Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WFCORE-5279 #3

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
Open

WFCORE-5279 #3

wants to merge 25 commits into from

Conversation

jessicarod7
Copy link

PoC for elytron-tls-subsystem. Will derive from changes in ELY-2084 of wildfly-elytron. Continuing from #2.

Related issues:

https://issues.redhat.com/browse/WFCORE-5279
https://issues.redhat.com/browse/ELY-2084
https://issues.redhat.com/browse/EAP7-1564

@jessicarod7 jessicarod7 force-pushed the WFCORE-5279 branch 2 times, most recently from 970957d to d613775 Compare October 6, 2022 17:22
@jessicarod7 jessicarod7 force-pushed the WFCORE-5279 branch 2 times, most recently from a83927a to 68b2c00 Compare October 19, 2022 17:47
@jessicarod7
[WFCORE-5729] add imports for SSLContextDefintions, new ServiceBuilder
aac4b67 
[WFCORE-5729] import, modify deps for SSLContextDefinitions
[WFCORE-5279] updating ServiceBuilders and deps for SSLContextDefinitions
[WFCORE-5279] remove wildcard imports, update start() exception
@jessicarod7
[WFCORE-5279] add LocalDescriptions, XML parser
32cc897 
[WFCORE-5279] add LocalDescriptions.properties
[WFCORE-5279] created XML parser
- Temporarily disabled key/trust manager objects for SSLContext, key store
objects for key/trust managers. Acts the same as references.
@jessicarod7
[WFCORE-5279] update filepaths for licenses
f5077fd
@jessicarod7
[WFCORE-5279] Readd elytron-tls-dependency to build
60fd8c0 
Project successfully builds as-is
@jessicarod7
[WFCORE-5279] add definitions, working on new Service API
88018b0 
[WFCORE-5279] add missing parts of serverOrHostController determination
[WFCORE-5279] comment out manager objects temporarily
[WFCORE-5279] add some providers, revocation attributes, responder keystore
[WFCORE-5279] add method for creating suppliers, working on creating new service builders
[WFCORE-5279] updated ssl context def to use one service builder type
[WFCORE-5279] add security properties and providers, convert to Service
- Started to convert most components to use Service, as opposed to
deprecated Service<T> and InjectedValue<T>
[WFCORE-5279] add expression resolver and credential stores
[WFCORE-5279] add custom supplier class, successfully creates server-ssl-context
@jessicarod7
[WFCORE-5279] add test cases, upgrade to elytron 1.20
7b4a2b1 
[WFCORE-5279] add utility test classes, rename test package
[WFCORE-5279] reorganize and add deps for test cases
[WFCORE-5279] working on integration and regular test config
[WFCORE-5279] configured TlsTestCase, added client & default-ssl-context
[WFCORE-5279] Refactored TlsTestCase, updated Elytron to 1.20 snapshots
[WFCORE-5279] Updated TestEnvironment and Subsystem test case
[WFCORE-5279] Verifying test cases, updated import order
@jessicarod7
[WFCORE-5279] Fixed attribute & XML names
5e0ec36 
[WFCORE-5279] Restored parser structure, added WIP key store and manager definitions
[WFCORE-5279] Fixed attribute defs; restored naming of references
- Manager/keystore objects are now suffixed with "-object", references
retain their original naming
[WFCORE-5279] Verified XSD, most definitions; added VS Code files to gitignore
@jessicarod7
[WFCORE-5279] add self-signed certs and CAs
540a1ca 
[WFCORE-5279] added self-signed certs, expression test case
[WFCORE-5279] Update manager defs, basic subsystem complete
[WFCORE-5279] Add Certificate Authorities (Accounts)
@jessicarod7
[WFCORE-5279] Update feature packs and modules
e06afe6 
[WFCORE-5279] Remove duplicate layer, update feature-pack dependencies
[WFCORE-5279] Add feature pack modules
[WFCORE-5279] Updated feature-pack modules
[WFCORE-5279] Update deps, create new feature group
- Removed unneeded artifacts for feature packs
- Added missing dependencies for WildflyAcmeClient
- Created new feature group with full Elytron for early testing
- Removed redundant elytron-tls-base feature group
@jessicarod7
[WFCORE-5279] Update capabilities, dependencies/dep processor
988b171 
[WFCORE-5279] commented out keystore/manager objects, added missing capability references
[WFCORE-5279] Add missing deps, correct capability names
[WFCORE-5279] Correct subsystem name for test cases
[WFCORE-5279] Correct feature-pack ssl dep, test error codes
[WFCORE-5279] Add processor for default SSL context
@jessicarod7
[WFCORE-5279] Restored Service API, add test resources
9cd89d4 
[WFCORE-5279] Restored original Service API
[WFCORE-5279] Add missing test resources, fix XML marshalling
@jessicarod7
[WFCORE-5279] Update dependencies, all tests passing
81ff3e8 
[WFCORE-5279] Update dependency exclusions, services not starting
[WFCORE-5279] Refactor deps and test cases, subsystem successfully builds
[WFCORE-5279] All tests passing, init build complete
- Reorganized integration tests, readded security manager to module.xml
@jessicarod7 jessicarod7 marked this pull request as ready for review October 19, 2022 18:12
@fjuma fjuma mentioned this pull request Oct 24, 2022
Closed
fjuma
fjuma reviewed Oct 24, 2022
View reviewed changes
Copy link
Contributor

@fjuma fjuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @cam-rod, I've just done a pass through the build related files and have started with some initial comments. I'm going to do a pass through the Java code next.

