/x500/X500PrincipalBuilderTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x500/base/src/test/java/org/wildfly/security/x500/X500PrincipalBuilderTest.java b/x500/base/src/test/java/org/wildfly/security/x500/X500PrincipalBuilderTest.java index 1fd04e5449e..afd8f1916c0 100644 --- a/x500/base/src/test/java/org/wildfly/security/x500/X500PrincipalBuilderTest.java +++ b/x500/base/src/test/java/org/wildfly/security/x500/X500PrincipalBuilderTest.java @@ -18,7 +18,7 @@ package org.wildfly.security.x500; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; import java.util.Arrays; From 837fb1a8a4a85f1f42009a8c487f64ff09a08507 Mon Sep 17 00:00:00 2001 From: luisa-ball <159193427+luisa-ball@users.noreply.github.com> Date: Fri, 4 Oct 2024 18:29:29 -0400 Subject: [PATCH 75/75] [ELY-2814] Update UnixSHACryptPasswordImpl to make use of MessageDigest#isEqual to avoid a potential timing attack https://issues.redhat.com/browse/ELY-2814 --- .../security/password/impl/UnixSHACryptPasswordImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/UnixSHACryptPasswordImpl.java b/password/impl/src/main/java/org/wildfly/security/password/impl/UnixSHACryptPasswordImpl.java index 71e51451b04..06c7341363f 100644 --- a/password/impl/src/main/java/org/wildfly/security/password/impl/UnixSHACryptPasswordImpl.java +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/UnixSHACryptPasswordImpl.java @@ -435,7 +435,7 @@ public boolean equals(final Object obj) { return false; } UnixSHACryptPasswordImpl other = (UnixSHACryptPasswordImpl) obj; - return iterationCount == other.iterationCount && algorithm.equals(other.algorithm) && Arrays.equals(hash, other.hash) && Arrays.equals(salt, other.salt); + return iterationCount == other.iterationCount && algorithm.equals(other.algorithm) && MessageDigest.isEqual(hash, other.hash) && MessageDigest.isEqual(salt, other.salt); } private void readObject(ObjectInputStream ignored) throws NotSerializableException {