Pull request162

security/clean-tck.sh

@@ -1,7 +1,7 @@
 #! /bin/bash
-
-TCK_ZIP=jakarta-security-tck-3.0.0.zip
-TCK_HOME=security-tck-3.0.0
+TCK_VERSION="3.0.2"
+TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip
+TCK_HOME=security-tck-${TCK_VERSION}
 OLD_TCK_HOME=security-tck
 ANT_ZIP=apache-ant-1.9.16-bin.zip
 ANT_HOME=apache-ant-1.9.16

security/run-tck.sh

@@ -1,11 +1,13 @@
 #! /bin/bash
 
 set -e
-
-TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-3.0.0.zip
-TCK_ZIP=jakarta-security-tck-3.0.0.zip
-TCK_HOME=security-tck-3.0.0
-TCK_ROOT=$TCK_HOME/tck
+TCK_VERSION="3.0.2"
+#TCK_URL=https://download.eclipse.org/jakartaee/security/3.0/jakarta-security-tck-${TCK_VERSION}.zip
+TCK_URL=https://eclipse.mirror.rafal.ca/security/jakartaee10/staged/eftl/jakarta-security-tck-${TCK_VERSION}.zip
+TCK_ZIP=jakarta-security-tck-${TCK_VERSION}.zip
+TCK_HOME=security-tck-${TCK_VERSION}
+TCK_ROOT="$(readlink -m ${TCK_HOME}/tck)"
+export TCK_ROOT
 WILDFLY_HOME=wildfly/target/wildfly
 NEW_WILDFLY=servers/new-wildfly
 OLD_WILDFLY=servers/old-wildfly
@@ -59,6 +61,49 @@ while getopts ":v" opt; do
     esac
 done
 
+##############################################################
+# Install and configure the TCK if not previously installed. #
+##############################################################
+
+# This must be executed first as CLI needs the files generated below to configure the keystore on the server
+
+if test -f $TCK_ZIP
+then
+    echo "TCK Already Downloaded."
+else
+    echo "Downloading TCK."
+    curl $TCK_URL -o $TCK_ZIP
+fi
+
+if test -d $TCK_HOME
+then
+    echo "TCK Already Configured."
+else
+    echo "Configuring TCK."
+    unzip ${UNZIP_ARGS} $TCK_ZIP
+    cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml
+    xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml
+fi
+
+# Recreate the keystore and cert
+echo "Recreate the keystore and cert"
+DNAME="CN=localhost, OU=jakarta, O=eclipse, L=Unknown, S=Unknown, C=Unknown"
+rm -rfv ${TCK_ROOT}/app-openid2/localhost-rsa.jks
+rm -rfv ${TCK_ROOT}/app-openid2/tomcat.cert
+rm -rfv ${TCK_ROOT}/app-openid3/localhost-rsa.jks
+rm -rfv ${TCK_ROOT}/app-openid3/tomcat.cert
+
+keytool -v -genkeypair -alias tomcat -keyalg RSA -keysize 2048 \
+    -dname "${DNAME}" \
+    -storepass changeit -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks"
+
+keytool -v -export -alias tomcat -storepass changeit \
+    -keystore "${TCK_ROOT}/app-openid2/localhost-rsa.jks" -file "${TCK_ROOT}/app-openid2/tomcat.cert"
+
+# Copy the files to app-openid3
+cp -v "${TCK_ROOT}/app-openid2/localhost-rsa.jks" "${TCK_ROOT}/app-openid3/localhost-rsa.jks"
+cp -v "${TCK_ROOT}/app-openid2/tomcat.cert" "${TCK_ROOT}/app-openid3/tomcat.cert"
+
 ################################################
 # Install WildFly if not previously installed. #
 ################################################
@@ -85,6 +130,7 @@ else
         popd
     fi
 fi
+
 # At this point WILDFLY_HOME points to the clean server.
 
 ####################################
@@ -110,28 +156,6 @@ pushd wildfly
 mvn ${MVN_ARGS} install -Dwildfly.home=$NEW_WILDFLY -Dprovision.skip=true -Dconfigure.skip=false
 popd
 
