From 68b2c00d0ac5e9aacd88ac8b26d6acfd9d1e9243 Mon Sep 17 00:00:00 2001 From: Cameron Rodriguez Date: Tue, 18 Oct 2022 17:46:14 -0400 Subject: [PATCH] [WFCORE-5279] All tests passing, init build complete Reorganized integration tests, readded security manager to module.xml --- .../feature_groups/elytron-with-tls.xml | 21 -- .../extension/elytron-tls/main/module.xml | 1 + testsuite/integration/pom.xml | 4 + .../as/test/shared/CliUtils.java} | 21 +- .../common/AbstractConfigurableElement.java | 59 ----- .../subsystem/common/ConfigurableElement.java | 45 ---- .../subsystem/common/CredentialReference.java | 126 --------- .../SystemPropertyExpressionTestCase.java | 248 ++++++++++++++++++ .../sanity/ElytronTlsSanityTestCase.java} | 6 +- .../tls/subsystem/tls/OpenSslTlsTestCase.java | 32 +-- .../tls/ServerSslSniContextTestCase.java | 90 +++++++ .../common/TestRunnerConfigSetupTask.java | 7 +- .../elytron/tls/subsystem}/CliPath.java | 2 +- .../tls/subsystem/SimpleTlsKeyManager.java} | 25 +- .../tls/subsystem/SimpleTlsKeyStore.java} | 27 +- .../subsystem/SimpleTlsServerSslContext.java} | 37 +-- .../tls/subsystem/SimpleTlsTrustManager.java} | 24 +- testsuite/pom.xml | 1 - 18 files changed, 437 insertions(+), 339 deletions(-) delete mode 100644 feature-pack/src/main/resources/feature_groups/elytron-with-tls.xml rename testsuite/integration/subsystem/src/test/java/org/{wildfly/test/feature/pack/elytron/tls/subsystem/common/ModelNodeConvertable.java => jboss/as/test/shared/CliUtils.java} (54%) delete mode 100644 testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/AbstractConfigurableElement.java delete mode 100644 testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/ConfigurableElement.java delete mode 100644 testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/CredentialReference.java create mode 100644 testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/expression/SystemPropertyExpressionTestCase.java rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack/elytron/tls/subsystem/sanity/SubsystemSanityTestCase.java => integration/elytron/tls/subsystem/sanity/ElytronTlsSanityTestCase.java} (90%) rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack => integration}/elytron/tls/subsystem/tls/OpenSslTlsTestCase.java (94%) create mode 100644 testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/tls/ServerSslSniContextTestCase.java rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack/elytron/tls/subsystem => security}/common/TestRunnerConfigSetupTask.java (95%) rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack/elytron/tls/subsystem/common => security/common/elytron/tls/subsystem}/CliPath.java (97%) rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack/elytron/tls/subsystem/common/SimpleKeyManager.java => security/common/elytron/tls/subsystem/SimpleTlsKeyManager.java} (70%) rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack/elytron/tls/subsystem/common/SimpleKeyStore.java => security/common/elytron/tls/subsystem/SimpleTlsKeyStore.java} (71%) rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack/elytron/tls/subsystem/common/SimpleServerSslContext.java => security/common/elytron/tls/subsystem/SimpleTlsServerSslContext.java} (79%) rename testsuite/integration/subsystem/src/test/java/org/wildfly/test/{feature/pack/elytron/tls/subsystem/common/SimpleTrustManager.java => security/common/elytron/tls/subsystem/SimpleTlsTrustManager.java} (66%) diff --git a/feature-pack/src/main/resources/feature_groups/elytron-with-tls.xml b/feature-pack/src/main/resources/feature_groups/elytron-with-tls.xml deleted file mode 100644 index dfc7e07..0000000 --- a/feature-pack/src/main/resources/feature_groups/elytron-with-tls.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - \ No newline at end of file diff --git a/feature-pack/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron-tls/main/module.xml b/feature-pack/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron-tls/main/module.xml index 5115aed..2751183 100644 --- a/feature-pack/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron-tls/main/module.xml +++ b/feature-pack/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron-tls/main/module.xml @@ -38,6 +38,7 @@ + \ No newline at end of file diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml index c797446..a4ec780 100644 --- a/testsuite/integration/pom.xml +++ b/testsuite/integration/pom.xml @@ -88,6 +88,10 @@ wildfly-arquillian-protocol-jmx test + + org.wildfly.core + wildfly-core-test-runner + \ No newline at end of file diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/ModelNodeConvertable.java b/testsuite/integration/subsystem/src/test/java/org/jboss/as/test/shared/CliUtils.java similarity index 54% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/ModelNodeConvertable.java rename to testsuite/integration/subsystem/src/test/java/org/jboss/as/test/shared/CliUtils.java index 663bce3..3690729 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/ModelNodeConvertable.java +++ b/testsuite/integration/subsystem/src/test/java/org/jboss/as/test/shared/CliUtils.java @@ -1,5 +1,5 @@ /* - * Copyright 2017 Red Hat, Inc. + * Copyright 2016 Red Hat, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,17 +14,24 @@ * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; +package org.jboss.as.test.shared; -import org.jboss.dmr.ModelNode; +import static org.wildfly.common.Assert.checkNotNullParamWithNullPointerException; /** - * Represents objects which are convertable to ModelNode instances. + * CLI helper methods. * * @author Josef Cacek */ -public interface ModelNodeConvertable { - - ModelNode toModelNode(); +public class CliUtils { + /** + * Escapes given path String for CLI. + * + * @param path path string to escape (must be not-null) + * @return escaped path + */ + public static String escapePath(String path) { + return checkNotNullParamWithNullPointerException("path", path).replace("\\", "\\\\"); + } } diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/AbstractConfigurableElement.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/AbstractConfigurableElement.java deleted file mode 100644 index fe51f83..0000000 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/AbstractConfigurableElement.