Skip to content

Commit

Permalink
Merge pull request #162 from jamezp/issue161
Browse files Browse the repository at this point in the history 
Initial commit for upgrading the Jakarta Security TCK.
  • Loading branch information
@bstansberry
bstansberry authored Jul 16, 2024
2 parents 3a9545a + 474b34a commit d7043b8
Show file tree
Hide file tree
Showing 6 changed files with 106 additions and 96 deletions.
6 changes: 3 additions & 3 deletions security/clean-tck.sh
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#! /bin/bash

TCK_ZIP=jakarta-security-tck-3.0.0.zip
TCK_HOME=security-tck-3.0.0
TCK_VERSION="3.0.2"
TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip
TCK_HOME=security-tck-${TCK_VERSION}
OLD_TCK_HOME=security-tck
ANT_ZIP=apache-ant-1.9.16-bin.zip
ANT_HOME=apache-ant-1.9.16
Expand Down
80 changes: 52 additions & 28 deletions security/run-tck.sh
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
#! /bin/bash

set -e

TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-3.0.0.zip
TCK_ZIP=jakarta-security-tck-3.0.0.zip
TCK_HOME=security-tck-3.0.0
TCK_ROOT=$TCK_HOME/tck
TCK_VERSION="3.0.2"
#TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-${TCK_VERSION}.zip
TCK_URL=https://eclipse.mirror.rafal.ca/security/jakartaee10/staged/eftl/jakarta-security-tck-${TCK_VERSION}.zip
TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip
TCK_HOME=security-tck-${TCK_VERSION}
TCK_ROOT="$(readlink -m ${TCK_HOME}/tck)"
export TCK_ROOT
WILDFLY_HOME=wildfly/target/wildfly
NEW_WILDFLY=servers/new-wildfly
OLD_WILDFLY=servers/old-wildfly
Expand Down Expand Up @@ -59,6 +61,49 @@ while getopts ":v" opt; do
esac
done

##############################################################
# Install and configure the TCK if not previously installed. #
##############################################################

# This must be executed first as CLI needs the files generated below to configure the keystore on the server

if test -f $TCK_ZIP
then
echo "TCK Already Downloaded."
else
echo "Downloading TCK."
curl $TCK_URL -o $TCK_ZIP
fi

if test -d $TCK_HOME
then
echo "TCK Already Configured."
else
echo "Configuring TCK."
unzip ${UNZIP_ARGS} $TCK_ZIP
cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml
xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml
fi

# Recreate the keystore and cert
echo "Recreate the keystore and cert"
DNAME="CN=localhost, OU=jakarta, O=eclipse, L=Unknown, S=Unknown, C=Unknown"
rm -rfv ${TCK_ROOT}/app-openid2/localhost-rsa.jks
rm -rfv ${TCK_ROOT}/app-openid2/tomcat.cert
rm -rfv ${TCK_ROOT}/app-openid3/localhost-rsa.jks
rm -rfv ${TCK_ROOT}/app-openid3/tomcat.cert

keytool -v -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \
-dname "${DNAME}" \
-storepass changeit -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks"

keytool -v -export -alias tomcat -storepass changeit \
-keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" -file "${TCK_ROOT}/app-openid2/tomcat.cert"

# Copy the files to app-openid3
cp -v "${TCK_ROOT}/app-openid2/localhost-rsa.jks" "${TCK_ROOT}/app-openid3/localhost-rsa.jks"
cp -v "${TCK_ROOT}/app-openid2/tomcat.cert" "${TCK_ROOT}/app-openid3/tomcat.cert"

################################################
# Install WildFly if not previously installed. #
################################################
Expand All @@ -81,10 +126,11 @@ else
then
echo "Provisioning WildFly."
pushd wildfly
mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true
mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true -Dfeature.pack.version=32.0.1.Final
popd
fi
fi

# At this point WILDFLY_HOME points to the clean server.

####################################
Expand All @@ -110,28 +156,6 @@ pushd wildfly
mvn ${MVN_ARGS} install -Dwildfly.home=$NEW_WILDFLY -Dprovision.skip=true -Dconfigure.skip=false
popd

##############################################################
# Install and configure the TCK if not previously installed. #
##############################################################

if test -f $TCK_ZIP
then
echo "TCK Already Downloaded."
else
echo "Downloading TCK."
curl $TCK_URL -o $TCK_ZIP
fi

if test -d $TCK_HOME
then
echo "TCK Already Configured."
else
echo "Configuring TCK."
unzip ${UNZIP_ARGS} $TCK_ZIP
cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml
xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml
fi

#######################
# Execute the New TCK #
#######################
Expand Down
3 changes: 2 additions & 1 deletion security/wildfly-mods/arquillian.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
<container qualifier="default" default="true">
<configuration>
<property name="jbossHome">${test.wildfly.home}</property>
<property name="javaVmArguments">${debugJvmArgs}</property>
<!-- The two SSL properties are required until RESTEASY-3515 is fixed and included in WildFly -->
<property name="javaVmArguments">${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.ssl.trustStore=${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 -Djavax.net.ssl.trustStorePassword=changeit</property>
<property name="serverName">wildfly</property>
<property name="host">localhost</property>
</configuration>
Expand Down
73 changes: 13 additions & 60 deletions security/wildfly-mods/profile.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,7 @@
<properties>
<!-- Versions -->
<version.jakarta.servlet>6.0.0</version.jakarta.servlet>
<version.org.jboss.logging>3.4.3.Final</version.org.jboss.logging>
<version.org.jboss.remoting-jmx>3.0.4.Final</version.org.jboss.remoting-jmx>
<version.org.wildfly>31.0.1.Final</version.org.wildfly>
<version.org.wildfly.arquillian>5.0.0.Alpha5</version.org.wildfly.arquillian>
<version.org.wildfly.core>19.0.1.Final</version.org.wildfly.core>
<version.org.wildfly.plugins>2.0.2.Final</version.org.wildfly.plugins>
<version.org.wildfly.arquillian>5.1.0.Beta3</version.org.wildfly.arquillian>

