Merge branch 'wildfly-security:2.x' into ELY-2480

.gitignore

@@ -20,6 +20,8 @@ target
 nbactions.xml
 nb-configuration.xml
 catalog.xml
+# Ignore VSCode Files
+.vscode
 #
 maven-ant-tasks.jar
 test-output

CONTRIBUTING.md

@@ -8,6 +8,10 @@ Welcome to the WildFly Elytron project! We welcome contributions from the commun
   - [Good First Issues](#good-first-issues)
 - [Setting up your Developer Environment](#setting-up-your-developer-environment)
 - [Contributing Guidelines](#contributing-guidelines)
+  - [Testing](#testing)
+  - [Pull Request Process](#pull-request-process)
+  - [Documentation](#documentation)
+- [FAQ for New Contributors](#faq-for-new-contributors)
 - [Community](#community)
 
 
@@ -92,8 +96,18 @@ The generated report is at `target/site/clover` and to access it start by openin
 
 For more information, including details on how WildFly Elytron is integrated in WildFly Core and WildFly, check out our [developer guide](https://wildfly-security.github.io/wildfly-elytron/getting-started-for-developers/).
 
+
 ## Contributing Guidelines
 
+### Testing
+Ensure that your changes are thoroughly tested before submitting a pull request. Follow these testing guidelines:
+
+- Run the existing unit tests using Maven: `mvn clean test`
+- Include new unit tests for your code changes.
+
+If applicable, provide instructions on how to run integration tests or any additional testing procedures.
+
+### Pull Request Process
 When submitting a PR, please keep the following guidelines in mind:
 
 1. In general, it's good practice to squash all of your commits into a single commit. For larger changes, it's ok to have multiple meaningful commits. If you need help with squashing your commits, feel free to ask us how to do this on your pull request. We're more than happy to help!
@@ -104,6 +118,13 @@ When submitting a PR, please keep the following guidelines in mind:
 
 For an example of a properly formatted PR, take a look at https://github.com/wildfly-security/wildfly-elytron/pull/1532
 
+### Documentation
+Contributors are encouraged to keep documentation up-to-date along with code changes. If your changes impact user-facing features, update the relevant documentation files in directory.
+Community documentation can be found in the [wildfly repository](https://github.com/wildfly/wildfly/tree/main/docs)
+
+## FAQ for New Contributors
+Check out our [Frequently Asked Questions](https://fjuma.github.io/wildfly-elytron/blog/frequently-asked-questions-new-contributors/) for New Contributors.
+
 ## Code Reviews
 
 All submissions, including submissions by project members, need to be reviewed by at least two WildFly Elytron committers before being merged.
@@ -117,4 +138,4 @@ your PR directly against the relevant maintenance branch. Once a fix for a maint
 merge the maintenance branch to the upstream branch to ensure changes are kept in sync.
 
 ## Community
-For more information on how to get involved with WildFly Elytron, check out our [community](https://wildfly-security.github.io/wildfly-elytron/community/) page.
+For more information on how to get involved with WildFly Elytron, check out our [community](https://wildfly-security.github.io/wildfly-elytron/community/) page.

asn1/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

asn1/src/main/java/org/wildfly/security/asn1/DEREncoder.java

@@ -470,7 +470,7 @@ public void writeEncoded(byte[] encoded) {
 
     @Override
     public void flush() {
-        while (states.size() != 0) {
+        while (!states.isEmpty()) {
             EncoderState lastState = states.peekLast();
             if (lastState.getTag() == SEQUENCE_TYPE) {
                 endSequence();

audit/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

auth/base/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

auth/client/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java

@@ -3466,7 +3466,7 @@ static CredentialSource parseLocalKerberos(ConfigurationXMLStreamReader reader)
                 default: throw reader.unexpectedAttribute(i);
             }
         }
-        if (mechanismOids.size() == 0) {
+        if (mechanismOids.isEmpty()) {
             mechanismOids.add(GSSCredentialSecurityFactory.KERBEROS_V5);
             mechanismOids.add(GSSCredentialSecurityFactory.SPNEGO);
         }
@@ -3649,6 +3649,9 @@ protected AbstractLoadingKeyStoreFactory(final ExceptionSupplier<KeyStore, Confi
         public KeyStore get() throws ConfigXMLParseException {
             try {
                 KeyStore keyStore = delegateFactory.get();
+                if (passwordFactory == null || passwordFactory.get() == null) {
+                    xmlLog.noKeystorePasswordSpecified(location);
+                }
                 try (InputStream fis = createStream()) {
                     keyStore.load(fis, passwordFactory == null ? null : passwordFactory.get());
                 }

auth/client/src/main/java/org/wildfly/security/auth/client/_private/ElytronMessages.java