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2017 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; - -import static org.wildfly.common.Assert.checkNotNullParamWithNullPointerException; - -/** - * Abstract parent for {@link ConfigurableElement} implementations. It just holds common fields and provides parent for - * builders. - * - * @author Josef Cacek - */ -public abstract class AbstractConfigurableElement implements ConfigurableElement { - - protected final String name; - - protected AbstractConfigurableElement(Builder builder) { - checkNotNullParamWithNullPointerException("builder", builder); - this.name = checkNotNullParamWithNullPointerException("builder.name", builder.name); - } - - @Override - public final String getName() { - return name; - } - - /** - * Builder to build {@link AbstractConfigurableElement}. - */ - public abstract static class Builder> { - private String name; - - protected Builder() { - } - - protected abstract T self(); - - public final T withName(String name) { - this.name = name; - return self(); - } - - } - -} diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/ConfigurableElement.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/ConfigurableElement.java deleted file mode 100644 index 326c606..0000000 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/ConfigurableElement.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2017 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; - -import org.jboss.as.controller.client.ModelControllerClient; -import org.jboss.as.test.integration.management.util.CLIWrapper; - -/** - * Interface representing a configurable object in domain model. The implementation has to override at least one of the - * {@code create(...)} methods and one of the {@code remove(...)} methods. - * - * @author Josef Cacek - */ -public interface ConfigurableElement { - - /** - * Returns name of this element. - */ - String getName(); - - /** - * Creates this element in domain model and it also may create other resources if needed (e.g. external files). - * Implementation can choose if controller client is used or provided CLI wrapper. - */ - void create(ModelControllerClient client, CLIWrapper cli) throws Exception; - - /** - * Reverts the changes introdued by {@code create(...)} method(s). - */ - void remove(ModelControllerClient client, CLIWrapper cli) throws Exception; -} diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/CredentialReference.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/CredentialReference.java deleted file mode 100644 index b68ad67..0000000 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/CredentialReference.java +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright 2017 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; - -import static org.apache.commons.lang3.StringUtils.isNotBlank; -import static org.wildfly.test.security.common.ModelNodeUtil.setIfNotNull; - -import org.jboss.dmr.ModelNode; -import org.wildfly.test.security.common.elytron.CliFragment; - -/** - * Helper class for adding "credential-reference" attributes into CLI commands. - * - * @author Josef Cacek - */ -public class CredentialReference implements CliFragment, ModelNodeConvertable { - - public static final CredentialReference EMPTY = CredentialReference.builder().build(); - - private final String store; - private final String alias; - private final String type; - private final String clearText; - - private CredentialReference(Builder builder) { - this.store = builder.store; - this.alias = builder.alias; - this.type = builder.type; - this.clearText = builder.clearText; - } - - @Override - public String asString() { - StringBuilder sb = new StringBuilder(); - if (isNotBlank(alias) || isNotBlank(clearText) || isNotBlank(store) || isNotBlank(type)) { - sb.append("credential-reference={ "); - if (isNotBlank(alias)) { - sb.append(String.format("alias=\"%s\", ", alias)); - } - if (isNotBlank(store)) { - sb.append(String.format("store=\"%s\", ", store)); - } - if (isNotBlank(type)) { - sb.append(String.format("type=\"%s\", ", type)); - } - if (isNotBlank(clearText)) { - sb.append(String.format("clear-text=\"%s\"", clearText)); - } - sb.append("}, "); - } - return sb.toString(); - } - - @Override - public ModelNode toModelNode() { - if (this == EMPTY) { - return null; - } - final ModelNode node= new ModelNode(); - setIfNotNull(node, "store", store); - setIfNotNull(node, "alias", alias); - setIfNotNull(node, "type", type); - setIfNotNull(node, "clear-text", clearText); - return node; - } - - /** - * Creates builder to build {@link CredentialReference}. - * - * @return created builder - */ - public static Builder builder() { - return new Builder(); - } - - /** - * Builder to build {@link CredentialReference}. - */ - public static final class Builder { - private String store; - private String alias; - private String type; - private String clearText; - - private Builder() { - } - - public Builder withStore(String store) { - this.store = store; - return this; - } - - public Builder withAlias(String alias) { - this.alias = alias; - return this; - } - - public Builder withType(String type) { - this.type = type; - return this; - } - - public Builder withClearText(String clearText) { - this.clearText = clearText; - return this; - } - - public CredentialReference build() { - return new CredentialReference(this); - } - } -} diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/expression/SystemPropertyExpressionTestCase.