From 26c5bf978f7d31fd44b7cc22c795e84e0959f91a Mon Sep 17 00:00:00 2001 From: fazer1929 Date: Mon, 25 Apr 2022 21:40:17 +0530 Subject: [PATCH 001/205] ELY-2166: Added javadoc for org.wildfly.security.sasl.util.SaslMechanismInformation.Names class. --- .../wildfly/security/sasl/util/SaslMechanismInformation.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sasl/base/src/main/java/org/wildfly/security/sasl/util/SaslMechanismInformation.java b/sasl/base/src/main/java/org/wildfly/security/sasl/util/SaslMechanismInformation.java index 3f68d2612b0..cc6a0ce7f0b 100644 --- a/sasl/base/src/main/java/org/wildfly/security/sasl/util/SaslMechanismInformation.java +++ b/sasl/base/src/main/java/org/wildfly/security/sasl/util/SaslMechanismInformation.java @@ -55,6 +55,9 @@ */ public final class SaslMechanismInformation { + /** + * The class providing Sasl Mechanism Names. + */ public static final class Names { public static final String CRAM_MD5 = "CRAM-MD5"; public static final String DIGEST_MD5 = "DIGEST-MD5"; From 8d7460c98974eb1663f6e62b98d9766921358005 Mon Sep 17 00:00:00 2001 From: fazer1929 Date: Wed, 29 Jun 2022 10:30:22 +0530 Subject: [PATCH 002/205] [ELY-2167] Added javadoc for SNI realted classes. (SNIContextMatcher, SNISSLContext). --- .../org/wildfly/security/ssl/SNIContextMatcher.java | 12 +++++++++++- .../java/org/wildfly/security/ssl/SNISSLContext.java | 5 ++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/ssl/src/main/java/org/wildfly/security/ssl/SNIContextMatcher.java b/ssl/src/main/java/org/wildfly/security/ssl/SNIContextMatcher.java index 7790d2827ae..ff7aeceae5e 100644 --- a/ssl/src/main/java/org/wildfly/security/ssl/SNIContextMatcher.java +++ b/ssl/src/main/java/org/wildfly/security/ssl/SNIContextMatcher.java @@ -26,6 +26,9 @@ import javax.net.ssl.SNIServerName; import javax.net.ssl.SSLContext; +/** + * A class which returns a matching SSL context based on the SNI server list provided. + */ public class SNIContextMatcher { private final SSLContext defaultContext; @@ -38,6 +41,10 @@ public class SNIContextMatcher { this.exacts = exacts; } + /** + * Used for finding the matching servers from the server list. + * Firstly, the exacts are matched, if not found, wildcards are tried. + */ public SSLContext getContext(List servers) { for (Map.Entry entry : exacts.entrySet()) { for (SNIServerName server : servers) { @@ -60,6 +67,9 @@ public SSLContext getDefaultContext() { return defaultContext; } + /** + * A class which allows building and configuration SNIContextMatcher. The builder, at minimum requres a default SSLContext. + */ public static class Builder { private SSLContext defaultContext; @@ -91,4 +101,4 @@ public Builder addMatch(String name, SSLContext context) { return this; } } -} +} \ No newline at end of file diff --git a/ssl/src/main/java/org/wildfly/security/ssl/SNISSLContext.java b/ssl/src/main/java/org/wildfly/security/ssl/SNISSLContext.java index dbea0b91882..6ab0f43f1c5 100644 --- a/ssl/src/main/java/org/wildfly/security/ssl/SNISSLContext.java +++ b/ssl/src/main/java/org/wildfly/security/ssl/SNISSLContext.java @@ -17,9 +17,12 @@ import javax.net.ssl.SSLContext; +/** + * A class that uses the provided SNIContextMatcher to determine the SSLContext to be used for the connection. + */ public class SNISSLContext extends SSLContext { public SNISSLContext(SNIContextMatcher matcher) { super(new SNISSLContextSpi(matcher), matcher.getDefaultContext().getProvider(), matcher.getDefaultContext().getProtocol()); } -} +} \ No newline at end of file From d7581ebdfcd16f61154bef81d92feb694e239410 Mon Sep 17 00:00:00 2001 From: keshav kumar Date: Tue, 31 Jan 2023 21:50:11 +0530 Subject: [PATCH 003/205] [ELY-2512] Move assertions from test methods that have expected exception defined --- .../token/OAuth2TokenSecurityRealmTest.java | 2 +- .../sasl/external/ExternalSaslClientTest.java | 19 ++++++--- .../sasl/external/ExternalSaslServerTest.java | 40 ++++++++++++------- 3 files changed, 40 insertions(+), 21 deletions(-) diff --git a/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java