@@ -18,6 +18,7 @@
 
 package org.wildfly.security.auth.client._private;
 
+import static org.jboss.logging.Logger.Level.INFO;
 import static org.jboss.logging.Logger.Level.WARN;
 
 import java.io.IOException;
@@ -129,6 +130,10 @@ ConfigXMLParseException xmlDuplicateAuthenticationConfigurationName(String name,
     ConfigXMLParseException xmlInvalidKeyStoreEntryType(@Param Location location, String alias, Class<?> expectedClass,
             Class<?> actualClass);
 
+    @LogMessage(level = INFO)
+    @Message(id = 1138, value = "No Keystore password specified \"%s\"")
+    void noKeystorePasswordSpecified(Location location);
+
     @Message(id = 1139, value = "Failed to create credential store")
     ConfigXMLParseException xmlFailedToCreateCredentialStore(@Param Location location, @Cause Throwable cause);
 

auth/realm/base/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java

@@ -79,18 +79,14 @@ public AggregateSecurityRealm(final SecurityRealm authenticationRealm, Function<
     public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnavailableException {
         boolean ok = false;
         final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(evidence);
-        if (authenticationIdentity.exists()) {
-            log.tracef("Authentication identity for principal [%s] found.", evidence.getDecodedPrincipal());
-        }
+        log.tracef("Authentication identity for principal [%s] obtained.", evidence.getDecodedPrincipal());
         final RealmIdentity[] authorizationIdentities = new RealmIdentity[authorizationRealms.length];
         try {
             for (int i = 0; i < authorizationIdentities.length; i++) {
                 SecurityRealm authorizationRealm = authorizationRealms[i];
                 authorizationIdentities[i] = (authorizationRealm == authenticationRealm) ? authenticationIdentity
                         : getAuthorizationIdentity(authorizationRealm, evidence, principalTransformer, authenticationIdentity);
-                if (authorizationIdentities[i].exists()) {
-                    log.tracef("Authorization identity for principal [%s] found.", evidence.getDecodedPrincipal());
-                }
+                log.tracef("Authorization identity for principal [%s] obtained.", evidence.getDecodedPrincipal());
             }
 
             final Identity identity = new Identity(authenticationIdentity, authorizationIdentities);
@@ -111,9 +107,7 @@ public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnava
     public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException {
         boolean ok = false;
         final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(principal);
-        if (authenticationIdentity.exists()) {
-            log.tracef("Authentication identity for principal [%s] found.", principal);
-        }
+        log.tracef("Authentication identity for principal [%s] obtained.", principal);
         Principal authorizationPrincipal = principal;
         if (principalTransformer != null) {
             authorizationPrincipal = principalTransformer.apply(authorizationPrincipal);
@@ -125,9 +119,7 @@ public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUna
             for (int i = 0; i < authorizationIdentities.length; i++) {
                 SecurityRealm authorizationRealm = authorizationRealms[i];
                 authorizationIdentities[i] = (authorizationRealm == authenticationRealm) && (principalTransformer == null) ? authenticationIdentity : authorizationRealm.getRealmIdentity(authorizationPrincipal);
-                if (authorizationIdentities[i].exists()) {
-                    log.tracef("Authorization identity for principal [%s] found.", principal);
-                }
+                log.tracef("Authorization identity for principal [%s] obtained.", principal);
             }
 
             final Identity identity = new Identity(authenticationIdentity, authorizationIdentities);

auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemRealmUtil.java

@@ -32,7 +32,7 @@
  * A utility class to utilize methods from the {@code FileSystemSecurityRealm} class for the Elytron Tool.
  *
  * @author <a href="mailto:[email protected]">Ashpan Raskar</a>
- * @author <a href="mailto:carodrig@redhat.com">Cameron Rodriguez</a>
+ * @author <a href="mailto:jrodri@redhat.com">Jessica Rodriguez</a>
  */
 public class FileSystemRealmUtil {
 

auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java

@@ -275,8 +275,7 @@ private static X509Certificate populateCertificateChain() throws Exception {
 
         builder.setSignatureAlgorithmName("SHA256withRSA");
         builder.setPublicKey(keyPair.getPublic());
-        final X509Certificate orderedCertificate = builder.build();
-        return orderedCertificate;
+        return builder.build();
     }
 
     private Path getRootPath(String path, boolean deleteIfExists) throws Exception {

auth/realm/jdbc/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

auth/realm/ldap/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

auth/realm/token/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
@@ -85,7 +85,7 @@
 