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/expression/SystemPropertyExpressionTestCase.java new file mode 100644 index 0000000..4945cc6 --- /dev/null +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/expression/SystemPropertyExpressionTestCase.java @@ -0,0 +1,248 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2021 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.test.integration.elytron.tls.subsystem.expression; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.COMPOSITE; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.CORE_SERVICE; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PLATFORM_MBEAN; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RESULT; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SYSTEM_PROPERTY; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.TYPE; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.VALUE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.util.HashMap; +import java.util.Map; + +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.client.ModelControllerClient; +import org.jboss.as.controller.client.helpers.ClientConstants; +import org.jboss.as.controller.operations.common.Util; +import org.jboss.as.test.integration.management.util.ServerReload; +import org.jboss.as.test.shared.TestSuiteEnvironment; +import org.jboss.dmr.ModelNode; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.wildfly.core.testrunner.ManagementClient; +import org.wildfly.core.testrunner.ServerSetup; +import org.wildfly.core.testrunner.ServerSetupTask; +import org.wildfly.core.testrunner.UnsuccessfulOperationException; +import org.wildfly.core.testrunner.WildflyTestRunner; +import org.wildfly.security.auth.server.IdentityCredentials; +import org.wildfly.security.credential.PasswordCredential; +import org.wildfly.security.credential.SecretKeyCredential; +import org.wildfly.security.credential.store.CredentialStore; +import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore; +import org.wildfly.security.encryption.SecretKeyUtil; +import org.wildfly.security.password.interfaces.ClearPassword; + +@RunWith(WildflyTestRunner.class) +@ServerSetup(SystemPropertyExpressionTestCase.ServerSetup.class) +public class SystemPropertyExpressionTestCase { + + private static final String CNAME = SystemPropertyExpressionTestCase.class.getSimpleName(); + private static final String CS_PATH = "target/" + CNAME + ".cs"; + private static final PathAddress SUBSYSTEM_ADDRESS = PathAddress.pathAddress(SUBSYSTEM, "elytron"); + private static final PathAddress ENCRYPTION_ADDRESS = SUBSYSTEM_ADDRESS.append("expression", "encryption"); + private static final String CREDENTIAL_STORE = "credential-store"; + private static final PathAddress CREDENTIAL_STORE_ADDRESS = SUBSYSTEM_ADDRESS.append(CREDENTIAL_STORE, CNAME); + private static final String SECURE_KEY = "RUxZAUsXHVcDh99zAdxGEzTBK1h2qjW+sZg2+37w7ijhDEiJEw=="; + private static final PathAddress RUNTIME_ADDRESS = PathAddress.pathAddress(CORE_SERVICE, PLATFORM_MBEAN).append(TYPE, "runtime"); + private static final String PROP = CNAME; + private static final String MISSING_PROP = PROP + "-missing"; + + private static final String CLEAR_TEXT = "Lorem ipsum dolor sit amet"; + + public static final class ServerSetup implements ServerSetupTask { + @Override + public void setup(ManagementClient managementClient) throws Exception { + addCredentialStore(managementClient); + managementClient.executeForResult(getAddExpressionEncyryptionOp()); + } + + @Override + public void tearDown(ManagementClient managementClient) throws Exception { + try { + safeRemoveSystemProperty(managementClient, PROP); + safeRemoveSystemProperty(managementClient, MISSING_PROP); + removeExpressionEncryption(managementClient.getControllerClient()); + } finally { + removeCredentialStore(managementClient); + } + } + + private static void addCredentialStore(ManagementClient managementClient) throws GeneralSecurityException, IOException, UnsuccessfulOperationException { + cleanCredentialStoreFile(); + KeyStore ks = KeyStore.getInstance("JCEKS"); + ks.load(null, null); + ks.store(Files.newOutputStream(Paths.get(CS_PATH)), CNAME.toCharArray()); + + Map attributes = new HashMap<>(); + attributes.put("location", CS_PATH); + attributes.put("keyStoreType", "JCEKS"); + attributes.put("modifiable", "true"); + + PasswordCredential credential = new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, CNAME.toCharArray())); + CredentialStore credentialStore = CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE); + + credentialStore.initialize(attributes, + new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(credential))); + credentialStore.store("securekey", new SecretKeyCredential(SecretKeyUtil.importSecretKey(SECURE_KEY))); + credentialStore.flush(); + + ModelNode addOp = Util.createAddOperation(CREDENTIAL_STORE_ADDRESS); + addOp.get("location").set(CS_PATH); + addOp.get("credential-reference", "clear-text").set(CNAME); + addOp.get("providers").set("combined-providers"); + managementClient.executeForResult(addOp); + } + + private static void safeRemoveSystemProperty(ManagementClient managementClient, String prop) { + try { + managementClient.getControllerClient().execute(Util.createRemoveOperation(PathAddress.pathAddress(SYSTEM_PROPERTY, prop))); + } catch (Exception e) { + e.printStackTrace(System.out); + } + } + + private static void removeCredentialStore(ManagementClient managementClient) throws UnsuccessfulOperationException { + try { + ModelNode removeOp = Util.createRemoveOperation(CREDENTIAL_STORE_ADDRESS); + managementClient.executeForResult(removeOp); + ServerReload.executeReloadAndWaitForCompletion(managementClient.getControllerClient()); + } finally { + cleanCredentialStoreFile(); + } + } + + private static void cleanCredentialStoreFile() { + File f = new File(CS_PATH); + assert !f.exists() || f.delete(); + } + } + + private static ModelNode getAddExpressionEncyryptionOp() { + ModelNode encAdd = Util.createAddOperation(ENCRYPTION_ADDRESS); + encAdd.get("default-resolver").set("Default"); + ModelNode resolvers = encAdd.get("resolvers"); + ModelNode resolver = new ModelNode(); + resolver.get("name").set("Default"); + resolver.get(CREDENTIAL_STORE).set(CNAME); + resolver.get("secret-key").set("securekey"); + resolvers.add(resolver); + return encAdd; + } + + private static void removeExpressionEncryption(ModelControllerClient modelControllerClient) throws IOException { + ModelNode removeOp = Util.createRemoveOperation(ENCRYPTION_ADDRESS); + removeOp.