Skip to content

Commit

Permalink
Merge pull request #1722 from soul2zimate/ELY-2354-1.x
Browse files Browse the repository at this point in the history 
ELY-2354 remove IBM related changes due to unavailable security provi…
  • Loading branch information
@fjuma
fjuma authored May 23, 2023
2 parents 1528be9 + ba223bb commit 2dca6cc
Show file tree
Hide file tree
Showing 11 changed files with 30 additions and 146 deletions.
18 changes: 5 additions & 13 deletions auth/util/src/main/java/org/wildfly/security/auth/util/GSSCredentialSecurityFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,7 @@
@Deprecated
public final class GSSCredentialSecurityFactory implements SecurityFactory<GSSKerberosCredential> {

private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
private static final String KRB5LoginModule = "com.sun.security.auth.module.Krb5LoginModule";
private static final String IBMKRB5LoginModule = "com.ibm.security.auth.module.Krb5LoginModule";
private static final long ONE_SECOND = 1000;

public static final Oid KERBEROS_V5;
Expand Down Expand Up @@ -470,16 +468,10 @@ private Configuration createConfiguration() throws IOException {
}
options.put("principal", principal);

if (IS_IBM) {
options.put("noAddress", "true");
options.put("credsType", (isServer && !obtainKerberosTicket) ? "acceptor" : "both");
if (keyTab != null) options.put("useKeytab", keyTab.toURI().toURL().toString());
} else {
options.put("storeKey", "true");
options.put("useKeyTab", "true");
if (keyTab != null) options.put("keyTab", keyTab.getAbsolutePath());
options.put("isInitiator", (isServer && !obtainKerberosTicket) ? "false" : "true");
}
options.put("storeKey", "true");
options.put("useKeyTab", "true");
if (keyTab != null) options.put("keyTab", keyTab.getAbsolutePath());
options.put("isInitiator", (isServer && !obtainKerberosTicket) ? "false" : "true");

if (this.options != null) {
options.putAll(this.options);
Expand All @@ -488,7 +480,7 @@ private Configuration createConfiguration() throws IOException {
log.tracef("Created LoginContext configuration: %s", options.toString());

final AppConfigurationEntry[] aceArray = new AppConfigurationEntry[] {
new AppConfigurationEntry(IS_IBM ? IBMKRB5LoginModule : KRB5LoginModule, REQUIRED, options)
new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options)
};

return new Configuration() {
Expand Down
19 changes: 5 additions & 14 deletions ...api/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,7 @@
*/
public final class GSSCredentialSecurityFactory implements SecurityFactory<GSSKerberosCredential> {

private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
private static final String KRB5LoginModule = "com.sun.security.auth.module.Krb5LoginModule";
private static final String IBMKRB5LoginModule = "com.ibm.security.auth.module.Krb5LoginModule";
private static final long ONE_SECOND = 1000;

public static final Oid KERBEROS_V5;
Expand Down Expand Up @@ -467,17 +465,10 @@ private Configuration createConfiguration() throws IOException {
options.put("debug", "true");
}
options.put("principal", principal);

if (IS_IBM) {
options.put("noAddress", "true");
options.put("credsType", (isServer && !obtainKerberosTicket) ? "acceptor" : "both");
if (keyTab != null) options.put("useKeytab", keyTab.toURI().toURL().toString());
} else {
options.put("storeKey", "true");
options.put("useKeyTab", "true");
if (keyTab != null) options.put("keyTab", keyTab.getAbsolutePath());
options.put("isInitiator", (isServer && !obtainKerberosTicket) ? "false" : "true");
}
options.put("storeKey", "true");
options.put("useKeyTab", "true");
if (keyTab != null) options.put("keyTab", keyTab.getAbsolutePath());
options.put("isInitiator", (isServer && !obtainKerberosTicket) ? "false" : "true");

if (this.options != null) {
options.putAll(this.options);
Expand All @@ -486,7 +477,7 @@ private Configuration createConfiguration() throws IOException {
log.tracef("Created LoginContext configuration: %s", options.toString());

final AppConfigurationEntry[] aceArray = new AppConfigurationEntry[] {
new AppConfigurationEntry(IS_IBM ? IBMKRB5LoginModule : KRB5LoginModule, REQUIRED, options)
new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options)
};

return new Configuration() {
Expand Down
3 changes: 1 addition & 2 deletions ...e/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@
*/

public class MaskedPasswordSSLAuthenticationTest {
private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
private static final char[] PASSWORD = "Elytron".toCharArray();
private static final String JKS_LOCATION = "./target/test-classes/jks";

