Skip to content

Commit

Permalink
[161] Upgrade the Security TCK to 3.0.3. This allows passing on Java …
Browse files Browse the repository at this point in the history 
…SE 21. It also required some additional changes to allow for the SSL tests to work that were changed to use SSL in 3.0.1 of the TCK.

Signed-off-by: James R. Perkins <[email protected]>
  • Loading branch information
@jamezp
jamezp committed Jul 16, 2024
1 parent 3a9545a commit 474b34a
Show file tree
Hide file tree
Showing 6 changed files with 106 additions and 96 deletions.
6 changes: 3 additions & 3 deletions security/clean-tck.sh
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#! /bin/bash

TCK_ZIP=jakarta-security-tck-3.0.0.zip
TCK_HOME=security-tck-3.0.0
TCK_VERSION="3.0.2"
TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip
TCK_HOME=security-tck-${TCK_VERSION}
OLD_TCK_HOME=security-tck
ANT_ZIP=apache-ant-1.9.16-bin.zip
ANT_HOME=apache-ant-1.9.16
Expand Down
80 changes: 52 additions & 28 deletions security/run-tck.sh
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
#! /bin/bash

set -e

TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-3.0.0.zip
TCK_ZIP=jakarta-security-tck-3.0.0.zip
TCK_HOME=security-tck-3.0.0
TCK_ROOT=$TCK_HOME/tck
TCK_VERSION="3.0.2"
#TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-${TCK_VERSION}.zip
TCK_URL=https://eclipse.mirror.rafal.ca/security/jakartaee10/staged/eftl/jakarta-security-tck-${TCK_VERSION}.zip
TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip
TCK_HOME=security-tck-${TCK_VERSION}
TCK_ROOT="$(readlink -m ${TCK_HOME}/tck)"
export TCK_ROOT
WILDFLY_HOME=wildfly/target/wildfly
NEW_WILDFLY=servers/new-wildfly
OLD_WILDFLY=servers/old-wildfly
Expand Down Expand Up @@ -59,6 +61,49 @@ while getopts ":v" opt; do
esac
done

##############################################################
# Install and configure the TCK if not previously installed. #
##############################################################

# This must be executed first as CLI needs the files generated below to configure the keystore on the server

if test -f $TCK_ZIP
then
echo "TCK Already Downloaded."
else
echo "Downloading TCK."
curl $TCK_URL -o $TCK_ZIP
fi

if test -d $TCK_HOME
then
echo "TCK Already Configured."
else
echo "Configuring TCK."
unzip ${UNZIP_ARGS} $TCK_ZIP
cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml
xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml
fi

# Recreate the keystore and cert
echo "Recreate the keystore and cert"
DNAME="CN=localhost, OU=jakarta, O=eclipse, L=Unknown, S=Unknown, C=Unknown"
rm -rfv ${TCK_ROOT}/app-openid2/localhost-rsa.jks
rm -rfv ${TCK_ROOT}/app-openid2/tomcat.cert
rm -rfv ${TCK_ROOT}/app-openid3/localhost-rsa.jks
rm -rfv ${TCK_ROOT}/app-openid3/tomcat.cert

keytool -v -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \
-dname "${DNAME}" \
-storepass changeit -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks"

keytool -v -export -alias tomcat -storepass changeit \
-keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" -file "${TCK_ROOT}/app-openid2/tomcat.cert"

# Copy the files to app-openid3
cp -v "${TCK_ROOT}/app-openid2/localhost-rsa.jks" "${TCK_ROOT}/app-openid3/localhost-rsa.jks"
cp -v "${TCK_ROOT}/app-openid2/tomcat.cert" "${TCK_ROOT}/app-openid3/tomcat.cert"

################################################
# Install WildFly if not previously installed. #
################################################
Expand All @@ -81,10 +126,11 @@ else
then
echo "Provisioning WildFly."
pushd wildfly
mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true
mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true -Dfeature.pack.version=32.0.1.Final
popd
fi
fi

# At this point WILDFLY_HOME points to the clean server.

####################################
Expand All @@ -110,28 +156,6 @@ pushd wildfly
mvn ${MVN_ARGS} install -Dwildfly.home=$NEW_WILDFLY -Dprovision.skip=true -Dconfigure.skip=false
popd

##############################################################
# Install and configure the TCK if not previously installed. #
##############################################################

if test -f $TCK_ZIP
then
echo "TCK Already Downloaded."
else
echo "Downloading TCK."
curl $TCK_URL -o $TCK_ZIP
fi

if test -d $TCK_HOME
then
echo "TCK Already Configured."
else
echo "Configuring TCK."
unzip ${UNZIP_ARGS} $TCK_ZIP
cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml
xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml
fi

#######################
# Execute the New TCK #
#######################
Expand Down
3 changes: 2 additions & 1 deletion security/wildfly-mods/arquillian.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
<container qualifier="default" default="true">
<configuration>
<property name="jbossHome">${test.wildfly.home}</property>
<property name="javaVmArguments">${debugJvmArgs}</property>
<!-- The two SSL properties are required until RESTEASY-3515 is fixed and included in WildFly -->
<property name="javaVmArguments">${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.ssl.trustStore=${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 -Djavax.net.ssl.trustStorePassword=changeit</property>
<property name="serverName">wildfly</property>
<property name="host">localhost</property>
</configuration>
Expand Down
73 changes: 13 additions & 60 deletions security/wildfly-mods/profile.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,7 @@
<properties>
<!-- Versions -->
<version.jakarta.servlet>6.0.0</version.jakarta.servlet>
<version.org.jboss.logging>3.4.3.Final</version.org.jboss.logging>
<version.org.jboss.remoting-jmx>3.0.4.Final</version.org.jboss.remoting-jmx>
<version.org.wildfly>31.0.1.Final</version.org.wildfly>
<version.org.wildfly.arquillian>5.0.0.Alpha5</version.org.wildfly.arquillian>
<version.org.wildfly.core>19.0.1.Final</version.org.wildfly.core>
<version.org.wildfly.plugins>2.0.2.Final</version.org.wildfly.plugins>
<version.org.wildfly.arquillian>5.1.0.Beta3</version.org.wildfly.arquillian>