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true); + assertSuccess(modelControllerClient.execute(removeOp)); + } + + @Test + public void testEncryptedSystemProperties() throws Exception { + + PathAddress propAddress = PathAddress.pathAddress(SYSTEM_PROPERTY, PROP); + try (ModelControllerClient client = TestSuiteEnvironment.getModelControllerClient()) { + + assertNull(getSystemProperty(client, PROP)); + assertNull(getSystemProperty(client, MISSING_PROP)); + + ModelNode response = createExpression(client); + assertSuccess(response); + String expression = response.get(ClientConstants.RESULT).get("expression").asString(); + + ModelNode addOp = Util.createAddOperation(propAddress); + addOp.get(VALUE).set(expression); + + response = client.execute(addOp); + assertSuccess(response); + + assertEquals(CLEAR_TEXT, getSystemProperty(client, PROP)); + + removeExpressionEncryption(client); + + // Removing the resolver doesn't affect the system property + assertEquals(CLEAR_TEXT, getSystemProperty(client, PROP)); + + ModelNode missingAddOp = Util.createAddOperation(PathAddress.pathAddress(SYSTEM_PROPERTY, MISSING_PROP)); + missingAddOp.get(VALUE).set(expression); + // The add should succeed, but the expression would be resolved as if it were a standard expression with a default + assertSuccess(client.execute(missingAddOp)); + assertEquals(expression.substring(expression.indexOf(":Default:"), expression.length() - 1), getSystemProperty(client, MISSING_PROP)); + + // Clean up + assertSuccess(client.execute(Util.createRemoveOperation(PathAddress.pathAddress(SYSTEM_PROPERTY, MISSING_PROP)))); + assertNull(getSystemProperty(client, MISSING_PROP)); + + // If the prop and the resolver are added in a composite, then proper resolution can occur during op execution + ModelNode composite = Util.createEmptyOperation(COMPOSITE, PathAddress.EMPTY_ADDRESS); + ModelNode steps = composite.get(STEPS); + steps.add(missingAddOp); + + steps.add(getAddExpressionEncyryptionOp()); + + assertSuccess(client.execute(composite)); + + assertEquals(CLEAR_TEXT, getSystemProperty(client, MISSING_PROP)); + + // Test boot behavior. Reload and confirm the property is set. + ServerReload.executeReloadAndWaitForCompletion(client); + + assertEquals(CLEAR_TEXT, getSystemProperty(client, PROP)); + + } + } + + private static ModelNode createExpression(ModelControllerClient client) throws IOException { + ModelNode createExpression = Util.createEmptyOperation("create-expression", ENCRYPTION_ADDRESS); + createExpression.get("resolver").set("Default"); + createExpression.get("clear-text").set(CLEAR_TEXT); + + return client.execute(createExpression); + } + + private static void assertSuccess(ModelNode response) { + if (!response.get(OUTCOME).asString().equals(SUCCESS)) { + Assert.fail(response.toJSONString(false)); + } + } + + private static String getSystemProperty(ModelControllerClient client, String property) throws IOException { + ModelNode response = client.execute(Util.getReadAttributeOperation(RUNTIME_ADDRESS, "system-properties")); + assertSuccess(response); + ModelNode val = response.get(RESULT, property); + return val.isDefined() ? val.asString() : null; + } +} diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/sanity/SubsystemSanityTestCase.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/sanity/ElytronTlsSanityTestCase.java similarity index 90% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/sanity/SubsystemSanityTestCase.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/sanity/ElytronTlsSanityTestCase.java index 82ebc79..c12bb23 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/sanity/SubsystemSanityTestCase.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/sanity/ElytronTlsSanityTestCase.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.sanity; +package org.wildfly.test.integration.elytron.tls.subsystem.sanity; import javax.inject.Inject; @@ -33,7 +33,7 @@ * @author Kabir Khan */ @RunWith(Arquillian.class) -public class SubsystemSanityTestCase { +public class ElytronTlsSanityTestCase { @Inject @ExampleQualifier @@ -43,7 +43,7 @@ public class SubsystemSanityTestCase { public static WebArchive getDeployment() { final WebArchive webArchive = ShrinkWrap.create(WebArchive.class, "sanity-test.war") .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml") - .addPackage(SubsystemSanityTestCase.class.getPackage()); + .addPackage(ElytronTlsSanityTestCase.class.getPackage()); return webArchive; } diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/tls/OpenSslTlsTestCase.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/tls/OpenSslTlsTestCase.java similarity index 94% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/tls/OpenSslTlsTestCase.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/tls/OpenSslTlsTestCase.java index 2e47ca1..7832219 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/tls/OpenSslTlsTestCase.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/tls/OpenSslTlsTestCase.java @@ -15,7 +15,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301, USA. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.tls; +package org.wildfly.test.integration.elytron.tls.subsystem.tls; import static org.jboss.as.controller.client.helpers.ClientConstants.CONTENT; import static org.jboss.as.controller.client.helpers.ClientConstants.DEPLOYMENT; @@ -74,21 +74,21 @@ import org.wildfly.core.testrunner.ManagementClient; import org.wildfly.core.testrunner.ServerSetupTask; import org.wildfly.core.testrunner.WildflyTestRunner; -import org.wildfly.extension.elytron.ElytronExtension; +import org.wildfly.extension.elytron.tls.subsystem.ElytronTlsExtension; import org.wildfly.openssl.OpenSSLProvider; import org.wildfly.security.ssl.CipherSuiteSelector; import org.wildfly.security.ssl.ProtocolSelector; import org.wildfly.security.ssl.SSLContextBuilder; import org.wildfly.security.ssl.test.util.CAGenerationTool; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.TestRunnerConfigSetupTask; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.CliPath; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.ConfigurableElement; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.SimpleServerSslContext; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.CredentialReference; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.SimpleKeyManager; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.SimpleKeyStore; -import org.wildfly.test.feature.pack.elytron.tls.subsystem.common.SimpleTrustManager; +import org.wildfly.test.security.common.TestRunnerConfigSetupTask; +import