From 474b34a8ef5e312ac4541547b5bfc32719e5942b Mon Sep 17 00:00:00 2001 From: "James R. Perkins" Date: Tue, 9 Jul 2024 11:20:51 -0700 Subject: [PATCH] [161] Upgrade the Security TCK to 3.0.3. This allows passing on Java SE 21. It also required some additional changes to allow for the SSL tests to work that were changed to use SSL in 3.0.1 of the TCK. Signed-off-by: James R. Perkins --- security/clean-tck.sh | 6 +- security/run-tck.sh | 80 +++++++++++++++++---------- security/wildfly-mods/arquillian.xml | 3 +- security/wildfly-mods/profile.xml | 73 +++++------------------- security/wildfly/configure-server.cli | 16 +++++- security/wildfly/pom.xml | 24 +++++++- 6 files changed, 106 insertions(+), 96 deletions(-) diff --git a/security/clean-tck.sh b/security/clean-tck.sh index c04598b..242edf2 100755 --- a/security/clean-tck.sh +++ b/security/clean-tck.sh @@ -1,7 +1,7 @@ #! /bin/bash - -TCK_ZIP=jakarta-security-tck-3.0.0.zip -TCK_HOME=security-tck-3.0.0 +TCK_VERSION="3.0.2" +TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip +TCK_HOME=security-tck-${TCK_VERSION} OLD_TCK_HOME=security-tck ANT_ZIP=apache-ant-1.9.16-bin.zip ANT_HOME=apache-ant-1.9.16 diff --git a/security/run-tck.sh b/security/run-tck.sh index 70fcacd..a53f2d5 100755 --- a/security/run-tck.sh +++ b/security/run-tck.sh @@ -1,11 +1,13 @@ #! /bin/bash set -e - -TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-3.0.0.zip -TCK_ZIP=jakarta-security-tck-3.0.0.zip -TCK_HOME=security-tck-3.0.0 -TCK_ROOT=$TCK_HOME/tck +TCK_VERSION="3.0.2" +#TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-${TCK_VERSION}.zip +TCK_URL=https://eclipse.mirror.rafal.ca/security/jakartaee10/staged/eftl/jakarta-security-tck-${TCK_VERSION}.zip +TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip +TCK_HOME=security-tck-${TCK_VERSION} +TCK_ROOT="$(readlink -m ${TCK_HOME}/tck)" +export TCK_ROOT WILDFLY_HOME=wildfly/target/wildfly NEW_WILDFLY=servers/new-wildfly OLD_WILDFLY=servers/old-wildfly @@ -59,6 +61,49 @@ while getopts ":v" opt; do esac done +############################################################## +# Install and configure the TCK if not previously installed. # +############################################################## + +# This must be executed first as CLI needs the files generated below to configure the keystore on the server + +if test -f $TCK_ZIP +then + echo "TCK Already Downloaded." +else + echo "Downloading TCK." + curl $TCK_URL -o $TCK_ZIP +fi + +if test -d $TCK_HOME +then + echo "TCK Already Configured." +else + echo "Configuring TCK." + unzip ${UNZIP_ARGS} $TCK_ZIP + cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml + xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml +fi + +# Recreate the keystore and cert +echo "Recreate the keystore and cert" +DNAME="CN=localhost, OU=jakarta, O=eclipse, L=Unknown, S=Unknown, C=Unknown" +rm -rfv ${TCK_ROOT}/app-openid2/localhost-rsa.jks +rm -rfv ${TCK_ROOT}/app-openid2/tomcat.cert +rm -rfv ${TCK_ROOT}/app-openid3/localhost-rsa.jks +rm -rfv ${TCK_ROOT}/app-openid3/tomcat.cert + +keytool -v -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \ + -dname "${DNAME}" \ + -storepass changeit -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" + +keytool -v -export -alias tomcat -storepass changeit \ + -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" -file "${TCK_ROOT}/app-openid2/tomcat.cert" + +# Copy the files to app-openid3 +cp -v "${TCK_ROOT}/app-openid2/localhost-rsa.jks" "${TCK_ROOT}/app-openid3/localhost-rsa.jks" +cp -v "${TCK_ROOT}/app-openid2/tomcat.cert" "${TCK_ROOT}/app-openid3/tomcat.cert" + ################################################ # Install WildFly if not previously installed. # ################################################ @@ -81,10 +126,11 @@ else then echo "Provisioning WildFly." pushd wildfly - mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true + mvn ${MVN_ARGS} install -Dprovision.skip=false -Dconfigure.skip=true -Dfeature.pack.version=32.0.1.Final popd fi fi + # At this point WILDFLY_HOME points to the clean server. #################################### @@ -110,28 +156,6 @@ pushd wildfly mvn ${MVN_ARGS} install -Dwildfly.home=$NEW_WILDFLY -Dprovision.skip=true -Dconfigure.skip=false popd -############################################################## -# Install and configure the TCK if not previously installed. # -############################################################## - -if test -f $TCK_ZIP -then - echo "TCK Already Downloaded." -else - echo "Downloading TCK." - curl $TCK_URL -o $TCK_ZIP -fi - -if test -d $TCK_HOME -then - echo "TCK Already Configured." -else - echo "Configuring TCK." - unzip ${UNZIP_ARGS} $TCK_ZIP - cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml - xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml -fi - ####################### # Execute the New TCK # ####################### diff --git a/security/wildfly-mods/arquillian.xml b/security/wildfly-mods/arquillian.xml index cc2e5a4..a8515f6 100644 --- a/security/wildfly-mods/arquillian.xml +++ b/security/wildfly-mods/arquillian.xml @@ -6,7 +6,8 @@ ${test.wildfly.home} - ${debugJvmArgs} + + ${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.ssl.trustStore=${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 -Djavax.net.ssl.trustStorePassword=changeit wildfly localhost diff --git a/security/wildfly-mods/profile.xml b/security/wildfly-mods/profile.xml index 014fd1f..f33a3ec 100644 --- a/security/wildfly-mods/profile.xml +++ b/security/wildfly-mods/profile.xml @@ -6,12 +6,7 @@ 6.0.0 - 3.4.3.Final - 3.0.4.Final - 31.0.1.Final - 5.0.0.Alpha5 - 19.0.1.Final - 2.0.2.Final + 5.1.0.Beta3 ${project.basedir}/../../../wildfly/target/wildfly @@ -26,64 +21,10 @@ jakarta.servlet-api ${version.jakarta.servlet} - - org.jboss.logging - jboss-logging - ${version.org.jboss.logging} - - - * - * - - - test - - - org.jboss.remotingjmx - remoting-jmx - ${version.org.jboss.remoting-jmx} - test - - - org.wildfly.arquillian - wildfly-arquillian-common - ${version.org.wildfly.arquillian} - - - * - * - - - test - org.wildfly.arquillian wildfly-arquillian-container-managed ${version.org.wildfly.arquillian} - - - * - * - - - test - - - org.wildfly.core - wildfly-controller-client - ${version.org.wildfly.core} - test - - - org.wildfly.core - wildfly-launcher - ${version.org.wildfly.core} - test - - - org.wildfly.plugins - wildfly-plugin-core - ${version.org.wildfly.plugins} test @@ -103,6 +44,9 @@ ${jboss.server.name} + + ${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 + changeit @@ -125,6 +69,15 @@ + + + org.codehaus.mojo + keytool-maven-plugin + 1.7 + + true + + diff --git a/security/wildfly/configure-server.cli b/security/wildfly/configure-server.cli index f4318f0..2ba26bb 100644 --- a/security/wildfly/configure-server.cli +++ b/security/wildfly/configure-server.cli @@ -1,5 +1,4 @@ embed-server --admin-only=true - if (outcome != success) of /subsystem=logging/logger=org.wildfly.security:read-resource /subsystem=logging/logger=org.wildfly.security:add(level=TRACE) end-if @@ -18,4 +17,19 @@ if (outcome != success) of /subsystem=elytron/policy=jacc:read-resource end-if /subsystem=ee:write-attribute(name=global-modules, value=[{name=com.nimbusds.nimbus-jose-jwt}]) +# Configure the keystore +if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource + # create the truststore for the client that has the cert from the server's keystore + /subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12) + /subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false) + /subsystem=elytron/key-store=tckTs:store() + + # add the truststore to the trust manager + /subsystem=elytron/trust-manager=tckTm:add(key-store=tckTs) + + # create the SSL context with the trust manager + /subsystem=elytron/client-ssl-context=tckSsl:add(trust-manager=tckTm) + /subsystem=elytron:write-attribute(name=default-ssl-context, value=tckSsl) +end-if + stop-embedded-server \ No newline at end of file diff --git a/security/wildfly/pom.xml b/security/wildfly/pom.xml index 9bccd2b..35c8ce0 100644 --- a/security/wildfly/pom.xml +++ b/security/wildfly/pom.xml @@ -33,8 +33,7 @@ - 31.0.1.Final - 5.0.0.Beta3 + 5.0.0.Final ${project.build.directory}/wildfly @@ -45,7 +44,8 @@ org.wildfly wildfly-ee-galleon-pack - ${version.org.wildfly} + + true true @@ -72,6 +72,11 @@ ${wildfly.home} true + + + ${env.TCK_ROOT} + + true @@ -121,6 +126,19 @@ ${feature.pack.version} + + + + + org.wildfly.channels + wildfly-ee + + ${feature.pack.version} + + +