Expand All @@ -85,7 +84,7 @@ public class MaskedPasswordSSLAuthenticationTest {
* @return the initialised key manager.
*/
private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(IS_IBM ? "IbmX509" : "SunX509");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(createKeyStore(keystorePath), PASSWORD);

for (KeyManager current : keyManagerFactory.getKeyManagers()) {
Expand Down
33 changes: 9 additions & 24 deletions tests/base/src/test/java/org/wildfly/security/sasl/gssapi/JaasUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,6 @@ public class JaasUtil {

private static Logger log = Logger.getLogger(JaasUtil.class);

private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");

public static Subject loginClient() throws LoginException {
log.debug("loginClient");
return login("jduke", "theduke".toCharArray(), false, null);
Expand Down Expand Up @@ -87,15 +85,9 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
options.put("debug", "true");
options.put("refreshKrb5Config", "true");

if (IS_IBM) {
options.put("noAddress", "true");
options.put("credsType", server ? "acceptor" : "initiator");
entries[0] = new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule", REQUIRED, options);
} else {
options.put("storeKey", "true");
options.put("isInitiator", server ? "false" : "true");
entries[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", REQUIRED, options);
}
options.put("storeKey", "true");
options.put("isInitiator", server ? "false" : "true");
entries[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", REQUIRED, options);

return entries;
}
Expand All @@ -118,19 +110,12 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
options.put("refreshKrb5Config", "true");
options.put("principal", principal);

if (IS_IBM) {
options.put("useKeytab", keyTabFile);
options.put("noAddress", "true");
options.put("credsType", "acceptor");
entries[0] = new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule", REQUIRED, options);
} else {
options.put("useKeyTab", "true");
options.put("keyTab", keyTabFile);
options.put("doNotPrompt", "true");
options.put("storeKey", "true");
options.put("isInitiator", "false");
entries[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", REQUIRED, options);
}
options.put("useKeyTab", "true");
options.put("keyTab", keyTabFile);
options.put("doNotPrompt", "true");
options.put("storeKey", "true");
options.put("isInitiator", "false");
entries[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", REQUIRED, options);

return entries;
}
Expand Down
3 changes: 1 addition & 2 deletions tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,6 @@
// has dependency on wildfly-elytron-client, wildfly-elytron-x500-cert, wildfly-elytron-realm, wildly-elytron-x500-deprecated
public class SSLAuthenticationTest {

private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
private static final int OCSP_PORT = 4854;
private final int TESTING_PORT = 18201;
private static final char[] PASSWORD = "Elytron".toCharArray();
Expand Down Expand Up @@ -132,7 +131,7 @@ public class SSLAuthenticationTest {
* @return the initialised key manager.
*/
private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(IS_IBM ? "IbmX509" : "SunX509");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(createKeyStore(keystorePath), PASSWORD);

for (KeyManager current : keyManagerFactory.getKeyManagers()) {
Expand Down
29 changes: 5 additions & 24 deletions tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@
import javax.security.auth.x500.X500Principal;

import org.junit.AfterClass;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.WildFlyElytronProvider;
Expand All @@ -89,7 +88,6 @@
*/
public class SSLv2HelloAuthenticationTest {

private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
private static final char[] PASSWORD = "Elytron".toCharArray();
private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks";
private static File ladybirdFile = null;
Expand Down Expand Up @@ -158,11 +156,6 @@ public static void cleanUp(){
*/
@Test
public void testOneWaySSLv2HelloProtocolMatch() throws Exception {

Assume.assumeFalse("Skipping testTwoWaySSlv2HelloProtocolMatch test " +
"as IBM JDK does not support SSLv2Hello on the " +
"client side", IS_IBM);

ArrayList<Protocol> list = new ArrayList<>();
list.add(Protocol.forName("SSLv2Hello"));
list.add(Protocol.forName("TLSv1"));
Expand All @@ -188,11 +181,6 @@ public void testOneWaySSLv2HelloProtocolMatch() throws Exception {
*/
@Test
public void testTwoWaySSLv2HelloProtocolMatch() throws Exception {

Assume.assumeFalse("Skipping testTwoWaySSlv2HelloProtocolMatch test " +
"as IBM JDK does not support SSLv2Hello on the " +
"client side", IS_IBM);

List<Protocol> list = new ArrayList<>();
list.add(Protocol.forName("SSLv2Hello"));
list.add(Protocol.forName("TLSv1"));
Expand Down Expand Up @@ -231,7 +219,7 @@ public void testTwoWaySSLv2HelloNotEnabled() throws Exception {
.setNeedClientAuth(true)
.build().create();

String[] enabledProtocols = IS_IBM ? new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"} : new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] enabledProtocols = new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};

SecurityIdentity identity = performConnectionTest(serverContext,
"protocol://two-way-no-sslv2hello.org",
Expand Down Expand Up @@ -261,10 +249,8 @@ public void testTwoWaySSLv2HelloNoClientSupport() throws Exception {
.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list)))
.build().create();

// For IBM JDK, although the server accepts SSLv2Hello messages, it will not display it in its list
// of enabled protocols.
String[] enabledServerProtocols = IS_IBM ? new String[]{"TLSv1"} : new String[]{"SSLv2Hello", "TLSv1"} ;
String[] enabledClientProtocols = IS_IBM ? new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}: new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; // default protocols enabled
String[] enabledServerProtocols = new String[]{"SSLv2Hello", "TLSv1"};
String[] enabledClientProtocols = new String[]{"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"}; // default protocols enabled

SecurityIdentity identity = performConnectionTest(serverContext,
"protocol://two-way-no-sslv2hello.org",
Expand All @@ -282,11 +268,6 @@ public void testTwoWaySSLv2HelloNoClientSupport() throws Exception {
*/
@Test
public void testTwoWaySSlv2HelloNoServerSupport() throws Exception {