org.wildfly.test.security.common.elytron.ConfigurableElement; +import org.wildfly.test.security.common.elytron.CredentialReference; +import org.wildfly.test.security.common.elytron.tls.subsystem.SimpleTlsKeyManager; +import org.wildfly.test.security.common.elytron.tls.subsystem.SimpleTlsKeyStore; +import org.wildfly.test.security.common.elytron.tls.subsystem.SimpleTlsServerSslContext; +import org.wildfly.test.security.common.elytron.tls.subsystem.SimpleTlsTrustManager; +import org.wildfly.test.security.common.elytron.tls.subsystem.CliPath; import org.wildfly.test.undertow.UndertowSSLService; import org.wildfly.test.undertow.UndertowSSLServiceActivator; import org.wildfly.test.undertow.UndertowServiceActivator; @@ -113,7 +113,7 @@ public class OpenSslTlsTestCase { private static final String SERVER_TRUST_MANAGER_NAME = "serverTM"; private static final String SERVER_SSL_CONTEXT_NAME = "test-context"; - private static final PathAddress ROOT_ADDRESS = PathAddress.pathAddress(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME); + private static final PathAddress ROOT_ADDRESS = PathAddress.pathAddress(SUBSYSTEM, ElytronTlsExtension.SUBSYSTEM_NAME); private static final PathAddress SERVER_SSL_CONTEXT_ADDRESS = ROOT_ADDRESS.append("server-ssl-context", SERVER_SSL_CONTEXT_NAME); private static final Pattern OPENSSL_TLSv13_PATTERN = Pattern.compile("^(TLS_AES_128_GCM_SHA256|TLS_AES_256_GCM_SHA384|TLS_CHACHA20_POLY1305_SHA256|TLS_AES_128_CCM_SHA256|TLS_AES_128_CCM_8_SHA256)$"); @@ -199,7 +199,7 @@ protected ConfigurableElement[] getConfigurableElements() { .build(); // KeyStores - final SimpleKeyStore.Builder ksCommon = SimpleKeyStore.builder() + final SimpleTlsKeyStore.Builder ksCommon = SimpleTlsKeyStore.builder() .withType("JKS") .withCredentialReference(credentialReference); elements.add(ksCommon.withName(SERVER_KEY_STORE_NAME) @@ -214,19 +214,19 @@ protected ConfigurableElement[] getConfigurableElements() { .build()); // Key and Trust Managers - elements.add(SimpleKeyManager.builder() + elements.add(SimpleTlsKeyManager.builder() .withName(SERVER_KEY_MANAGER_NAME) .withCredentialReference(credentialReference) .withKeyStore(SERVER_KEY_STORE_NAME) .build()); elements.add( - SimpleTrustManager.builder() + SimpleTlsTrustManager.builder() .withName(SERVER_TRUST_MANAGER_NAME) .withKeyStore(SERVER_TRUST_STORE_NAME) .build()); // SSLContext with OpenSSL provider - elements.add(SimpleServerSslContext.builder() + elements.add(SimpleTlsServerSslContext.builder() .withName(SERVER_SSL_CONTEXT_NAME) .withKeyManagers(SERVER_KEY_MANAGER_NAME) .withTrustManagers(SERVER_TRUST_MANAGER_NAME) @@ -235,7 +235,7 @@ protected ConfigurableElement[] getConfigurableElements() { .withCipherSuiteNames("TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_8_SHA256") .build()); - return elements.toArray(new ConfigurableElement[elements.size()]); + return elements.toArray(new ConfigurableElement[0]); } @Override diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/tls/ServerSslSniContextTestCase.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/tls/ServerSslSniContextTestCase.java new file mode 100644 index 0000000..bf894a1 --- /dev/null +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/integration/elytron/tls/subsystem/tls/ServerSslSniContextTestCase.java @@ -0,0 +1,90 @@ +/* + * Copyright 2019 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.test.integration.elytron.tls.subsystem.tls; + +import static org.hamcrest.CoreMatchers.containsString; + +import org.hamcrest.MatcherAssert; +import org.jboss.as.test.integration.management.util.CLIWrapper; +import org.jboss.as.test.integration.management.util.ServerReload; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.wildfly.core.testrunner.ServerSetup; +import org.wildfly.core.testrunner.WildflyTestRunner; + +@Ignore("SNI is not implemented yet") +@ServerSetup(ServerReload.SetupTask.class) +@RunWith(WildflyTestRunner.class) +public class ServerSslSniContextTestCase { + CLIWrapper cli; + + @Before + public void setup() throws Exception { + cli = new CLIWrapper(true); + // add server-ssl-sni-context + cli.sendLine("/subsystem=elytron-tls/key-store=exampleKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir,credential-reference={clear-text=\"keystore_password\"},type=JKS)"); + cli.sendLine("/subsystem=elytron-tls/key-manager=exampleKeyManager:add(key-store=exampleKeyStore,alias-filter=server,credential-reference={clear-text=\"key_password\"})"); + cli.sendLine("/subsystem=elytron-tls/server-ssl-context=exampleSslContext:add(key-manager=exampleKeyManager)"); + cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:add(default-ssl-context=exampleSslContext"); + } + + @After + public void cleanup() throws Exception { + removeTestResources(); + cli.close(); + } + + @Test + public void testInvalidHostContextMapValue() { + boolean success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"\\\\?.invalid.com\"=exampleSslContext})", true); + Assert.assertFalse(success); + MatcherAssert.assertThat("Wrong error message", cli.readOutput(), containsString("Invalid value of host context map")); + success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"invalid\\\\.\\\\.example.com\"=exampleSslContext})", true); + Assert.assertFalse(success); + MatcherAssert.assertThat("Wrong error message", cli.readOutput(), containsString("Invalid value of host context map")); + success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"*\\.invalid.com\"=exampleSslContext})", true); + Assert.assertFalse(success); + MatcherAssert.assertThat("Wrong error message", cli.readOutput(), containsString("Invalid value of host context map")); + success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"invalid.com-\"=exampleSslContext})", true); + Assert.assertFalse(success); + MatcherAssert.assertThat("Wrong error message", cli.readOutput(), containsString("Invalid value of host context map")); + success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"invalid.com\\\\.