From c96675ec4daf307f7a61d22e0ca7727471743610 Mon Sep 17 00:00:00 2001 From: "James R. Perkins" Date: Mon, 15 Jul 2024 18:27:08 -0700 Subject: [PATCH] Reduce debug log output. Change to only use a trust-manager for the SSL context. Minor update of the script. Signed-off-by: James R. Perkins --- security/run-tck.sh | 14 +++++++------- security/wildfly-mods/arquillian.xml | 2 +- security/wildfly/configure-server.cli | 20 +++++++++----------- security/wildfly/pom.xml | 8 ++++++++ 4 files changed, 25 insertions(+), 19 deletions(-) diff --git a/security/run-tck.sh b/security/run-tck.sh index 9cf588e..55409af 100755 --- a/security/run-tck.sh +++ b/security/run-tck.sh @@ -87,7 +87,7 @@ fi # Recreate the keystore and cert echo "Recreate the keystore and cert" -DNAME="CN=localhost, OU=jakarta, O=eclipse, L=amsterdam, S=holland, C=nl" +DNAME="CN=localhost, OU=jakarta, O=eclipse, L=Unknown, S=Unknown, C=Unknown" rm -rfv ${TCK_ROOT}/app-openid2/localhost-rsa.jks rm -rfv ${TCK_ROOT}/app-openid2/tomcat.cert rm -rfv ${TCK_ROOT}/app-openid3/localhost-rsa.jks @@ -95,14 +95,14 @@ rm -rfv ${TCK_ROOT}/app-openid3/tomcat.cert keytool -v -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \ -dname "${DNAME}" \ - -storepass changeit -keystore ${TCK_ROOT}/app-openid2/localhost-rsa.jks + -storepass changeit -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" keytool -v -export -alias tomcat -storepass changeit \ - -keystore ${TCK_ROOT}/app-openid2/localhost-rsa.jks -file ${TCK_ROOT}/app-openid2/tomcat.cert + -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" -file "${TCK_ROOT}/app-openid2/tomcat.cert" # Copy the files to app-openid3 -cp -v ${TCK_ROOT}/app-openid2/localhost-rsa.jks ${TCK_ROOT}/app-openid3/localhost-rsa.jks -cp -v ${TCK_ROOT}/app-openid2/tomcat.cert ${TCK_ROOT}/app-openid3/tomcat.cert +cp -v "${TCK_ROOT}/app-openid2/localhost-rsa.jks" "${TCK_ROOT}/app-openid3/localhost-rsa.jks" +cp -v "${TCK_ROOT}/app-openid2/tomcat.cert" "${TCK_ROOT}/app-openid3/tomcat.cert" ################################################ # Install WildFly if not previously installed. # @@ -164,8 +164,8 @@ echo "Executing NEW Jakarta Security TCK." pushd $TCK_ROOT mvn ${MVN_ARGS} clean -pl '!old-tck,!old-tck/build,!old-tck/run' mkdir target -# safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl '!old-tck,!old-tck/build,!old-tck/run' -Dtest.wildfly.home=$NEW_WILDFLY -fae -safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl 'app-openid2' -Dtest.wildfly.home=$NEW_WILDFLY -fae +safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl '!old-tck,!old-tck/build,!old-tck/run' -Dtest.wildfly.home=$NEW_WILDFLY -fae +# safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl 'app-openid2' -Dtest.wildfly.home=$NEW_WILDFLY -fae newTckStatus=${status} popd diff --git a/security/wildfly-mods/arquillian.xml b/security/wildfly-mods/arquillian.xml index dce365f..5b099fc 100644 --- a/security/wildfly-mods/arquillian.xml +++ b/security/wildfly-mods/arquillian.xml @@ -6,7 +6,7 @@ ${test.wildfly.home} - ${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.debug=all + ${debugJvmArgs} -Djboss.https.port=9443 wildfly localhost diff --git a/security/wildfly/configure-server.cli b/security/wildfly/configure-server.cli index 2d4a25a..2b273ab 100644 --- a/security/wildfly/configure-server.cli +++ b/security/wildfly/configure-server.cli @@ -19,20 +19,18 @@ end-if /subsystem=ee:write-attribute(name=global-modules, value=[{name=com.nimbusds.nimbus-jose-jwt}]) # Configure the keystore -if (outcome != success) of /subsystem=elytron/key-store=tckKs:read-resource - /subsystem=elytron/key-store=tckKs:add(path=server.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12) - /subsystem=elytron/key-store=tckKs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false) - /subsystem=elytron/key-store=tckKs:store() +if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource + # create the truststore for the client that has the cert from the server's keystore + /subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12) + /subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false) + /subsystem=elytron/key-store=tckTs:store() - /subsystem=elytron/key-manager=tckKm:add(key-store=tckKs,credential-reference={clear-text=changeit}) - /subsystem=elytron/trust-manager=tckTm:add(key-store=tckKs) + # add the truststore to the trust manager + /subsystem=elytron/trust-manager=tckTm:add(key-store=tckTs) - #/subsystem=elytron/server-ssl-context=tckSsl:add(key-manager=tckKm,protocols=["TLSv1.2"],trust-manager=tckTm,need-client-auth=true) - - /subsystem=elytron/client-ssl-context=tckSsl:add(key-manager=tckKm,trust-manager=tckTm) + # create the SSL context with the trust manager + /subsystem=elytron/client-ssl-context=tckSsl:add(trust-manager=tckTm) /subsystem=elytron:write-attribute(name=default-ssl-context, value=tckSsl) - - /subsystem=elytron/configurable-http-server-mechanism-factory=configuredCert:add(http-server-mechanism-factory=global, properties={org.wildfly.security.http.skip-certificate-verification=true}) end-if stop-embedded-server \ No newline at end of file diff --git a/security/wildfly/pom.xml b/security/wildfly/pom.xml index dc94188..9f12c80 100644 --- a/security/wildfly/pom.xml +++ b/security/wildfly/pom.xml @@ -125,6 +125,14 @@ ${feature.pack.version} + + + + org.wildfly.channels + wildfly-ee + + +