README.md
* [WildFly 20](https://github.com/wildfly/wildfly-feature-pack-template/tree/wildfly-20)
* [WildFly 23](https://github.com/wildfly/wildfly-feature-pack-template/tree/wildfly-23)

## Building the Galleon feature pack
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to update the README to include information about building the corresponding Elytron branch before building the elytron-tls branch.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will update the README for this project next.

build/pom.xml
<feature-packs>
<feature-pack>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-galleon-pack</artifactId>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be good to use wildfly-preview-feature-pack here instead since that's a good place for trying out experimental features.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't looked into it before, from my understanding of the docs it acts as a basis for a Preview Galleon installation and also will attempt to update APIs to jakarta.*?

I can give it a try and see if any issues pop up. Also a next step in general would be moving to Jakarta EE dependencies.

dependency/src/main/java/org/wildfly/feature/pack/elytron/tls/dependency/ExampleProducer.java Outdated Show resolved Hide resolved
example/pom.xml Outdated Show resolved Hide resolved
feature-pack/pom.xml Outdated Show resolved Hide resolved
pom.xml
<version.org.wildfly.component.matrix>26.1.1.Final</version.org.wildfly.component.matrix>
<version.org.wildfly.core>18.1.1.Final</version.org.wildfly.core>
<version.org.wildfly.common>1.6.0.Final</version.org.wildfly.common>
<version.org.wildfly.security.elytron>1.20.1.CR1-SNAPSHOT</version.org.wildfly.security.elytron>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since WildFly Core / WildFly now rely on Elytron 2.x, it would be good to look at porting the Elytron changes from 1.x to 2.x so that the Elytron and WildFly versions here can be updated.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good, will be part of the second set of updates

pom.xml
<version.org.jboss.arquillian.junit>1.6.0.Final</version.org.jboss.arquillian.junit>
<version.org.jboss.galleon>4.2.8.Final</version.org.jboss.galleon>
<version.org.jmockit>1.39</version.org.jmockit>
<version.org.mockserver>5.8.1</version.org.mockserver>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the versions in this file were likely initially determined when Martin was working on this, would be good to check the versions to make sure they align with WildFly now.

pom.xml Outdated Show resolved Hide resolved
pom.xml Show resolved Hide resolved
pom.xml Outdated Show resolved Hide resolved
@Skyllarr
Copy link

Skyllarr commented Oct 24, 2022
edited
Loading

@cam-rod Was just trying manually and noticed that the server ssl context cannot be added:

 /subsystem=elytron-tls/server-ssl-context=a:add(key-manager=applicationKM)
{
    "outcome" => "failed",
    "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.a" => "Failed to start service
    Caused by: java.lang.NoClassDefFoundError: org/wildfly/security/SecurityFactory
    Caused by: java.lang.ClassNotFoundException: org.wildfly.security.SecurityFactory from [Module \"org.wildfly.elytron-tls-dependency\" from local module loader @821330f (finder: local modu
le finder @6f43c82 (roots: elytron-tls/build/target/wildfly-26.1.1.Final-elytron-tls-1.0.0.Alpha-SNAPSHOT/modules,elytron-tls/build/target/wildfly-26.1.1.Final-elytron-tls-1.0.0.Alp
ha-SNAPSHOT/modules/system/layers/base))]"}},
    "rolled-back" => true
}

I am not sure why yet since you seem to have module org.wildfly.security.elytron-base as dependency.

EDIT: I misread, the elytron-tls module has dependency on elytron-base but elytron-tls-dependency does not

fjuma
fjuma reviewed Oct 24, 2022
View reviewed changes
Copy link
Contributor

@fjuma fjuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just adding some initial comments from a first pass through the Java code. Will take a closer look at the SSL context related code next.