\"=exampleSslContext})", true); + Assert.assertFalse(success); + MatcherAssert.assertThat("Wrong error message", cli.readOutput(), containsString("Invalid value of host context map")); + } + + @Test + public void testValidHostContextMapValue() { + boolean success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"..valid\\\\.example\\\\.com\"=exampleSslContext})", true); + Assert.assertTrue(success); + success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"valid\\\\.example\\\\.com\"=exampleSslContext})", true); + Assert.assertTrue(success); + success = cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:write-attribute(name=host-context-map,value={\"[^.]*\\\\.example\\\\.com\"=exampleSslContext})", true); + Assert.assertTrue(success); + } + + private void removeTestResources() { + cli.sendLine("/subsystem=elytron-tls/server-ssl-sni-context=exampleSslSniContext:remove"); + cli.sendLine("/subsystem=elytron-tls/server-ssl-context=exampleSslContext:remove"); + cli.sendLine("/subsystem=elytron-tls/key-manager=exampleKeyManager:remove"); + cli.sendLine("/subsystem=elytron-tls/key-store=exampleKeyStore:remove"); + } +} diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/TestRunnerConfigSetupTask.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/TestRunnerConfigSetupTask.java similarity index 95% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/TestRunnerConfigSetupTask.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/TestRunnerConfigSetupTask.java index 6d629cd..92cb327 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/TestRunnerConfigSetupTask.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/TestRunnerConfigSetupTask.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; +package org.wildfly.test.security.common; import java.util.Arrays; import java.util.ListIterator; @@ -25,6 +25,7 @@ import org.jboss.logging.Logger; import org.wildfly.core.testrunner.ManagementClient; import org.wildfly.core.testrunner.ServerSetupTask; +import org.wildfly.test.security.common.elytron.ConfigurableElement; /** * WildFly TestRunner ServerSetupTask version of AbstractConfigSetupTask. @@ -49,7 +50,7 @@ public void tearDown(final ManagementClient managementClient) throws Exception { /** * Creates configuration elements (provided by implementation of {@link #getConfigurableElements()} method) and calls - * {@link ConfigurableElement#create(ModelControllerClient, CLIWrapper)} for them. + * {@link ConfigurableElement#create(CLIWrapper)} for them. */ protected void setup(final ModelControllerClient modelControllerClient) throws Exception { configurableElements = getConfigurableElements(); @@ -70,7 +71,7 @@ protected void setup(final ModelControllerClient modelControllerClient) throws E } /** - * Reverts configuration changes done by {@link #setup(ModelControllerClient)} method - i.e. calls {@link ConfigurableElement#remove(ModelControllerClient, CLIWrapper)} method + * Reverts configuration changes done by {@link #setup(ModelControllerClient)} method - i.e. calls {@link ConfigurableElement#remove(CLIWrapper)} method * on instances provided by {@link #getConfigurableElements()} (in reverse order). */ protected void tearDown(ModelControllerClient modelControllerClient) throws Exception { diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/CliPath.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/CliPath.java similarity index 97% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/CliPath.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/CliPath.java index 0aeb2ce..e2af5ca 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/CliPath.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/CliPath.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; +package org.wildfly.test.security.common.elytron.tls.subsystem; import static org.apache.commons.lang3.StringUtils.isNotBlank; import static org.jboss.as.test.shared.CliUtils.escapePath; diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleKeyManager.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsKeyManager.java similarity index 70% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleKeyManager.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsKeyManager.java index cd3a75b..7d29d52 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleKeyManager.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsKeyManager.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; +package org.wildfly.test.security.common.elytron.tls.subsystem; import static org.apache.commons.lang3.ObjectUtils.defaultIfNull; import static org.wildfly.common.Assert.checkNotNullParamWithNullPointerException; @@ -22,18 +22,21 @@ import org.jboss.as.controller.client.ModelControllerClient; import org.jboss.as.test.integration.management.util.CLIWrapper; +import org.wildfly.test.security.common.elytron.AbstractConfigurableElement; +import org.wildfly.test.security.common.elytron.CredentialReference; /** - * Elytron key-manager configuration implementation. + * Elytron TLS key-manager configuration implementation. * * @author Josef Cacek + * @author Cameron Rodriguez */ -public class SimpleKeyManager extends AbstractConfigurableElement { +public class SimpleTlsKeyManager extends AbstractConfigurableElement { private final String keyStore; private final CredentialReference credentialReference; - private SimpleKeyManager(Builder builder) { + private SimpleTlsKeyManager(Builder builder) { super(builder); this.keyStore = checkNotNullParamWithNullPointerException("builder.keyStore", builder.keyStore); this.credentialReference = defaultIfNull(builder.credentialReference, CredentialReference.EMPTY); @@ -41,19 +44,19 @@ private SimpleKeyManager(Builder builder) { @Override public void create(ModelControllerClient client, CLIWrapper cli) throws Exception { - // /subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret}) + // /subsystem=elytron-tls/key-manager=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret}) - cli.sendLine(String.format("/subsystem=elytron/key-manager=%s:add(key-store=\"%s\",algorithm=\"%s\", %s)", name, + cli.sendLine(String.format("/subsystem=elytron-tls/key-manager=%s:add(key-store=\"%s\",algorithm=\"%s\", %s)", name, keyStore, KeyManagerFactory.getDefaultAlgorithm(), credentialReference.asString())); } @Override public void remove(ModelControllerClient client, CLIWrapper cli) throws Exception { - cli.sendLine(String.format("/subsystem=elytron/key-manager=%s:remove()", name)); + cli.sendLine(String.format("/subsystem=elytron-tls/key-manager=%s:remove()", name)); } /** - * Creates builder to build {@link SimpleKeyManager}. + * Creates builder to build {@link SimpleTlsKeyManager}. * * @return created builder */ @@ -62,7 +65,7 @@ public static Builder builder() { } /** - * Builder to build {@link SimpleKeyManager}. + * Builder to build {@link SimpleTlsKeyManager}. */ public static final class Builder extends AbstractConfigurableElement.Builder { private String keyStore; @@ -81,8 +84,8 @@ public Builder withCredentialReference(CredentialReference credentialReference) return this; } - public SimpleKeyManager build() { - return new SimpleKeyManager(this); + public SimpleTlsKeyManager build() { + return new SimpleTlsKeyManager(this); } @Override diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleKeyStore.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsKeyStore.java similarity index 71% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleKeyStore.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsKeyStore.java index 934ff58..a002974 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleKeyStore.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsKeyStore.java @@ -13,26 +13,29 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; +package org.wildfly.test.security.common.elytron.tls.subsystem; import static org.apache.commons.lang3.ObjectUtils.defaultIfNull; import org.jboss.as.controller.client.ModelControllerClient; import org.jboss.as.test.integration.management.util.CLIWrapper; +import org.wildfly.test.security.common.elytron.AbstractConfigurableElement; +import org.wildfly.test.security.common.elytron.CredentialReference; /** - * Elytron key-store configuration implementation. + * Elytron TLS key-store configuration implementation. * * @author Josef Cacek + * @author Cameron Rodriguez */ -public class SimpleKeyStore extends AbstractConfigurableElement { +public class SimpleTlsKeyStore extends AbstractConfigurableElement { private final CliPath path; private final CredentialReference credentialReference; private final String type; private final boolean required; - private SimpleKeyStore(Builder builder) { + private SimpleTlsKeyStore(Builder builder) { super(builder); this.path = defaultIfNull(builder.path, CliPath.EMPTY); this.credentialReference = defaultIfNull(builder.credentialReference, CredentialReference.EMPTY); @@ -42,19 +45,19 @@ private SimpleKeyStore(Builder builder) { @Override public void create(ModelControllerClient client, CLIWrapper cli) throws Exception { - // /subsystem=elytron/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.server.config.dir, + // /subsystem=elytron-tls/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.server.config.dir, // credential-reference={clear-text=secret},type=JKS,required=false) - cli.sendLine(String.format("/subsystem=elytron/key-store=%s:add(%s%stype=\"%s\",required=%s)", name, path.asString(), - credentialReference.asString(), type, Boolean.toString(required))); + cli.sendLine(String.format("/subsystem=elytron-tls/key-store=%s:add(%s%stype=\"%s\",required=%s)", name, path.asString(), + credentialReference.asString(), type, required)); } @Override public void remove(ModelControllerClient client, CLIWrapper cli) throws Exception { - cli.sendLine(String.format("/subsystem=elytron/key-store=%s:remove()", name)); + cli.sendLine(String.format("/subsystem=elytron-tls/key-store=%s:remove()", name)); } /** - * Creates builder to build {@link SimpleKeyStore}. + * Creates builder to build {@link SimpleTlsKeyStore}. * * @return created builder */ @@ -63,7 +66,7 @@ public static Builder builder() { } /** - * Builder to build {@link SimpleKeyStore}. + * Builder to build {@link SimpleTlsKeyStore}. */ public static final class Builder extends AbstractConfigurableElement.Builder { private CliPath path; @@ -94,8 +97,8 @@ public Builder withRequired(boolean required) { return this; } - public SimpleKeyStore build() { - return new SimpleKeyStore(this); + public SimpleTlsKeyStore build() { + return new SimpleTlsKeyStore(this); } @Override diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleServerSslContext.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsServerSslContext.java similarity index 79% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleServerSslContext.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsServerSslContext.java index 74c98b8..def7934 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleServerSslContext.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsServerSslContext.java @@ -13,35 +13,35 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; +package org.wildfly.test.security.common.elytron.tls.subsystem; import java.util.StringJoiner; import org.apache.commons.lang3.StringUtils; import org.jboss.as.controller.client.ModelControllerClient; import org.jboss.as.test.integration.management.util.CLIWrapper; +import org.wildfly.test.security.common.elytron.AbstractConfigurableElement; /** - * Elytron server-ssl-context configuration implementation. + * Elytron TLS server-ssl-context configuration implementation. * * @author Josef Cacek + * @author Cameron Rodriguez */ -public class SimpleServerSslContext extends AbstractConfigurableElement { +public class SimpleTlsServerSslContext extends AbstractConfigurableElement { private final String keyManager; private final String trustManager; - private final String securityDomain; private final String[] protocols; private final boolean needClientAuth; private final Boolean authenticationOptional; private final String providers; private final String cipherSuiteNames; - private SimpleServerSslContext(Builder builder) { + private SimpleTlsServerSslContext(Builder builder) { super(builder); this.keyManager = builder.keyManager; this.trustManager = builder.trustManager; - this.securityDomain = builder.securityDomain; this.protocols = builder.protocols; this.needClientAuth = builder.needClientAuth; this.authenticationOptional = builder.authenticationOptional; @@ -51,9 +51,9 @@ private SimpleServerSslContext(Builder builder) { @Override public void create(ModelControllerClient client, CLIWrapper