b/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java index ed44baabad7..9cc6e13022b 100644 --- a/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java +++ b/auth/realm/token/src/test/java/org/wildfly/security/auth/realm/token/OAuth2TokenSecurityRealmTest.java @@ -187,7 +187,7 @@ public void testInErrorTokenIntrospectionEndpoint() throws Exception { RealmIdentity realmIdentity = securityRealm.getRealmIdentity(new BearerTokenEvidence(tokenBuilder.build().toString())); - assertFalse(realmIdentity.exists()); + realmIdentity.exists(); } @Test(expected = IllegalArgumentException.class) diff --git a/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslClientTest.java b/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslClientTest.java index 252114d8791..5d099418c40 100644 --- a/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslClientTest.java +++ b/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslClientTest.java @@ -40,6 +40,7 @@ import javax.security.sasl.SaslException; import org.junit.AfterClass; +import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import org.wildfly.security.sasl.WildFlySasl; @@ -213,13 +214,19 @@ public void testServerChallengeEmptyAuthzId() throws Exception { /** * Test failing (as we only authenticate "admin") authn for unsupported data "test" from client. */ - @Test(expected = SaslException.class) - public void testWrongServerChallenge() throws Exception { + @Test + public void testWrongServerChallenge() { final SaslClientFactory factory = obtainSaslClientFactory(ExternalSaslClientFactory.class); - final SaslClient saslClient = factory.createSaslClient(MECHANISMS_EXTERNAL_ONLY, ADMIN, "test", "localhost", setProps(), - null); - assertFalse(saslClient.isComplete()); - saslClient.evaluateChallenge("test".getBytes(StandardCharsets.UTF_8)); + try { + final SaslClient saslClient = factory.createSaslClient(MECHANISMS_EXTERNAL_ONLY, ADMIN, "test", "localhost", setProps(), + null); + assertFalse(saslClient.isComplete()); + Assert.assertThrows(SaslException.class,()->{ + saslClient.evaluateChallenge("test".getBytes(StandardCharsets.UTF_8)); + }); + }catch(SaslException saslException){ + fail("Failed to create SaslClient Instance"); + } } @Test diff --git a/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslServerTest.java b/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslServerTest.java index 6ade8e7df26..66d36fdec1f 100644 --- a/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslServerTest.java +++ b/sasl/external/src/test/java/org/wildfly/security/sasl/external/ExternalSaslServerTest.java @@ -44,6 +44,7 @@ import javax.security.sasl.SaslServerFactory; import org.junit.AfterClass; +import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import org.wildfly.security.sasl.WildFlySasl; @@ -180,25 +181,36 @@ public void testAuthnClientData() throws Exception { /** * Test failing (as we only authenticate "admin") authn for unsupported data "test" from client. */ - @Test(expected = SaslException.class) - public void testFailedAuthn() throws Exception { - SaslServer saslServer = obtainSaslServerFactory(ExternalSaslServerFactory.class).createSaslServer(EXTERNAL, "test", - "localhost", setProps(), CALLBACK_HANDLER_AUTHZ_ADMIN); - assertFalse(saslServer.isComplete()); - saslServer.evaluateResponse("test".getBytes(StandardCharsets.UTF_8)); + @Test + public void testFailedAuthn() { + try { + SaslServer saslServer = obtainSaslServerFactory(ExternalSaslServerFactory.class).createSaslServer(EXTERNAL, "test", + "localhost", setProps(), CALLBACK_HANDLER_AUTHZ_ADMIN); + assertFalse(saslServer.isComplete()); + Assert.assertThrows(SaslException.class,()->{ + saslServer.evaluateResponse("test".getBytes(StandardCharsets.UTF_8)); + }); + }catch (SaslException saslException){ + fail("Failed to create SaslServer Instance"); + } } /** * Test failing authn (as we only authenticate "admin") for empty data received from client. */ - @Test(expected = SaslException.class) - public void testAuthnEmptyData() throws Exception { - SaslServer saslServer = obtainSaslServerFactory(ExternalSaslServerFactory.class).createSaslServer(EXTERNAL, "test", - "localhost", setProps(), CALLBACK_HANDLER_AUTHZ_ADMIN); - - assertFalse(saslServer.isComplete()); - - saslServer.evaluateResponse(AbstractSaslParticipant.NO_BYTES); + @Test + public void testAuthnEmptyData() { + try{ + SaslServer saslServer = obtainSaslServerFactory(ExternalSaslServerFactory.class).createSaslServer(EXTERNAL, "test", + "localhost", setProps(), CALLBACK_HANDLER_AUTHZ_ADMIN); + + assertFalse(saslServer.isComplete()); + Assert.assertThrows(SaslException.class,()->{ + saslServer.evaluateResponse(AbstractSaslParticipant.NO_BYTES); + }); + }catch (SaslException saslException){ + fail("Failed to create SaslServer Instance"); + } } @Test From 7242ebe048d4b5bbe114dd61db3a10b4d4fe2d74 Mon Sep 17 00:00:00 2001 From: lvydra Date: Fri, 9 Jun 2023 14:51:44 +0200 Subject: [PATCH 004/205] [ELY-2547] Add Elytron Tool option to overwrite CLI script --- .../org/wildfly/security/tool/Command.java | 1 + .../security/tool/ElytronToolMessages.java | 3 + .../tool/FileSystemEncryptRealmCommand.java | 45 +++++++--- .../tool/FileSystemRealmIntegrityCommand.java | 42 ++++++--- .../FileSystemEncryptRealmCommandTest.java | 50 +++++++++++ .../FileSystemRealmIntegrityCommandTest.java | 86 +++++++++++++++++++ .../fsRealmAl/a/l/alice-MFWGSY3F.xml | 8 ++ 7 files changed, 215 insertions(+), 20 deletions(-) create mode 100644 tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml diff --git a/tool/src/main/java/org/wildfly/security/tool/Command.java b/tool/src/main/java/org/wildfly/security/tool/Command.java index 4b29a26b881..4f06b917fe7 100644 --- a/tool/src/main/java/org/wildfly/security/tool/Command.java +++ b/tool/src/main/java/org/wildfly/security/tool/Command.java @@ -498,6 +498,7 @@ class Params { static final String SILENT_PARAM = "silent"; static final String STORE_LOCATION_PARAM = "location"; static final String SUMMARY_PARAM = "summary"; + static final String OVERWRITE_SCRIPT_FILE = "overwrite-script-file"; // Other constants static final Pattern BOOLEAN_ARG_REGEX = Pattern.compile("(true|false)", Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE); diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java index 6a023c4f1d2..a2642533d51 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java @@ -589,6 +589,9 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Provides a detailed summary of all operations performed, once the command finishes.") String cmdFileSystemRealmSummaryDesc(); + @Message(id = NONE, value = "Whether the cli script file will be overwritten, if attempting to write to an existing file.") + String cmdFileSystemRealmOverwriteCliScriptFileDesc(); + @Message(id = NONE, value = "No users file specified. Please use either --bulk-convert or specify a users file using --users-file ") MissingOptionException missingUsersFile(); diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java index c5e858827a4..e568fcfc7a9 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java @@ -17,6 +17,7 @@ */ package org.wildfly.security.tool; +import static org.wildfly.security.tool.Params.BOOLEAN_PARAM; import static org.wildfly.security.tool.Params.BULK_CONVERT_PARAM; import static org.wildfly.security.tool.Params.CREATE_CREDENTIAL_STORE_PARAM; import static org.wildfly.security.tool.Params.CREDENTIAL_STORE_LOCATION_PARAM; @@ -38,6 +39,7 @@ import static org.wildfly.security.tool.Params.LINE_SEPARATOR; import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; +import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -173,6 +175,10 @@ class FileSystemEncryptRealmCommand extends Command { option.setArgName(FILE_PARAM); options.addOption(option); + option = new Option("w", OVERWRITE_SCRIPT_FILE, true, ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()); + option.setArgName(BOOLEAN_PARAM); + options.addOption(option); + option = Option.builder().longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()).build(); options.addOption(option); @@ -205,6 +211,7 @@ private static final class Descriptor { private Boolean encoded; private Boolean createCredentialStore; private Boolean