<test.wildfly.home>${project.basedir}/../../../wildfly/target/wildfly</test.wildfly.home>
<debugJvmArgs/>
Expand All @@ -26,64 +21,10 @@
<artifactId>jakarta.servlet-api</artifactId>
<version>${version.jakarta.servlet}</version>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>${version.org.jboss.logging}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jboss.remotingjmx</groupId>
<artifactId>remoting-jmx</artifactId>
<version>${version.org.jboss.remoting-jmx}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.arquillian</groupId>
<artifactId>wildfly-arquillian-common</artifactId>
<version>${version.org.wildfly.arquillian}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.arquillian</groupId>
<artifactId>wildfly-arquillian-container-managed</artifactId>
<version>${version.org.wildfly.arquillian}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-controller-client</artifactId>
<version>${version.org.wildfly.core}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-launcher</artifactId>
<version>${version.org.wildfly.core}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-plugin-core</artifactId>
<version>${version.org.wildfly.plugins}</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand All @@ -103,6 +44,9 @@
<systemPropertyVariables>
<!-- Properties shared with Arquillian -->
<tck_server>${jboss.server.name}</tck_server>
<!-- Needed to configure the SSL for client tests, e.g. @RunAsClient tests -->
<javax.net.ssl.trustStore>${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12</javax.net.ssl.trustStore>
<javax.net.ssl.trustStorePassword>changeit</javax.net.ssl.trustStorePassword>
</systemPropertyVariables>
<!-- Standard client side JPMS settings -->
<argLine>
Expand All @@ -125,6 +69,15 @@
</excludes>
</configuration>
</plugin>
<plugin>
<!-- Skip this plugin as we do it else where -->
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<version>1.7</version>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>

<testResources>
Expand Down
16 changes: 15 additions & 1 deletion security/wildfly/configure-server.cli
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
embed-server --admin-only=true

if (outcome != success) of /subsystem=logging/logger=org.wildfly.security:read-resource
/subsystem=logging/logger=org.wildfly.security:add(level=TRACE)
end-if
Expand All @@ -18,4 +17,19 @@ if (outcome != success) of /subsystem=elytron/policy=jacc:read-resource
end-if
/subsystem=ee:write-attribute(name=global-modules, value=[{name=com.nimbusds.nimbus-jose-jwt}])

# Configure the keystore
if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource
# create the truststore for the client that has the cert from the server's keystore
/subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12)
/subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false)
/subsystem=elytron/key-store=tckTs:store()

# add the truststore to the trust manager
/subsystem=elytron/trust-manager=tckTm:add(key-store=tckTs)

# create the SSL context with the trust manager
/subsystem=elytron/client-ssl-context=tckSsl:add(trust-manager=tckTm)
/subsystem=elytron:write-attribute(name=default-ssl-context, value=tckSsl)
end-if

stop-embedded-server
24 changes: 21 additions & 3 deletions security/wildfly/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@

<properties>
<!-- Versions -->
<version.org.wildfly>31.0.1.Final</version.org.wildfly>
<wildfly.plugin.version>5.0.0.Beta3</wildfly.plugin.version>
<wildfly.plugin.version>5.0.0.Final</wildfly.plugin.version>

<!-- Build Properties -->
<wildfly.home>${project.build.directory}/wildfly</wildfly.home>
Expand All @@ -45,7 +44,8 @@
<!-- Provisioning properties -->
<feature.pack.groupId>org.wildfly</feature.pack.groupId>
<feature.pack.artifactId>wildfly-ee-galleon-pack</feature.pack.artifactId>
<feature.pack.version>${version.org.wildfly}</feature.pack.version>
<!-- Set feature.pack.version from the command line to specify a version other than the latest -->
<feature.pack.version/>

<galleon.fork.embedded>true</galleon.fork.embedded>
<galleon.log.time>true</galleon.log.time>
Expand All @@ -72,6 +72,11 @@
<configuration>
<jboss-home>${wildfly.home}</jboss-home>
<offline>true</offline>
<system-properties>
<!-- Used to resolve the path for the SSL certificate -->
<tck.root>${env.TCK_ROOT}</tck.root>
</system-properties>
<resolve-expressions>true</resolve-expressions>
<scripts>
<script>${project.basedir}/configure-server.cli</script>
</scripts>
Expand Down Expand Up @@ -121,6 +126,19 @@
<version>${feature.pack.version}</version>
</feature-pack>
</feature-packs>
<!-- Including the channel results in use of the latest feature pack -->
<channels>
<channel>
<manifest>
<groupId>org.wildfly.channels</groupId>
<artifactId>wildfly-ee</artifactId>
<!-- The version must be defined here to ensure an explicit channel version
is used if overriding the feature pack version.
-->
<version>${feature.pack.version}</version>
</manifest>
</channel>
</channels>
</configuration>
</execution>
</executions>
Expand Down

0 comments on commit d7043b8

Please sign in to comment.