Assume.assumeFalse("Skipping testTwoWaySSLv2HelloNoServerSupport test " +
"as IBM JDK does not support SSLv2Hello on the " +
"client side", IS_IBM);

List<Protocol> list = new ArrayList<>();
list.add(Protocol.forName("TLSv1.1"));

Expand Down Expand Up @@ -375,7 +356,7 @@ private SecurityIdentity performConnectionTest(SSLContext serverContext, String
* @return the initialised key manager.
*/
private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(IS_IBM ? "IbmX509" : "SunX509");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(loadKeyStore(keystorePath), PASSWORD);

for (KeyManager current : keyManagerFactory.getKeyManagers()) {
Expand All @@ -394,7 +375,7 @@ private static X509ExtendedKeyManager getKeyManager(final String keystorePath) t
* @throws KeyStoreException
*/
private static X509TrustManager getCATrustManager() throws Exception {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(IS_IBM ? "IbmX509" : "SunX509");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(loadKeyStore("/ca/jks/ca.truststore"));

for (TrustManager current : trustManagerFactory.getTrustManagers()) {
Expand Down
5 changes: 2 additions & 3 deletions tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@
*/
public class TLS13AuthenticationTest {

private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
private static final char[] PASSWORD = "Elytron".toCharArray();
private static final String CA_JKS_LOCATION = "./target/test-classes/jks";

Expand Down Expand Up @@ -252,7 +251,7 @@ private SecurityIdentity performConnectionTest(SSLContext serverContext, String
* @return the initialised key manager.
*/
private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(IS_IBM ? "IbmX509" : "SunX509");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(loadKeyStore(keystorePath), PASSWORD);

for (KeyManager current : keyManagerFactory.getKeyManagers()) {
Expand All @@ -271,7 +270,7 @@ private static X509ExtendedKeyManager getKeyManager(final String keystorePath) t
* @throws KeyStoreException
*/
private static X509TrustManager getCATrustManager() throws Exception {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(IS_IBM ? "IbmX509" : "SunX509");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(loadKeyStore("/jks/ca.truststore"));

for (TrustManager current : trustManagerFactory.getTrustManagers()) {
Expand Down
6 changes: 0 additions & 6 deletions tool/src/test/java/org/wildfly/security/tool/CredentialStoreCommandTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@
* @author Hynek Švábek <[email protected]>
*/
public class CredentialStoreCommandTest extends AbstractCommandTest {
private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
public static final String RSA_ALGORITHM = "RSA";
public static final String DSA_ALGORITHM = "DSA";
public static final String EC_ALGORITHM = "EC";
Expand Down Expand Up @@ -357,7 +356,6 @@ public void testGenerateKeyPairDSA() throws CredentialStoreException {

@Test
public void testGenerateKeyPairECDSA() throws CredentialStoreException {
Assume.assumeFalse(IS_IBM); //Don't run if using IBM JDK https://issues.redhat.com/browse/ELY-2214
String storageLocation = getStoragePathForNewFile();
String storagePassword = "cspassword";
String aliasName = "testalias";
Expand Down Expand Up @@ -395,7 +393,6 @@ public void testExportPublicKey() {

@Test
public void testImportOpenSSHKeyPairFromFile() throws CredentialStoreException {
Assume.assumeFalse(IS_IBM); //Don't run if using IBM JDK https://issues.redhat.com/browse/ELY-2214
String storageLocation = getStoragePathForNewFile();
String storagePassword = "cspassword";
String aliasName = "testalias";
Expand All @@ -417,7 +414,6 @@ public void testImportOpenSSHKeyPairFromFile() throws CredentialStoreException {
}
@Test
public void testImportPKCSKeyPairFromFile() throws CredentialStoreException {
Assume.assumeFalse(IS_IBM); //Don't run if using IBM JDK https://issues.redhat.com/browse/ELY-2214
String storageLocation = getStoragePathForNewFile();
String storagePassword = "cspassword";
String aliasName = "testalias";
Expand All @@ -442,7 +438,6 @@ public void testImportPKCSKeyPairFromFile() throws CredentialStoreException {

@Test
public void testImportOpenSSHKeyPairFromString() throws CredentialStoreException {
Assume.assumeFalse(IS_IBM); //Don't run if using IBM JDK https://issues.redhat.com/browse/ELY-2214
String storageLocation = getStoragePathForNewFile();
String storagePassword = "cspassword";
String aliasName = "testalias";
Expand Down Expand Up @@ -473,7 +468,6 @@ public void testImportOpenSSHKeyPairFromString() throws CredentialStoreException

@Test
public void testImportPKCSKeyPairFromString() throws CredentialStoreException {
Assume.assumeFalse(IS_IBM); //Don't run if using IBM JDK https://issues.redhat.com/browse/ELY-2214
String storageLocation = getStoragePathForNewFile();
String storagePassword = "cspassword";
String aliasName = "testalias";
Expand Down
Loading

0 comments on commit 2dca6cc

Please sign in to comment.