populate; + private Boolean overwriteScriptFile; Descriptor() { } @@ -227,6 +234,7 @@ private static final class Descriptor { this.createCredentialStore = descriptor.createCredentialStore; this.secretKeyAlias = descriptor.secretKeyAlias; this.populate = descriptor.populate; + this.overwriteScriptFile = descriptor.overwriteScriptFile; } public Encoding getHashEncoding() { @@ -359,6 +367,14 @@ void setKeyPairAlias(String keyPairAlias) { this.keyPairAlias = keyPairAlias; } + public Boolean getOverwriteScriptFile() { + return overwriteScriptFile; + } + + public void setOverwriteScriptFile(Boolean overwriteScriptFile) { + this.overwriteScriptFile = overwriteScriptFile; + } + void reset() { this.inputRealmLocation = null; this.outputRealmLocation = null; @@ -376,6 +392,7 @@ void reset() { this.encoded = null; this.levels = null; this.populate = null; + this.overwriteScriptFile = null; } } @@ -421,6 +438,7 @@ public void execute(String[] args) throws Exception { String encodedOption = cmdLine.getOptionValue("f"); String bulkConvert = cmdLine.getOptionValue("b"); String populateOption = cmdLine.getOptionValue("p"); + String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvert == null) { if (realmNameOption == null) { @@ -470,6 +488,9 @@ public void execute(String[] args) throws Exception { } else { descriptor.setPopulate(Boolean.valueOf(populateOption)); } + if (overwriteScriptFileOption != null) { + descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); + } if (levelsOption == null) { descriptor.setLevels(DEFAULT_LEVELS); @@ -923,6 +944,7 @@ private void createWildFlyScript() throws Exception { String keyStoreType = descriptor.getKeyStoreType(); char[] password = descriptor.getPassword(); String keyPairAlias = descriptor.getKeyPairAlias(); + Boolean overwriteScript = descriptor.getOverwriteScriptFile(); if (hashCharset == null) { hashCharset = StandardCharsets.UTF_8; @@ -937,17 +959,20 @@ private void createWildFlyScript() throws Exception { Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmLocation, fileSystemRealmName)); - if (scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + if (overwriteScript == null) { + if (scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + } + + overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); } - boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { // Generate a random file for the CLI script do { scriptPath = Paths.get(String.format("%s/%s.cli", @@ -1001,7 +1026,7 @@ private void createWildFlyScript() throws Exception { if (overwriteScript) { // Create a new script file, or overwrite the existing one Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); } else { - Files.write(scriptPath, scriptLines, StandardOpenOption.APPEND); + Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE); } counter++; } diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java index 176b824dfd1..9bf69bf19c9 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java @@ -39,6 +39,7 @@ import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.NUMBER_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; +import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -157,6 +158,9 @@ public class FileSystemRealmIntegrityCommand extends Command { options.addOption(Option.builder("b").longOpt(BULK_CONVERT_PARAM).desc(ElytronToolMessages.msg.cmdFileSystemRealmIntegrityBulkConvertDesc()) .hasArg().argName(FILE_PARAM) .build()); + options.addOption(Option.builder("w").longOpt(OVERWRITE_SCRIPT_FILE).desc(ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()) + .hasArg().argName(BOOLEAN_PARAM) + .build()); // General options options.addOption(Option.builder("h").longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()) @@ -185,6 +189,7 @@ private static final class Descriptor { private Encoding hashEncoding; private Charset hashCharset; private Boolean encoded; + private Boolean overwriteScriptFile; private Boolean upgradeInPlace; private Boolean missingRequiredValue; @@ -212,6 +217,7 @@ private static final class Descriptor { this.hashEncoding = descriptor.hashEncoding; this.hashCharset = descriptor.hashCharset; this.encoded = descriptor.encoded; + this.overwriteScriptFile = descriptor.overwriteScriptFile; this.upgradeInPlace = descriptor.upgradeInPlace; this.missingRequiredValue = descriptor.missingRequiredValue; @@ -322,6 +328,9 @@ public Boolean getMissingRequiredValue() { public Boolean getRealmUpgraded() { return realmUpgraded; } + public Boolean getOverwriteScriptFile() { + return overwriteScriptFile; + } public void setInputRealmPath(String inputRealmPath) { setInputRealmPath(Paths.get(inputRealmPath).normalize().toAbsolutePath()); @@ -410,6 +419,9 @@ public void setMissingRequiredValue() { public void setRealmUpgraded() { this.realmUpgraded = true; } + public void setOverwriteScriptFile(Boolean overwriteScriptFile) { + this.overwriteScriptFile = overwriteScriptFile; + } void reset(boolean resetMissingValues) { // Required values are set to null if contents are null, or equal "MISSING" @@ -428,6 +440,7 @@ void reset(boolean resetMissingValues) { hashEncoding = null; hashCharset = null; encoded = null; + overwriteScriptFile = null; upgradeInPlace = false; realmUpgraded = false; @@ -476,6 +489,7 @@ public void execute(String[] args) throws Exception { String hashCharsetOption = cmdLine.getOptionValue("u"); String encodedOption = cmdLine.getOptionValue("f"); String bulkConvertOption = cmdLine.getOptionValue("b"); + String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvertOption == null) { if (summaryMode) { @@ -574,6 +588,10 @@ public void execute(String[] args) throws Exception { descriptor.setEncoded(Boolean.parseBoolean(encodedOption)); } + if (overwriteScriptFileOption != null) { + descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); + } + descriptors.add(descriptor); findMissingRequiredValuesAndSetValues(0, descriptor); } else if (nonBulkConvertOptionSet(inputRealmPathOption, outputRealmPathOption, realmNameOption, keyStorePathOption, @@ -950,22 +968,26 @@ private void createWildFlyScript() throws Exception { String fileSystemRealmName = descriptor.getFileSystemRealmName(); Path outputRealmPath = descriptor.getOutputRealmPath(); boolean upgradeInPlace = descriptor.getUpgradeInPlace(); + Boolean overwriteScript = descriptor.getOverwriteScriptFile(); String createScriptCheck = ""; Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmPath, fileSystemRealmName)); - // Ask to overwrite CLI script, if already exists - if(scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + if (overwriteScript == null) { + // Ask to overwrite CLI script, if already exists + if(scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; + } + + overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); } - boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { do { scriptPath = Paths.get(String.format("%s/%s.cli", diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java index 6f698df14ff..98854e8b7fd 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java @@ -17,6 +17,8 @@ */ package org.wildfly.security.tool; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.ELYTRON_KS_PASS_PROVIDERS; @@ -62,6 +64,12 @@ private void runCommand(String inputLocation, String outputLocation, String file executeCommandAndCheckStatus(requiredArgs, expectedStatus); } + private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, String encoded, boolean create, int expectedStatus, boolean overwriteScriptFile) { + String[] requiredArgs; + requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH, "--overwrite-script-file", String.valueOf(overwriteScriptFile)}; + executeCommandAndCheckStatus(requiredArgs, expectedStatus); + } + private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, int levels, String encoded, boolean create, int expectedStatus) { String[] requiredArgs; requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--levels", String.valueOf(levels), "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH}; @@ -155,6 +163,48 @@ public void testSingleUser() throws Exception { } } + @Test + public void testOverwritingScriptFileTrue() throws Exception { + String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; + String