-##############################################################
-# Install and configure the TCK if not previously installed. #
-##############################################################
-
-if test -f $TCK_ZIP
-then
-    echo "TCK Already Downloaded."
-else
-    echo "Downloading TCK."
-    curl $TCK_URL -o $TCK_ZIP
-fi
-
-if test -d $TCK_HOME
-then
-    echo "TCK Already Configured."
-else
-    echo "Configuring TCK."
-    unzip ${UNZIP_ARGS} $TCK_ZIP
-    cp $TCK_ROOT/pom.xml $TCK_ROOT/original-pom.xml
-    xsltproc wildfly-mods/transform.xslt $TCK_ROOT/original-pom.xml > $TCK_ROOT/pom.xml
-fi
-
 #######################
 # Execute the New TCK #
 #######################
@@ -141,6 +165,7 @@ pushd $TCK_ROOT
 mvn ${MVN_ARGS} clean -pl '!old-tck,!old-tck/build,!old-tck/run'
 mkdir target
 safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl '!old-tck,!old-tck/build,!old-tck/run' -Dtest.wildfly.home=$NEW_WILDFLY -fae
+# safeRun mvn ${MVN_ARGS} install -Pnew-wildfly -pl 'app-openid2' -Dtest.wildfly.home=$NEW_WILDFLY -fae
 newTckStatus=${status}
 popd
 

security/wildfly-mods/arquillian.xml

@@ -6,7 +6,7 @@
     <container qualifier="default" default="true">
         <configuration>
             <property name="jbossHome">${test.wildfly.home}</property>
-            <property name="javaVmArguments">${debugJvmArgs}</property>
+            <property name="javaVmArguments">${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.ssl.trustStore=${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 -Djavax.net.ssl.trustStorePassword=changeit</property>
             <property name="serverName">wildfly</property>
             <property name="host">localhost</property>
         </configuration>

security/wildfly-mods/profile.xml

@@ -6,12 +6,8 @@
             <properties>
                 <!--  Versions -->
                 <version.jakarta.servlet>6.0.0</version.jakarta.servlet>
-                <version.org.jboss.logging>3.4.3.Final</version.org.jboss.logging>
-                <version.org.jboss.remoting-jmx>3.0.4.Final</version.org.jboss.remoting-jmx>
-                <version.org.wildfly>31.0.1.Final</version.org.wildfly>
-                <version.org.wildfly.arquillian>5.0.0.Alpha5</version.org.wildfly.arquillian>
-                <version.org.wildfly.core>19.0.1.Final</version.org.wildfly.core>
-                <version.org.wildfly.plugins>2.0.2.Final</version.org.wildfly.plugins>
+                <version.org.wildfly>32.0.1.Final</version.org.wildfly>
+                <version.org.wildfly.arquillian>5.1.0.Beta3</version.org.wildfly.arquillian>
 
                 <test.wildfly.home>${project.basedir}/../../../wildfly/target/wildfly</test.wildfly.home>
                 <debugJvmArgs/>
@@ -26,64 +22,10 @@
                     <artifactId>jakarta.servlet-api</artifactId>
                     <version>${version.jakarta.servlet}</version>
                 </dependency>
-                <dependency>
-                    <groupId>org.jboss.logging</groupId>
-                    <artifactId>jboss-logging</artifactId>
-                    <version>${version.org.jboss.logging}</version>
-                    <exclusions>
-                        <exclusion>
-                            <groupId>*</groupId>
-                            <artifactId>*</artifactId>
-                        </exclusion>
-                    </exclusions>
-                    <scope>test</scope>
-                </dependency>
-                <dependency>
-                    <groupId>org.jboss.remotingjmx</groupId>
-                    <artifactId>remoting-jmx</artifactId>
-                    <version>${version.org.jboss.remoting-jmx}</version>
-                    <scope>test</scope>
-                </dependency>
-                <dependency>
-                    <groupId>org.wildfly.arquillian</groupId>
-                    <artifactId>wildfly-arquillian-common</artifactId>
-                    <version>${version.org.wildfly.arquillian}</version>
-                    <exclusions>
-                        <exclusion>
-                            <groupId>*</groupId>
-                            <artifactId>*</artifactId>
-                        </exclusion>
-                    </exclusions>
-                    <scope>test</scope>
-                </dependency>
                 <dependency>
                     <groupId>org.wildfly.arquillian</groupId>
                     <artifactId>wildfly-arquillian-container-managed</artifactId>
                     <version>${version.org.wildfly.arquillian}</version>
-                    <exclusions>
-                        <exclusion>
-                            <groupId>*</groupId>
-                            <artifactId>*</artifactId>
-                        </exclusion>
-                    </exclusions>
-                    <scope>test</scope>
-                </dependency>
-                <dependency>
-                    <groupId>org.wildfly.core</groupId>
-                    <artifactId>wildfly-controller-client</artifactId>
-                    <version>${version.org.wildfly.core}</version>
-                    <scope>test</scope>
-                </dependency>
-                <dependency>
-                    <groupId>org.wildfly.core</groupId>
-                    <artifactId>wildfly-launcher</artifactId>
-                    <version>${version.org.wildfly.core}</version>
-                    <scope>test</scope>
-                </dependency>
-                <dependency>
-                    <groupId>org.wildfly.plugins</groupId>
-                    <artifactId>wildfly-plugin-core</artifactId>
-                    <version>${version.org.wildfly.plugins}</version>
                     <scope>test</scope>
                 </dependency>
             </dependencies>
@@ -103,6 +45,8 @@
                             <systemPropertyVariables>
                                 <!-- Properties shared with Arquillian -->
                                 <tck_server>${jboss.server.name}</tck_server>
+                                <javax.net.ssl.trustStore>${env.JBOSS_HOME}/standalone/configuration/client.truststore.pkcs12</javax.net.ssl.trustStore>
+                                <javax.net.ssl.javax.net.ssl.trustStorePassword>changeit</javax.net.ssl.trustStore>
                             </systemPropertyVariables>
                             <!-- Standard client side JPMS settings -->
                             <argLine>
@@ -125,6 +69,15 @@
                             </excludes>
                         </configuration>
                     </plugin>
+                    <plugin>
+                        <!-- Skip this plugin as we do it else where -->
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>keytool-maven-plugin</artifactId>
+                        <version>1.7</version>
+                        <configuration>
+                            <skip>true</skip>
+                        </configuration>
+                    </plugin>
                 </plugins>
 
