diff --git a/security/clean-tck.sh b/security/clean-tck.sh index c04598b..242edf2 100755 --- a/security/clean-tck.sh +++ b/security/clean-tck.sh @@ -1,7 +1,7 @@ #! /bin/bash - -TCK_ZIP=jakarta-security-tck-3.0.0.zip -TCK_HOME=security-tck-3.0.0 +TCK_VERSION="3.0.2" +TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip +TCK_HOME=security-tck-${TCK_VERSION} OLD_TCK_HOME=security-tck ANT_ZIP=apache-ant-1.9.16-bin.zip ANT_HOME=apache-ant-1.9.16 diff --git a/security/run-tck.sh b/security/run-tck.sh index 70fcacd..a53f2d5 100755 --- a/security/run-tck.sh +++ b/security/run-tck.sh @@ -1,11 +1,13 @@ #! /bin/bash set -e - -TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-3.0.0.zip -TCK_ZIP=jakarta-security-tck-3.0.0.zip -TCK_HOME=security-tck-3.0.0 -TCK_ROOT=$TCK_HOME/tck +TCK_VERSION="3.0.2" +#TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-${TCK_VERSION}.zip +TCK_URL=https://eclipse.mirror.rafal.ca/security/jakartaee10/staged/eftl/jakarta-security-tck-${TCK_VERSION}.zip +TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip +TCK_HOME=security-tck-${TCK_VERSION} +TCK_ROOT="$(readlink -m ${TCK_HOME}/tck)" +export TCK_ROOT WILDFLY_HOME=wildfly/target/wildfly NEW_WILDFLY=servers/new-wildfly OLD_WILDFLY=servers/old-wildfly @@ -59,6 +61,49 @@ while getopts ":v" opt; do esac done +############################################################## +# Install and configure the TCK if not previously installed. # +############################################################## + +# This must be executed first as CLI needs the files generated below to configure the keystore on the server + +if test -f $TCK_ZIP +then + echo "TCK Already Downloaded." +else + echo "Downloading TCK." + curl $TCK_URL -o $TCK_ZIP +fi + +if test -d $TCK_HOME +then + echo "TCK Already Configured." +else + echo "Configuring TCK." + unzip ${UNZIP_ARGS} $TCK_ZIP + cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml + xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml +fi + +# Recreate the keystore and cert +echo "Recreate the keystore and cert" +DNAME="CN=localhost, OU=jakarta, O=eclipse, L=Unknown, S=Unknown, C=Unknown" +rm -rfv ${TCK_ROOT}/app-openid2/localhost-rsa.jks +rm -rfv ${TCK_ROOT}/app-openid2/tomcat.cert +rm -rfv ${TCK_ROOT}/app-openid3/localhost-rsa.jks +rm -rfv ${TCK_ROOT}/app-openid3/tomcat.cert + +keytool -v -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \ + -dname "${DNAME}" \ + -storepass changeit -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" + +keytool -v -export -alias tomcat -storepass changeit \ + -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" -file "${TCK_ROOT}/app-openid2/tomcat.cert" + +# Copy the files to app-openid3 +cp -v "${TCK_ROOT}/app-openid2/localhost-rsa.jks" "${TCK_ROOT}/app-openid3/localhost-rsa.jks" +cp -v "${TCK_ROOT}/app-openid2/tomcat.cert" "${TCK_ROOT}/app-openid3/tomcat.cert" + ################################################ # Install WildFly if not previously installed. # ################################################ @@ -81,10 +126,11 @@ else then echo "Provisioning WildFly." pushd wildfly - mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true + mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true -Dfeature.pack.version=32.0.1.Final popd fi fi + # At this point WILDFLY_HOME points to the clean server. #################################### @@ -110,28 +156,6 @@ pushd wildfly mvn ${MVN_ARGS} install -Dwildfly.home=$NEW_WILDFLY -Dprovision.skip=true -Dconfigure.skip=false popd -############################################################## -# Install and configure the TCK if not previously installed. # -############################################################## - -if test -f $TCK_ZIP -then - echo "TCK Already Downloaded." -else - echo "Downloading TCK." - curl $TCK_URL -o $TCK_ZIP -fi - -if test -d $TCK_HOME -then - echo "TCK Already Configured." -else - echo "Configuring TCK." - unzip ${UNZIP_ARGS} $TCK_ZIP - cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml - xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml -fi - ####################### # Execute the New TCK # ####################### diff --git a/security/wildfly-mods/arquillian.xml b/security/wildfly-mods/arquillian.xml index cc2e5a4..a8515f6 100644 --- a/security/wildfly-mods/arquillian.xml +++ b/security/wildfly-mods/arquillian.xml @@ -6,7 +6,8 @@ ${test.wildfly.home} - ${debugJvmArgs} + + ${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.ssl.trustStore=${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 -Djavax.net.ssl.trustStorePassword=changeit wildfly localhost diff --git a/security/wildfly-mods/profile.xml b/security/wildfly-mods/profile.xml index 014fd1f..f33a3ec 100644 --- a/security/wildfly-mods/profile.xml +++ b/security/wildfly-mods/profile.xml @@ -6,12 +6,7 @@ 6.0.0 - 3.4.3.Final - 3.0.4.Final - 31.0.1.Final - 5.0.0.Alpha5 - 19.0.1.Final - 2.0.2.Final + 5.1.0.Beta3 ${project.basedir}/../../../wildfly/target/wildfly @@ -26,64 +21,10 @@ jakarta.servlet-api ${version.jakarta.servlet} - - org.jboss.logging - jboss-logging - ${version.org.jboss.logging} - - - * - * - - - test - - - org.jboss.remotingjmx - remoting-jmx - ${version.org.jboss.remoting-jmx} - test - - - org.wildfly.arquillian - wildfly-arquillian-common - ${version.org.wildfly.arquillian} - - - * - * - - - test - org.wildfly.arquillian wildfly-arquillian-container-managed ${version.org.wildfly.arquillian} - - - * - * - - - test - - - org.wildfly.core - wildfly-controller-client - ${version.org.wildfly.core} - test - - - org.wildfly.core - wildfly-launcher - ${version.org.wildfly.core} - test - - - org.wildfly.plugins - wildfly-plugin-core - ${version.org.wildfly.plugins} test @@ -103,6 +44,9 @@ ${jboss.server.name} + + ${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 + changeit @@ -125,6 +69,15 @@ + + + org.codehaus.mojo + keytool-maven-plugin + 1.7 + + true + + diff --git a/security/wildfly/configure-server.cli b/security/wildfly/configure-server.cli index f4318f0..2ba26bb 100644 --- a/security/wildfly/configure-server.cli +++ b/security/wildfly/configure-server.cli @@ -1,5 +1,4 @@ embed-server --admin-only=true - if (outcome != success) of /subsystem=logging/logger=org.wildfly.security:read-resource /subsystem=logging/logger=org.wildfly.security:add(level=TRACE) end-if @@ -18,4 +17,19 @@ if (outcome != success) of /subsystem=elytron/policy=jacc:read-resource end-if /subsystem=ee:write-attribute(name=global-modules, value=[{name=com.nimbusds.nimbus-jose-jwt}]) +# Configure the keystore +if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource + # create the truststore for the client that has the cert from the server's keystore + /subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12) + /subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false) + /subsystem=elytron/key-store=tckTs:store() + + # add the truststore to the trust manager + /subsystem=elytron/trust-manager=tckTm:add(key-store=tckTs) + + # create the SSL context with the trust manager + /subsystem=elytron/client-ssl-context=tckSsl:add(trust-manager=tckTm) + /subsystem=elytron:write-attribute(name=default-ssl-context, value=tckSsl) +end-if + stop-embedded-server \ No newline at end of file diff --git a/security/wildfly/pom.xml b/security/wildfly/pom.xml index 9bccd2b..35c8ce0 100644 --- a/security/wildfly/pom.xml +++ b/security/wildfly/pom.xml @@ -33,8 +33,7 @@ - 31.0.1.Final - 5.0.0.Beta3 + 5.0.0.Final ${project.build.directory}/wildfly @@ -45,7 +44,8 @@ org.wildfly wildfly-ee-galleon-pack - ${version.org.wildfly} + + true true @@ -72,6 +72,11 @@ ${wildfly.home} true + + + ${env.TCK_ROOT} + + true @@ -121,6 +126,19 @@ ${feature.pack.version} + + + + + org.wildfly.channels + wildfly-ee + + ${feature.pack.version} + + +