Reduce debug log output. Change to only use a trust-manager for the S…

…SL context. Minor update of the script.

Signed-off-by: James R. Perkins <[email protected]>

security/run-tck.sh

@@ -87,22 +87,22 @@ fi
 
 # Recreate the keystore and cert
 echo "Recreate the keystore and cert"
-DNAME="CN=localhost, OU=jakarta, O=eclipse, L=amsterdam, S=holland, C=nl"
+DNAME="CN=localhost, OU=jakarta, O=eclipse, L=Unknown, S=Unknown, C=Unknown"
 rm -rfv ${TCK_ROOT}/app-openid2/localhost-rsa.jks
 rm -rfv ${TCK_ROOT}/app-openid2/tomcat.cert
 rm -rfv ${TCK_ROOT}/app-openid3/localhost-rsa.jks
 rm -rfv ${TCK_ROOT}/app-openid3/tomcat.cert
 
 keytool -v -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \
     -dname "${DNAME}" \
-    -storepass changeit -keystore ${TCK_ROOT}/app-openid2/localhost-rsa.jks
+    -storepass changeit -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks"
 
 keytool -v -export -alias tomcat -storepass changeit \
-    -keystore ${TCK_ROOT}/app-openid2/localhost-rsa.jks -file ${TCK_ROOT}/app-openid2/tomcat.cert
+    -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" -file "${TCK_ROOT}/app-openid2/tomcat.cert"
 
 # Copy the files to app-openid3
-cp -v ${TCK_ROOT}/app-openid2/localhost-rsa.jks ${TCK_ROOT}/app-openid3/localhost-rsa.jks
-cp -v ${TCK_ROOT}/app-openid2/tomcat.cert ${TCK_ROOT}/app-openid3/tomcat.cert
+cp -v "${TCK_ROOT}/app-openid2/localhost-rsa.jks" "${TCK_ROOT}/app-openid3/localhost-rsa.jks"
+cp -v "${TCK_ROOT}/app-openid2/tomcat.cert" "${TCK_ROOT}/app-openid3/tomcat.cert"
 
 ################################################
 # Install WildFly if not previously installed. #
@@ -164,8 +164,8 @@ echo "Executing NEW Jakarta Security TCK."
 pushd $TCK_ROOT
 mvn ${MVN_ARGS} clean -pl '!old-tck,!old-tck/build,!old-tck/run'
 mkdir target
-# safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl '!old-tck,!old-tck/build,!old-tck/run' -Dtest.wildfly.home=$NEW_WILDFLY -fae
-safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl 'app-openid2' -Dtest.wildfly.home=$NEW_WILDFLY -fae
+safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl '!old-tck,!old-tck/build,!old-tck/run' -Dtest.wildfly.home=$NEW_WILDFLY -fae
+# safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl 'app-openid2' -Dtest.wildfly.home=$NEW_WILDFLY -fae
 newTckStatus=${status}
 popd
 

security/wildfly-mods/arquillian.xml

@@ -6,7 +6,7 @@
     <container qualifier="default" default="true">
         <configuration>
             <property name="jbossHome">${test.wildfly.home}</property>
-            <property name="javaVmArguments">${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.debug=all</property>
+            <property name="javaVmArguments">${debugJvmArgs} -Djboss.https.port=9443</property>
             <property name="serverName">wildfly</property>
             <property name="host">localhost</property>
         </configuration>

security/wildfly/configure-server.cli

@@ -19,20 +19,18 @@ end-if
 /subsystem=ee:write-attribute(name=global-modules, value=[{name=com.nimbusds.nimbus-jose-jwt}])
 
 # Configure the keystore
-if (outcome != success) of /subsystem=elytron/key-store=tckKs:read-resource
-    /subsystem=elytron/key-store=tckKs:add(path=server.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12)
-    /subsystem=elytron/key-store=tckKs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false)
-    /subsystem=elytron/key-store=tckKs:store()
+if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource
+    # create the truststore for the client that has the cert from the server's keystore
+    /subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12)
+    /subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false)
+    /subsystem=elytron/key-store=tckTs:store()
 
-    /subsystem=elytron/key-manager=tckKm:add(key-store=tckKs,credential-reference={clear-text=changeit})
-    /subsystem=elytron/trust-manager=tckTm:add(key-store=tckKs)
+    # add the truststore to the trust manager
+    /subsystem=elytron/trust-manager=tckTm:add(key-store=tckTs)
 
-    #/subsystem=elytron/server-ssl-context=tckSsl:add(key-manager=tckKm,protocols=["TLSv1.2"],trust-manager=tckTm,need-client-auth=true)
-
-    /subsystem=elytron/client-ssl-context=tckSsl:add(key-manager=tckKm,trust-manager=tckTm)
+    # create the SSL context with the trust manager
+    /subsystem=elytron/client-ssl-context=tckSsl:add(trust-manager=tckTm)
     /subsystem=elytron:write-attribute(name=default-ssl-context, value=tckSsl)
-
-    /subsystem=elytron/configurable-http-server-mechanism-factory=configuredCert:add(http-server-mechanism-factory=global, properties={org.wildfly.security.http.skip-certificate-verification=true})
 end-if
 
 stop-embedded-server

security/wildfly/pom.xml

@@ -125,6 +125,14 @@
                                             <version>${feature.pack.version}</version>
                                         </feature-pack>
                                     </feature-packs>
+                                    <channels>
+                                        <channel>
+                                            <manifest>
+                                                <groupId>org.wildfly.channels</groupId>
+                                                <artifactId>wildfly-ee</artifactId>
+                                            </manifest>
+                                        </channel>
+                                    </channels>
                                 </configuration>
                             </execution>
                         </executions>