<test.wildfly.home>${project.basedir}/../../../wildfly/target/wildfly</test.wildfly.home>
<debugJvmArgs/>
Expand All @@ -26,64 +21,10 @@
<artifactId>jakarta.servlet-api</artifactId>
<version>${version.jakarta.servlet}</version>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>${version.org.jboss.logging}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jboss.remotingjmx</groupId>
<artifactId>remoting-jmx</artifactId>
<version>${version.org.jboss.remoting-jmx}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.arquillian</groupId>
<artifactId>wildfly-arquillian-common</artifactId>
<version>${version.org.wildfly.arquillian}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.arquillian</groupId>
<artifactId>wildfly-arquillian-container-managed</artifactId>
<version>${version.org.wildfly.arquillian}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-controller-client</artifactId>
<version>${version.org.wildfly.core}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-launcher</artifactId>
<version>${version.org.wildfly.core}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-plugin-core</artifactId>
<version>${version.org.wildfly.plugins}</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand All @@ -103,6 +44,9 @@
<systemPropertyVariables>
<!-- Properties shared with Arquillian -->
<tck_server>${jboss.server.name}</tck_server>
<!-- Needed to configure the SSL for client tests, e.g. @RunAsClient tests -->
<javax.net.ssl.trustStore>${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12</javax.net.ssl.trustStore>
<javax.net.ssl.trustStorePassword>changeit</javax.net.ssl.trustStorePassword>
</systemPropertyVariables>
<!-- Standard client side JPMS settings -->
<argLine>
Expand All @@ -125,6 +69,15 @@
</excludes>
</configuration>
</plugin>
<plugin>
<!-- Skip this plugin as we do it else where -->
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<version>1.7</version>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>

<testResources>
Expand Down
16 changes: 15 additions & 1 deletion security/wildfly/configure-server.cli
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
embed-server --admin-only=true

if (outcome != success) of /subsystem=logging/logger=org.wildfly.security:read-resource
/subsystem=logging/logger=org.wildfly.security:add(level=TRACE)
end-if
Expand All @@ -18,4 +17,19 @@ if (outcome != success) of /subsystem=elytron/policy=jacc:read-resource
end-if
/subsystem=ee:write-attribute(name=global-modules, value=[{name=com.nimbusds.nimbus-jose-jwt}])

# Configure the keystore
if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource
# create the truststore for the client that has the cert from the server's keystore
/subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12)
/subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false)
/subsystem=elytron/key-store=tckTs:store()

# add the truststore to the trust manager
/subsystem=elytron/trust-manager=tckTm:add(key-store=tckTs)

# create the SSL context with the trust manager
/subsystem=elytron/client-ssl-context=tckSsl:add(trust-manager=tckTm)
/subsystem=elytron:write-attribute(name=default-ssl-context, value=tckSsl)
end-if

stop-embedded-server
24 changes: 21 additions & 3 deletions security/wildfly/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@

<properties>
<!-- Versions -->
<version.org.wildfly>31.0.1.Final</version.org.wildfly>
<wildfly.plugin.version>5.0.0.Beta3</wildfly.plugin.version>
<wildfly.plugin.version>5.0.0.Final</wildfly.plugin.version>

<!-- Build Properties -->
<wildfly.home>${project.build.directory}/wildfly</wildfly.home>
Expand All @@ -45,7 +44,8 @@
<!-- Provisioning properties -->
<feature.pack.groupId>org.wildfly</feature.pack.groupId>
<feature.pack.artifactId>wildfly-ee-galleon-pack</feature.pack.artifactId>
<feature.pack.version>${version.org.wildfly}</feature.pack.version>
<!-- Set feature.pack.version from the command line to specify a version other than the latest -->
<feature.pack.version/>

<galleon.fork.embedded>true</galleon.fork.embedded>
<galleon.log.time>true</galleon.log.time>
Expand All @@ -72,6 +72,11 @@
<configuration>
<jboss-home>${wildfly.home}</jboss-home>
<offline>true</offline>
<system-properties>
<!-- Used to resolve the path for the SSL certificate -->
<tck.root>${env.TCK_ROOT}</tck.root>
</system-properties>
<resolve-expressions>true</resolve-expressions>
<scripts>
<script>${project.basedir}/configure-server.cli</script>
</scripts>
Expand Down Expand Up @@ -121,6 +126,19 @@
<version>${feature.pack.version}</version>
</feature-pack>
</feature-packs>
<!-- Including the channel results in use of the latest feature pack -->
<channels>
<channel>
<manifest>
<groupId>org.wildfly.channels</groupId>
<artifactId>wildfly-ee</artifactId>
<!-- The version must be defined here to ensure an explicit channel version
is used if overriding the feature pack version.
-->
<version>${feature.pack.version}</version>
</manifest>
</channel>
</channels>
</configuration>
</execution>
</executions>
Expand Down

0 comments on commit 474b34a

Please sign in to comment.