         <!--Test scope-->
         <dependency>
-            <groupId>org.glassfish</groupId>
+            <groupId>org.eclipse.parsson</groupId>
             <artifactId>jakarta.json</artifactId>
             <scope>test</scope>
         </dependency>

auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java

@@ -44,7 +44,10 @@
 import java.util.Arrays;
 import java.util.function.Function;
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
 
 /**
  * @author <a href="mailto:[email protected]">Pedro Igor</a>

auth/server/base/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

auth/server/deprecated/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java

@@ -46,7 +46,7 @@
  * {@link HttpServerAuthenticationMechanismFactory} for obtaining configured mechanisms.
  *
  * @author <a href="mailto:[email protected]">Darran Lofthouse</a>
- * @deprecated Use {@link org.wildfly.security.auth.server.http.HttpAuthenticationFactory} instead
+ * @deprecated Use {@link org.wildfly.security.auth.server.http.HttpAuthenticationFactory org.wildfly.security.auth.server.http.HttpAuthenticationFactory} instead
  */
 @Deprecated
 public final class HttpAuthenticationFactory extends AbstractMechanismAuthenticationFactory<HttpServerAuthenticationMechanism, HttpServerAuthenticationMechanismFactory, HttpAuthenticationException> {

auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java

@@ -48,7 +48,7 @@
  * A SASL server factory configuration.
  *
  * @author <a href="mailto:[email protected]">David M. Lloyd</a>
- * @deprecated Use {@link org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory} instead
+ * @deprecated Use {@link org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory} instead
  */
 @Deprecated
 public final class SaslAuthenticationFactory extends AbstractMechanismAuthenticationFactory<SaslServer, SaslServerFactory, SaslException> {

auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java

@@ -41,7 +41,7 @@
  * the callback handler is returned instead.
  *
  * @author <a href="mailto:[email protected]">Darran Lofthouse</a>
- * @deprecated Use {@link org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory} instead
+ * @deprecated Use {@link org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory} instead
  */
 @Deprecated
 class SecurityIdentityServerMechanismFactory implements HttpServerAuthenticationMechanismFactory {

auth/server/http/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

auth/server/sasl/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

auth/util/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

base/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

credential/base/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java

@@ -37,6 +37,7 @@
 import java.security.interfaces.RSAMultiPrimePrivateCrtKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.DSAParameterSpec;
 import java.security.spec.ECParameterSpec;
 import java.util.Arrays;
 import java.util.Objects;
@@ -99,7 +100,9 @@ public static <P extends AlgorithmParameterSpec> P getParameters(Key key, Class<
         } else if (key instanceof RSAKey && paramSpecClass.isAssignableFrom(RSAParameterSpec.class)) {
             return paramSpecClass.cast(new RSAParameterSpec((RSAKey) key));
         } else if (key instanceof DSAKey && paramSpecClass.isAssignableFrom(DSAParams.class)) {
-            return paramSpecClass.cast(((DSAKey) key).getParams());
+            final DSAKey dsaKey = (DSAKey) key;
+            final DSAParams dsaParams = dsaKey.getParams();
+            return paramSpecClass.cast(new DSAParameterSpec(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG()));
         } else if (key instanceof ECKey && paramSpecClass.isAssignableFrom(ECParameterSpec.class)) {
             return paramSpecClass.cast(((ECKey) key).getParams());
         } else if (key instanceof DHKey && paramSpecClass.isAssignableFrom(DHParameterSpec.class)) {

credential/source/deprecated/pom.xml

@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
-        <version>2.5.2.CR1-SNAPSHOT</version>
+        <version>2.6.1.CR1-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java

@@ -37,7 +37,7 @@
  * A credential source which is backed by a callback handler.
  *
  * @author <a href="mailto:[email protected]">David M. Lloyd</a>
- * @deprecated Use {@link org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource} instead
+ * @deprecated Use {@link org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource} instead
  */
 @Deprecated
 public final class CallbackHandlerCredentialSource implements CredentialSource {

credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java

@@ -52,7 +52,7 @@
  * A credential source which acquires a credential from the command line.
  *
  * @author <a href="mailto:[email protected]">David M. Lloyd</a>
- * @deprecated Use {@link org.wildfly.security.credential.source.impl.CommandCredentialSource} instead
+ * @deprecated Use {@link org.wildfly.security.credential.source.impl.CommandCredentialSource org.wildfly.security.credential.source.impl.CommandCredentialSource} instead
  */
 @Deprecated
 public final class CommandCredentialSource implements CredentialSource {