                 <testResources>

security/wildfly/configure-server.cli

@@ -1,12 +1,12 @@
 embed-server --admin-only=true
-
+/subsystem=logging/console-handler=CONSOLE:undefine-attribute(name=level)
 if (outcome != success) of /subsystem=logging/logger=org.wildfly.security:read-resource
     /subsystem=logging/logger=org.wildfly.security:add(level=TRACE)
 end-if
 
-#if (outcome != success) of /subsystem=logging/logger=org.glassfish.soteria:read-resource
-#    /subsystem=logging/logger=org.glassfish.soteria:add(level=TRACE)
-#end-if
+if (outcome != success) of /subsystem=logging/logger=org.glassfish.soteria:read-resource
+    /subsystem=logging/logger=org.glassfish.soteria:add(level=TRACE)
+end-if
 #if (outcome != success) of /subsystem=logging/logger=org.jboss.resteasy:read-resource
 #    /subsystem=logging/logger=org.jboss.resteasy:add(level=TRACE)
 #end-if
@@ -18,4 +18,19 @@ if (outcome != success) of /subsystem=elytron/policy=jacc:read-resource
 end-if
 /subsystem=ee:write-attribute(name=global-modules, value=[{name=com.nimbusds.nimbus-jose-jwt}])
 
+# Configure the keystore
+if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource
+    # create the truststore for the client that has the cert from the server's keystore
+    /subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12)
+    /subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false)
+    /subsystem=elytron/key-store=tckTs:store()
+
+    # add the truststore to the trust manager
+    /subsystem=elytron/trust-manager=tckTm:add(key-store=tckTs)
+
+    # create the SSL context with the trust manager
+    /subsystem=elytron/client-ssl-context=tckSsl:add(trust-manager=tckTm)
+    /subsystem=elytron:write-attribute(name=default-ssl-context, value=tckSsl)
+end-if
+
 stop-embedded-server

security/wildfly/pom.xml

@@ -33,8 +33,8 @@
 
     <properties>
         <!--  Versions -->
-        <version.org.wildfly>31.0.1.Final</version.org.wildfly>
-        <wildfly.plugin.version>5.0.0.Beta3</wildfly.plugin.version>
+        <version.org.wildfly>32.0.1.Final</version.org.wildfly>
+        <wildfly.plugin.version>5.0.0.Final</wildfly.plugin.version>
 
         <!-- Build Properties -->
         <wildfly.home>${project.build.directory}/wildfly</wildfly.home>
@@ -72,6 +72,10 @@
                         <configuration>
                             <jboss-home>${wildfly.home}</jboss-home>
                             <offline>true</offline>
+                            <system-properties>
+                                <tck.root>${env.TCK_ROOT}</tck.root>
+                            </system-properties>
+                            <resolve-expressions>true</resolve-expressions>
                             <scripts>
                                 <script>${project.basedir}/configure-server.cli</script>
                             </scripts>
@@ -121,6 +125,14 @@
                                             <version>${feature.pack.version}</version>
                                         </feature-pack>
                                     </feature-packs>
+                                    <channels>
+                                        <channel>
+                                            <manifest>
+                                                <groupId>org.wildfly.channels</groupId>
+                                                <artifactId>wildfly-ee</artifactId>
+                                            </manifest>
+                                        </channel>
+                                    </channels>
                                 </configuration>
                             </execution>
                         </executions>