fileSystemRealmName = "overwrite-script-true"; + String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-true.cli"; + + String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); + + assertTrue(fileExists(file)); + File scriptFile = new File(file); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, true); + + Long modifiedAfter = scriptFile.lastModified(); + + assertNotEquals(modifiedBefore, modifiedAfter); + } + + @Test + public void testOverwritingScriptFileFalse() throws Exception { + String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; + String fileSystemRealmName = "overwrite-script-false"; + String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-false.cli"; + + String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); + + assertTrue(fileExists(file)); + File scriptFile = new File(file); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; + runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, false); + + Long modifiedAfter = scriptFile.lastModified(); + + assertEquals(modifiedBefore, modifiedAfter); + } + @Test public void testSingleUserMissingParam() throws Exception { String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java index 2d134d31d7f..7db8da89604 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java @@ -17,6 +17,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.GENERAL_CONFIGURATION_ERROR; @@ -36,6 +37,7 @@ import static org.wildfly.security.tool.Params.KEY_PAIR_ALIAS_PARAM; import static org.wildfly.security.tool.Params.LEVELS_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; +import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -116,6 +118,90 @@ public void testSingleUserRealmWithJCEKS() throws IOException { validateScript(params, FS_REALM_SIGNED_PATH.resolve(realmName + ".cli")); } + @Test + public void testScriptFileOverwriteFalse() throws IOException { + String realmName = "scriptOverwriteFalse"; + Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); + String keyStoreType = "JCEKS"; + String keyPairAlias = "curveKeyPair"; + + Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); + String[] firstRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD + }; + + runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); + + File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); + String[] secondRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, + "--" + OVERWRITE_SCRIPT_FILE, "false" + }; + + runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); + + Long modifiedAfter = scriptFile.lastModified(); + + assertEquals(modifiedBefore, modifiedAfter); + } + + @Test + public void testScriptFileOverwriteTrue() throws IOException { + String realmName = "scriptOverwriteTrue"; + Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); + String keyStoreType = "JCEKS"; + String keyPairAlias = "curveKeyPair"; + + Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); + String[] firstRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD + }; + + runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); + + File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); + Long modifiedBefore = scriptFile.lastModified(); + + inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); + String[] secondRealmArgs = { + "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), + "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), + "--" + REALM_NAME_PARAM, realmName, + "--" + KEYSTORE_PARAM, keyStore.toString(), + "--" + KEYSTORE_TYPE_PARAM, keyStoreType, + "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, + "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, + "--" + OVERWRITE_SCRIPT_FILE, "true" + }; + + runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); + + Long modifiedAfter = scriptFile.lastModified(); + + assertNotEquals(modifiedBefore, modifiedAfter); + } + @Test public void testMultiUserRealmWithSummary() throws IOException { String realmName = "fsRealmMultiUser"; diff --git a/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml b/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml new file mode 100644 