[ELY-2084] Split Elytron SSL into its own subsystem and layer

Removing the dependency of SSL classes on auth-related code

pom.xml

@@ -319,7 +319,8 @@
                             ${project.basedir}/sasl/otp/src/main/java/;
                             ${project.basedir}/sasl/plain/src/main/java/;
                             ${project.basedir}/sasl/scram/src/main/java/;
-                            ${project.basedir}/ssl/src/main/java/;
+                            ${project.basedir}/ssl/base/src/main/java/;
+                            ${project.basedir}/ssl/domain/src/main/java/;
                             ${project.basedir}/tests/base/src/main/java/;
                             ${project.basedir}/tests/common/src/main/java/;
                             ${project.basedir}/tool/src/main/java/;
@@ -789,6 +790,18 @@
                 <artifactId>wildfly-elytron-ssl</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wildfly.security</groupId>
+                <artifactId>wildfly-elytron-ssl-base</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly.security</groupId>
+                <artifactId>wildfly-elytron-ssl-base</artifactId>
+                <version>${project.version}</version>
+                <type>test-jar</type>
+                <scope>test</scope>
+            </dependency>
             <dependency>
                 <groupId>org.wildfly.security</groupId>
                 <artifactId>wildfly-elytron-ssh-util</artifactId>
@@ -1423,7 +1436,8 @@
         <module>sasl/otp</module>
         <module>sasl/plain</module>
         <module>sasl/scram</module>
-        <module>ssl</module>
+        <module>ssl/base</module>
+        <module>ssl/domain</module>
         <module>ssh/util</module>
         <module>tool</module>
         <module>util</module>

ssl/pom.xml → ssl/base/pom.xml

@@ -25,14 +25,15 @@
         <groupId>org.wildfly.security</groupId>
         <artifactId>wildfly-elytron-parent</artifactId>
         <version>2.2.2.CR1-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
 
-    <artifactId>wildfly-elytron-ssl</artifactId>
+    <artifactId>wildfly-elytron-ssl-base</artifactId>
 
-    <name>WildFly Elytron - SSL</name>
-    <description>WildFly Security SSL</description>
+    <name>WildFly Elytron - SSL Base</name>
+    <description>WildFly Security - Base SSL </description>
 
     <build>
         <plugins>
@@ -79,6 +80,16 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
                 <version>${version.jar.plugin}</version>
+                <executions>
+                    <execution>
+                        <!-- Assemble test jar for wildfly-elytron-ssl-->
+                        <id>test-jar</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
                 <configuration>
                     <archive>
                         <manifestEntries>
@@ -93,26 +104,14 @@
     </build>
 
     <dependencies>
-        <dependency>
-            <groupId>org.wildfly.security</groupId>
-            <artifactId>wildfly-elytron-auth-server</artifactId>
-        </dependency>    
         <dependency>
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-base</artifactId>
         </dependency>
         <dependency>
             <groupId>org.wildfly.security</groupId>
-            <artifactId>wildfly-elytron-credential</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.wildfly.security</groupId>
-            <artifactId>wildfly-elytron-auth</artifactId>
+            <artifactId>wildfly-elytron-provider-util</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.wildfly.security</groupId>
-            <artifactId>wildfly-elytron-util</artifactId>
-        </dependency>        
         <dependency>
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-x500</artifactId>

ssl/src/main/java/org/wildfly/security/ssl/Authentication.java → ssl/base/src/main/java/org/wildfly/security/ssl/Authentication.java

@@ -18,7 +18,7 @@
 
 package org.wildfly.security.ssl;
 
-import static org.wildfly.security.ssl.ElytronMessages.log;
+import static org.wildfly.security.ssl.BaseElytronMessages.log;
 
 import java.util.EnumSet;
 

ssl/src/main/java/org/wildfly/security/ssl/ElytronMessages.java → ssl/base/src/main/java/org/wildfly/security/ssl/BaseElytronMessages.java

@@ -21,8 +21,6 @@
 import static org.jboss.logging.Logger.Level.WARN;
 
 import java.security.NoSuchAlgorithmException;
-import java.security.Principal;
-import java.security.cert.CertificateException;
 
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
@@ -36,11 +34,12 @@
 import org.jboss.logging.annotations.MessageLogger;
 import org.jboss.logging.annotations.ValidIdRange;
 import org.jboss.logging.annotations.ValidIdRanges;
-import org.wildfly.security.auth.server.RealmUnavailableException;
 
 /**
  * Log messages and exceptions for Elytron.
  *
+ * @apiNote Security domain-specific messages are included in {@code ElytronMessages} from module
+ * {@code wildfly-elytron-ssl}. The interfaces share message IDs, and they should always be modified together.
  * @author <a href="mailto:[email protected]">David M. Lloyd</a>
  * @author <a href="mailto:[email protected]">Darran Lofthouse</a>
  */
@@ -51,10 +50,10 @@
     @ValidIdRange(min = 5015, max = 5017),
     @ValidIdRange(min = 15000, max = 15999)
 })
-interface ElytronMessages extends BasicLogger {
+interface BaseElytronMessages extends BasicLogger {
 
-    ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security");
-    ElytronMessages tls = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security.tls");
+    BaseElytronMessages log = Logger.getMessageLogger(BaseElytronMessages.class, "org.wildfly.security");
+    BaseElytronMessages tls = Logger.getMessageLogger(BaseElytronMessages.class, "org.wildfly.security.tls");
 
     @LogMessage(level = WARN)
     @Message(id = 1066, value = "Invalid string count for mechanism database entry \"%s\"")
@@ -107,15 +106,6 @@ interface ElytronMessages extends BasicLogger {
     @Message(id = 4001, value = "No algorithm found matching TLS/SSL protocol selection criteria")
     NoSuchAlgorithmException noAlgorithmForSslProtocol();
 
-    @Message(id = 4002, value = "Empty certificate chain is not trusted")
-    CertificateException emptyChainNotTrusted();
-
-    @Message(id = 4003, value = "Certificate not trusted due to realm failure for principal [%s]")
-    CertificateException notTrustedRealmProblem(@Cause RealmUnavailableException e, Principal principal);
-
-    @Message(id = 4004, value = "Credential validation failed: certificate is not trusted for principal [%s]")
-    CertificateException notTrusted(Principal principal);
-
     @Message(id = 4005, value = "No default trust manager available")
     NoSuchAlgorithmException noDefaultTrustManager();
 
@@ -167,9 +157,6 @@ interface ElytronMessages extends BasicLogger {
     @Message(id = 4026, value = "Could not create trust manager [%s]")
     IllegalStateException sslErrorCreatingTrustManager(String name, @Cause Throwable cause);
 
-    @Message(id = 4027, value = "SecurityDomain of SSLContext does not support X509PeerCertificateChainEvidence verification")
-    IllegalArgumentException securityDomainOfSSLContextDoesNotSupportX509();
-
     @Message(id = 4029, value = "Default context cannot be null")
     IllegalStateException defaultContextCannotBeNull();