Merge pull request #2156 from ivassile/ELY-2760

[ELY-2760] Resolve test failures with SE 21 for 2.2.x
wildfly-security · Aug 7, 2024 · 7777573 · 7777573
2 parents a23e681 + 1a1ea7e
commit 7777573
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 43 deletions.
diff --git a/.github/workflows/pr-ci.yaml b/.github/workflows/pr-ci.yaml
@@ -15,12 +15,13 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
+        java: ['11', '17', '21']
     steps:
       - uses: actions/checkout@v2
-      - name: Set up JDK 11
+      - name: Set up JDK ${{ matrix.java }}
         uses: actions/setup-java@v1
         with:
-          java-version: 11
+          java-version: ${{ matrix.java }}
       # ELY-2204 - Temporarily preventing OidcTest from running on macOS since there
       # are intermittent issues with starting up the Docker container.
       #- if: matrix.os == 'macos-latest'

diff --git a/manager/base/src/test/java/org/wildfly/security/manager/AlternateSecurityManagerTest.java b/manager/base/src/test/java/org/wildfly/security/manager/AlternateSecurityManagerTest.java
@@ -32,6 +32,7 @@
 import java.util.Stack;
 
 import org.junit.After;
+import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Test;
 import org.wildfly.security.ParametricPrivilegedAction;
@@ -84,6 +85,8 @@ public class AlternateSecurityManagerTest {
 
     @Before
     public void before() {
+        Assume.assumeTrue("Skipping AlternateSecurityManagerTest suite, tests are not being run on JDK 17 or lower.",
+                Integer.parseInt(System.getProperty("java.specification.version")) <= 17);
         AccessControlContext current = AccessController.getContext();
         ProtectionDomain[] domains = getProtectionDomainStack(current);
 

diff --git a/tests/base/pom.xml b/tests/base/pom.xml
@@ -54,6 +54,7 @@
 
     <properties>
         <version.org.codehaus.mojo.xml.plugin>1.0.2</version.org.codehaus.mojo.xml.plugin>
+        <version.org.glassfish.jaxb.jaxb-runtime>2.4.0-b180830.0438</version.org.glassfish.jaxb.jaxb-runtime>
     </properties>
 
     <build>
@@ -766,15 +767,9 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.sun.xml.bind</groupId>
-            <artifactId>jaxb-core</artifactId>
-            <version>2.3.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.sun.xml.bind</groupId>
-            <artifactId>jaxb-impl</artifactId>
-            <version>2.3.0</version>
+            <groupId>org.glassfish.jaxb</groupId>
+            <artifactId>jaxb-runtime</artifactId>
+            <version>${version.org.glassfish.jaxb.jaxb-runtime}</version>
             <scope>test</scope>
         </dependency>
 
@@ -800,7 +795,7 @@
             </activation>
             <properties>
                 <!-- [WFCORE-1431] remove SASL workaround -->
-                <modular.jdk.args>--add-modules java.sql --illegal-access=permit</modular.jdk.args>
+                <modular.jdk.args>--add-modules java.sql --illegal-access=permit --add-exports=jdk.security.jgss/com.sun.security.sasl.gsskerb=ALL-UNNAMED</modular.jdk.args>
                 <!-- use version of jboss-logging that works much better with JDK9 -->
                 <modular.jdk.props>-Djdk.attach.allowAttachSelf=true</modular.jdk.props>
                 <!-- 2.20.x doesn't start on JDK10-->
@@ -822,7 +817,7 @@
                     <plugin>
                         <groupId>com.github.siom79.japicmp</groupId>
                         <artifactId>japicmp-maven-plugin</artifactId>
-                        <version>0.13.0</version>
+                        <version>0.20.0</version>
                         <configuration>
                             <oldVersion>
                                 <dependency>

diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java
@@ -49,7 +49,6 @@
 import javax.net.ssl.X509TrustManager;
 
 import org.junit.AfterClass;
-import org.junit.Assume;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.wildfly.security.WildFlyElytronProvider;
@@ -79,8 +78,6 @@ public class TLS13AuthenticationTest {
 