...a/org/wildfly/extension/elytron/tls/subsystem/AbstractCredentialStoreResourceDefinition.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/AcmeAccountService.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/Capabilities.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/Capabilities.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/Constants.java Outdated Show resolved Hide resolved
...stem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/ExpressionResolverParser.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/SSLContextDefinitions.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/SSLContextDefinitions.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/SSLContextDefinitions.java Outdated Show resolved Hide resolved
fjuma
fjuma reviewed Oct 24, 2022
View reviewed changes
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/SSLContextDefinitions.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/SSLContextDefinitions.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/SSLContextDefinitions.java Outdated Show resolved Hide resolved
subsystem/src/main/java/org/wildfly/extension/elytron/tls/subsystem/SSLContextDefinitions.java Outdated Show resolved Hide resolved
...rc/main/java/org/wildfly/extension/elytron/tls/subsystem/SecurityPropertiesWriteHandler.java Outdated Show resolved Hide resolved
...em/src/main/java/org/wildfly/extension/elytron/tls/subsystem/_private/WildFlyAcmeClient.java Outdated Show resolved Hide resolved
...rc/main/java/org/wildfly/extension/elytron/tls/subsystem/deployment/DependencyProcessor.java Outdated Show resolved Hide resolved
subsystem/src/main/resources/schema/elytron-tls-subsystem_1_0.xsd Show resolved Hide resolved
subsystem/src/main/resources/schema/wildfly-credential-reference_1_1.xsd Show resolved Hide resolved
subsystem/src/test/java/org/wildfly/extension/elytron/tls/subsystem/JdkUtils.java Outdated Show resolved Hide resolved
@jessicarod7
Copy link
Author

jessicarod7 commented Oct 25, 2022
edited
Loading

@cam-rod Was just trying manually and noticed that the server ssl context cannot be added:

 /subsystem=elytron-tls/server-ssl-context=a:add(key-manager=applicationKM)
{
    "outcome" => "failed",
    "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.a" => "Failed to start service
    Caused by: java.lang.NoClassDefFoundError: org/wildfly/security/SecurityFactory
    Caused by: java.lang.ClassNotFoundException: org.wildfly.security.SecurityFactory from [Module \"org.wildfly.elytron-tls-dependency\" from local module loader @821330f (finder: local modu
le finder @6f43c82 (roots: elytron-tls/build/target/wildfly-26.1.1.Final-elytron-tls-1.0.0.Alpha-SNAPSHOT/modules,elytron-tls/build/target/wildfly-26.1.1.Final-elytron-tls-1.0.0.Alp
ha-SNAPSHOT/modules/system/layers/base))]"}},
    "rolled-back" => true
}

I am not sure why yet since you seem to have module org.wildfly.security.elytron-base as dependency.

EDIT: I misread, the elytron-tls module has dependency on elytron-base but elytron-tls-dependency does not

@Skyllarr Right, not surprising since elytron-tls-dependency is from one of the original templates. From what I can tell, the subsystem as I got it was based on wildfly-feaure-pack-template with parts of wildfly-grpc-feature-pack mixed in, which probably didn't help me in understanding the code (see the contents of the feature-pack folder in both templates). Once I remove elytron-tls-dependency, it should remove that issue.

@Skyllarr
Copy link

Skyllarr commented Nov 1, 2022

@cam-rod Was just trying manually and noticed that the server ssl context cannot be added:

 /subsystem=elytron-tls/server-ssl-context=a:add(key-manager=applicationKM)
{
    "outcome" => "failed",
    "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.a" => "Failed to start service
    Caused by: java.lang.NoClassDefFoundError: org/wildfly/security/SecurityFactory
    Caused by: java.lang.ClassNotFoundException: org.wildfly.security.SecurityFactory from [Module \"org.wildfly.elytron-tls-dependency\" from local module loader @821330f (finder: local modu
le finder @6f43c82 (roots: elytron-tls/build/target/wildfly-26.1.1.Final-elytron-tls-1.0.0.Alpha-SNAPSHOT/modules,elytron-tls/build/target/wildfly-26.1.1.Final-elytron-tls-1.0.0.Alp
ha-SNAPSHOT/modules/system/layers/base))]"}},
    "rolled-back" => true
}

I am not sure why yet since you seem to have module org.wildfly.security.elytron-base as dependency.
EDIT: I misread, the elytron-tls module has dependency on elytron-base but elytron-tls-dependency does not

@Skyllarr Right, not surprising since elytron-tls-dependency is from one of the original templates. From what I can tell, the subsystem as I got it was based on wildfly-feaure-pack-template with parts of wildfly-grpc-feature-pack mixed in, which probably didn't help me in understanding the code (see the contents of the feature-pack folder in both templates). Once I remove elytron-tls-dependency, it should remove that issue.

I see. And yes, the above command is working now and server ssl context can be added.

@jessicarod7 jessicarod7 force-pushed the WFCORE-5279 branch 2 times, most recently from fa11cba to 4093609 Compare November 2, 2022 22:25
@jessicarod7
[WFCORE-5279] Update POMs, rm old testing files
38da5b0 
Definition files cannot currently be removed since they are not
available in Maven. Will need to modify WFCORE.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Skyllarr Skyllarr Skyllarr left review comments

@fjuma fjuma fjuma left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jessicarod7 @Skyllarr @fjuma @nekdozjam