cli) throws Exception { - // /subsystem=elytron/server-ssl-context=twoWaySSC:add(key-manager=twoWayKM,protocols=["TLSv1.2"], + // /subsystem=elytron-tls/server-ssl-context=twoWaySSC:add(key-manager=twoWayKM,protocols=["TLSv1.2"], // trust-manager=twoWayTM,security-domain=test,need-client-auth=true) - StringBuilder sb = new StringBuilder("/subsystem=elytron/server-ssl-context=").append(name).append(":add("); + StringBuilder sb = new StringBuilder("/subsystem=elytron-tls/server-ssl-context=").append(name).append(":add("); if (StringUtils.isNotBlank(keyManager)) { sb.append("key-manager=\"").append(keyManager).append("\", "); } @@ -64,14 +64,11 @@ public void create(ModelControllerClient client, CLIWrapper cli) throws Exceptio joiner.add(s1); } sb.append("protocols=[") - .append(joiner.toString()).append("], "); + .append(joiner).append("], "); } if (StringUtils.isNotBlank(trustManager)) { sb.append("trust-manager=\"").append(trustManager).append("\", "); } - if (StringUtils.isNotBlank(securityDomain)) { - sb.append("security-domain=\"").append(securityDomain).append("\", "); - } if (authenticationOptional != null) { sb.append("authentication-optional=").append(authenticationOptional).append(", "); } @@ -87,11 +84,11 @@ public void create(ModelControllerClient client, CLIWrapper cli) throws Exceptio @Override public void remove(ModelControllerClient client, CLIWrapper cli) throws Exception { - cli.sendLine(String.format("/subsystem=elytron/server-ssl-context=%s:remove()", name)); + cli.sendLine(String.format("/subsystem=elytron-tls/server-ssl-context=%s:remove()", name)); } /** - * Creates builder to build {@link SimpleServerSslContext}. + * Creates builder to build {@link SimpleTlsServerSslContext}. * * @return created builder */ @@ -100,12 +97,11 @@ public static Builder builder() { } /** - * Builder to build {@link SimpleServerSslContext}. + * Builder to build {@link SimpleTlsServerSslContext}. */ public static final class Builder extends AbstractConfigurableElement.Builder { private String keyManager; private String trustManager; - private String securityDomain; private String[] protocols; private boolean needClientAuth; private Boolean authenticationOptional; @@ -125,11 +121,6 @@ public Builder withTrustManagers(String trustManagers) { return this; } - public Builder withSecurityDomain(String securityDomain) { - this.securityDomain = securityDomain; - return this; - } - public Builder withProtocols(String... protocols) { this.protocols = protocols; return this; @@ -155,8 +146,8 @@ public Builder withCipherSuiteNames(String cipherSuiteNames) { return this; } - public SimpleServerSslContext build() { - return new SimpleServerSslContext(this); + public SimpleTlsServerSslContext build() { + return new SimpleTlsServerSslContext(this); } @Override diff --git a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleTrustManager.java b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsTrustManager.java similarity index 66% rename from testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleTrustManager.java rename to testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsTrustManager.java index d101f60..18e6a99 100644 --- a/testsuite/integration/subsystem/src/test/java/org/wildfly/test/feature/pack/elytron/tls/subsystem/common/SimpleTrustManager.java +++ b/testsuite/integration/subsystem/src/test/java/org/wildfly/test/security/common/elytron/tls/subsystem/SimpleTlsTrustManager.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.wildfly.test.feature.pack.elytron.tls.subsystem.common; +package org.wildfly.test.security.common.elytron.tls.subsystem; import static org.wildfly.common.Assert.checkNotNullParamWithNullPointerException; @@ -21,36 +21,38 @@ import org.jboss.as.controller.client.ModelControllerClient; import org.jboss.as.test.integration.management.util.CLIWrapper; +import org.wildfly.test.security.common.elytron.AbstractConfigurableElement; /** - * Elytron trust-managers configuration implementation. + * Elytron TLS trust-managers configuration implementation. * * @author Josef Cacek + * @author Cameron Rodriguez */ -public class SimpleTrustManager extends AbstractConfigurableElement { +public class SimpleTlsTrustManager extends AbstractConfigurableElement { private final String keyStore; - private SimpleTrustManager(Builder builder) { + private SimpleTlsTrustManager(Builder builder) { super(builder); this.keyStore = checkNotNullParamWithNullPointerException("builder.keyStore", builder.keyStore); } @Override public void create(ModelControllerClient client, CLIWrapper cli) throws Exception { - // /subsystem=elytron/trust-manager=twoWayTM:add(key-store=twoWayTS,algorithm="SunX509") + // /subsystem=elytron-tls/trust-manager=twoWayTM:add(key-store=twoWayTS,algorithm="SunX509") - cli.sendLine(String.format("/subsystem=elytron/trust-manager=%s:add(key-store=\"%s\",algorithm=\"%s\")", name, + cli.sendLine(String.format("/subsystem=elytron-tls/trust-manager=%s:add(key-store=\"%s\",algorithm=\"%s\")", name, keyStore, KeyManagerFactory.getDefaultAlgorithm())); } @Override public void remove(ModelControllerClient client, CLIWrapper cli) throws Exception { - cli.sendLine(String.format("/subsystem=elytron/trust-manager=%s:remove()", name)); + cli.sendLine(String.format("/subsystem=elytron-tls/trust-manager=%s:remove()", name)); } /** - * Creates builder to build {@link SimpleTrustManager}. + * Creates builder to build {@link SimpleTlsTrustManager}. * * @return created builder */ @@ -59,7 +61,7 @@ public static Builder builder() { } /** - * Builder to build {@link SimpleTrustManager}. + * Builder to build {@link SimpleTlsTrustManager}. */ public static final class Builder extends AbstractConfigurableElement.Builder { private String keyStore; @@ -72,8 +74,8 @@ public Builder withKeyStore(String keyStore) { return this; } - public SimpleTrustManager build() { - return new SimpleTrustManager(this); + public SimpleTlsTrustManager build() { + return new SimpleTlsTrustManager(this); } @Override diff --git a/testsuite/pom.xml b/testsuite/pom.xml index 3f254d4..d166d54 100644 --- a/testsuite/pom.xml +++ b/testsuite/pom.xml @@ -96,7 +96,6 @@ none - -Djboss.dist=${jboss.dist} -Djava.io.tmpdir=${basedir}/target