     @BeforeClass
     public static void setUp() throws Exception{
-        Assume.assumeTrue("Skipping TLS13AuthenticationTest suite, tests are not being run on JDK 11.",
-                System.getProperty("java.specification.version").equals("11"));
 
         caGenerationTool = CAGenerationTool.builder()
                 .setBaseDir(CA_JKS_LOCATION)

diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TestingOcspServer.java b/tests/base/src/test/java/org/wildfly/security/ssl/TestingOcspServer.java
@@ -18,6 +18,7 @@
 
 package org.wildfly.security.ssl;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.mockserver.model.HttpRequest.request;
 import static org.mockserver.model.HttpResponse.response;
 
@@ -42,6 +43,7 @@
 import org.mockserver.integration.ClientAndServer;
 import org.mockserver.matchers.Times;
 import org.mockserver.model.Header;
+import org.mockserver.model.HttpRequest;
 import org.mockserver.model.HttpResponse;
 import org.mockserver.model.NottableString;
 import org.wildfly.common.iteration.ByteIterator;
@@ -126,32 +128,13 @@ public void start() throws Exception {
                         .withMethod("POST")
                         .withPath("/ocsp"),
                 Times.unlimited())
-                .respond(request -> {
-                    ByteBuf buffer = Unpooled.wrappedBuffer(request.getBody().getRawBytes());
-                    FullHttpRequest nettyRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_0, HttpMethod.POST, request.getPath().getValue(), buffer);
-                    for (Header header : request.getHeaderList()) {
-                        for (NottableString value : header.getValues()) {
-                            nettyRequest.headers().add(header.getName().getValue(), value.getValue());
-                        }
-                    }
-
-                    FullHttpResponse nettyResponse;
-                    try {
-                        nettyResponse = servlet.service(nettyRequest, new ServletURI(request.getPath().getValue()), null, SslReverseProxyMode.NONE);
-                    } catch (Exception e) {
-                        throw new RuntimeException(e);
-                    }
-
-                    HttpResponse response = response()
-                            .withStatusCode(nettyResponse.status().code())
-                            .withBody(nettyResponse.content().array());
-
-                    for (Map.Entry<String, String> header : nettyResponse.headers()) {
-                        response.withHeader(header.getKey(), header.getValue());
-                    }
-
-                    return response;
-                });
+                .respond(request -> getHttpResponse(request, servlet));
+        server.when(
+                        request()
+                                .withMethod("GET")
+                                .withPath("/ocsp/.*"),
+                        Times.unlimited())
+                .respond(request -> getHttpResponse(request, servlet));
     }
 
     public void stop() throws SQLException {
@@ -198,4 +181,38 @@ public void revokeCertificate(int id, int reason) throws SQLException {
         statement.execute();
     }
 
+    public HttpResponse getHttpResponse(HttpRequest request, HttpOcspServlet servlet){
+        byte[] body;
+        HttpMethod method;
+        if (request.getBody() == null) {
+            method = HttpMethod.GET;
+            body = request.getPath().getValue().split("/ocsp/", 2)[1].getBytes(UTF_8);
+        } else {
+            method = HttpMethod.POST;
+            body = request.getBody().getRawBytes();
+        }
+        ByteBuf buffer = Unpooled.wrappedBuffer(body);
+        FullHttpRequest nettyRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_0, method, request.getPath().getValue(), buffer);
+        for (Header header : request.getHeaderList()) {
+            for (NottableString value : header.getValues()) {
+                nettyRequest.headers().add(header.getName().getValue(), value.getValue());
+            }
+        }
+
+        FullHttpResponse nettyResponse;
+        try {
+            nettyResponse = servlet.service(nettyRequest, new ServletURI(request.getPath().getValue()), null, SslReverseProxyMode.NONE);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+
+        HttpResponse response = response()
+                .withStatusCode(nettyResponse.status().code())
+                .withBody(nettyResponse.content().array());
+
+        for (Map.Entry<String, String> header : nettyResponse.headers()) {
+            response.withHeader(header.getKey(), header.getValue());
+        }
+        return response;
+    }
 }
diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml
@@ -546,7 +546,7 @@
                     <plugin>
                         <groupId>com.github.siom79.japicmp</groupId>
                         <artifactId>japicmp-maven-plugin</artifactId>
-                        <version>0.13.0</version>
+                        <version>0.20.0</version>
                         <inherited>false</inherited>
                         <configuration>
                             <oldVersion>