Skip to content

Commit

Permalink
[ELY-2084] Split Elytron SSL into its own subsystem and layer
Browse files Browse the repository at this point in the history
Removing the dependency of SSL classes on auth-related code
  • Loading branch information
nekdozjam authored and jessicarod7 committed Aug 10, 2023
1 parent 7f56efb commit 96136d1
Show file tree
Hide file tree
Showing 71 changed files with 640 additions and 95 deletions.
15 changes: 14 additions & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -789,6 +789,18 @@
<artifactId>wildfly-elytron-ssl</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-ssl-base</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-ssl-base</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-ssh-util</artifactId>
Expand Down Expand Up @@ -1423,7 +1435,8 @@
<module>sasl/otp</module>
<module>sasl/plain</module>
<module>sasl/scram</module>
<module>ssl</module>
<module>ssl/base</module>
<module>ssl/domain</module>
<module>ssh/util</module>
<module>tool</module>
<module>util</module>
Expand Down
31 changes: 15 additions & 16 deletions ssl/pom.xml → ssl/base/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,15 @@
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-parent</artifactId>
<version>2.2.2.CR1-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>

<modelVersion>4.0.0</modelVersion>

<artifactId>wildfly-elytron-ssl</artifactId>
<artifactId>wildfly-elytron-ssl-base</artifactId>

<name>WildFly Elytron - SSL</name>
<description>WildFly Security SSL</description>
<name>WildFly Elytron - SSL Base</name>
<description>WildFly Security - Base SSL </description>

<build>
<plugins>
Expand Down Expand Up @@ -79,6 +80,16 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>${version.jar.plugin}</version>
<executions>
<execution>
<!-- Assemble test jar for wildfly-elytron-ssl-->
<id>test-jar</id>
<phase>package</phase>
<goals>
<goal>test-jar</goal>
</goals>
</execution>
</executions>
<configuration>
<archive>
<manifestEntries>
Expand All @@ -93,26 +104,14 @@
</build>

<dependencies>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-auth-server</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-base</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-credential</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-auth</artifactId>
<artifactId>wildfly-elytron-provider-util</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-util</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-x500</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

package org.wildfly.security.ssl;

import static org.wildfly.security.ssl.ElytronMessages.log;
import static org.wildfly.security.ssl.BaseElytronMessages.log;

import java.util.EnumSet;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,6 @@
import static org.jboss.logging.Logger.Level.WARN;

import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;

import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
Expand All @@ -36,11 +34,12 @@
import org.jboss.logging.annotations.MessageLogger;
import org.jboss.logging.annotations.ValidIdRange;
import org.jboss.logging.annotations.ValidIdRanges;
import org.wildfly.security.auth.server.RealmUnavailableException;

/**
* Log messages and exceptions for Elytron.
*
* @apiNote Security domain-specific messages are included in {@code ElytronMessages} from module
* {@code wildfly-elytron-ssl}. The interfaces share message IDs, and they should always be modified together.
* @author <a href="mailto:[email protected]">David M. Lloyd</a>
* @author <a href="mailto:[email protected]">Darran Lofthouse</a>
*/
Expand All @@ -51,10 +50,10 @@
@ValidIdRange(min = 5015, max = 5017),
@ValidIdRange(min = 15000, max = 15999)
})
interface ElytronMessages extends BasicLogger {
interface BaseElytronMessages extends BasicLogger {

ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security");
ElytronMessages tls = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security.tls");
BaseElytronMessages log = Logger.getMessageLogger(BaseElytronMessages.class, "org.wildfly.security");
BaseElytronMessages tls = Logger.getMessageLogger(BaseElytronMessages.class, "org.wildfly.security.tls");

@LogMessage(level = WARN)
@Message(id = 1066, value = "Invalid string count for mechanism database entry \"%s\"")
Expand Down Expand Up @@ -107,15 +106,6 @@ interface ElytronMessages extends BasicLogger {
@Message(id = 4001, value = "No algorithm found matching TLS/SSL protocol selection criteria")
NoSuchAlgorithmException noAlgorithmForSslProtocol();

@Message(id = 4002, value = "Empty certificate chain is not trusted")
CertificateException emptyChainNotTrusted();

@Message(id = 4003, value = "Certificate not trusted due to realm failure for principal [%s]")
CertificateException notTrustedRealmProblem(@Cause RealmUnavailableException e, Principal principal);

@Message(id = 4004, value = "Credential validation failed: certificate is not trusted for principal [%s]")
CertificateException notTrusted(Principal principal);

@Message(id = 4005, value = "No default trust manager available")
NoSuchAlgorithmException noDefaultTrustManager();

Expand Down Expand Up @@ -167,9 +157,6 @@ interface ElytronMessages extends BasicLogger {
@Message(id = 4026, value = "Could not create trust manager [%s]")
IllegalStateException sslErrorCreatingTrustManager(String name, @Cause Throwable cause);

@Message(id = 4027, value = "SecurityDomain of SSLContext does not support X509PeerCertificateChainEvidence verification")
IllegalArgumentException securityDomainOfSSLContextDoesNotSupportX509();

@Message(id = 4029, value = "Default context cannot be null")
IllegalStateException defaultContextCannotBeNull();

Expand Down
Loading

0 comments on commit 96136d1

Please sign in to comment.