index 00000000000..3e94e6776f9 --- /dev/null +++ b/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file From 15d2ded4fd28474b2b68a8a3c648931cb3b616c1 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 21 Jun 2023 14:06:56 -0400 Subject: [PATCH 005/205] [ELY-2573] Fix version.org.jboss.logging.tools --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6e789b49a26..e2e11e973d9 100644 --- a/pom.xml +++ b/pom.xml @@ -72,7 +72,7 @@ 3.4.3.Final 2.1.18.Final 1.1.6.Final - 2.2.2.CR1-SNAPSHOT + 2.2.1.Final 1.9.2.Final 1.0.4.GA 2.0.0 From 9feea37260a5078e2e644db68da2df19bd31028c Mon Sep 17 00:00:00 2001 From: lvydra Date: Thu, 29 Jun 2023 14:22:40 +0200 Subject: [PATCH 006/205] [ELY-1700] Intermittently failing AttributeMappingSuiteChild --- .../auth/realm/ldap/SimpleDirContextFactoryBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder.java b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder.java index aed4c548e77..5d53a119c83 100644 --- a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder.java +++ b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder.java @@ -64,7 +64,7 @@ public class SimpleDirContextFactoryBuilder { private static final String READ_TIMEOUT = "com.sun.jndi.ldap.read.timeout"; private static final String SOCKET_FACTORY = "java.naming.ldap.factory.socket"; - private static final int DEFAULT_CONNECT_TIMEOUT = 5000; // ms + private static final int DEFAULT_CONNECT_TIMEOUT = 10000; // ms private static final int DEFAULT_READ_TIMEOUT = 60000; // ms private static final String LDAPS_SCHEME = "ldaps"; From 3bf680f3ac37c8e13accb3a9151a27f83582c22d Mon Sep 17 00:00:00 2001 From: keshav kumar Date: Mon, 30 Jan 2023 11:54:22 +0530 Subject: [PATCH 007/205] [ELY-2507] Move appropriate methods in AbstractDigestMechanism into DigestWrapper --- .../sasl/digest/AbstractDigestMechanism.java | 228 +++++++++--------- 1 file changed, 113 insertions(+), 115 deletions(-) diff --git a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java index 7a128580188..61b05cf0aa6 100644 --- a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java +++ b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java @@ -73,6 +73,8 @@ public enum FORMAT {CLIENT, SERVER} public static final int DEFAULT_MAXBUF = 65536; public static final char DELIMITER = ','; public static final String[] CIPHER_OPTS = {"des", "3des", "rc4", "rc4-40", "rc4-56"}; + private static final String CLIENT_MAGIC_INTEGRITY = "Digest session key to client-to-server signing key magic constant"; + private static final String SERVER_MAGIC_INTEGRITY = "Digest session key to server-to-client signing key magic constant"; private FORMAT format; protected final String digestURI; @@ -217,9 +219,9 @@ protected DigestWrapper(boolean confidential) { @Override public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException { if (confidential) { - return AbstractDigestMechanism.this.wrapConfidentialityProtectedMessage(outgoing, offset, len); + return wrapConfidentialityProtectedMessage(outgoing, offset, len); } else { - return AbstractDigestMechanism.this.wrapIntegrityProtectedMessage(outgoing, offset, len); + return wrapIntegrityProtectedMessage(outgoing, offset, len); } } @@ -229,152 +231,148 @@ public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException { @Override public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException { if (confidential) { - return AbstractDigestMechanism.this.unwrapConfidentialityProtectedMessage(incoming, offset, len); + return unwrapConfidentialityProtectedMessage(incoming, offset, len); } else { - return AbstractDigestMechanism.this.unwrapIntegrityProtectedMessage(incoming, offset, len); + return unwrapIntegrityProtectedMessage(incoming, offset, len); } } + private byte[] wrapIntegrityProtectedMessage(byte[] message, int offset, int len) throws SaslException { - } - - private static final String CLIENT_MAGIC_INTEGRITY = "Digest session key to client-to-server signing key magic constant"; - private static final String SERVER_MAGIC_INTEGRITY = "Digest session key to server-to-client signing key magic constant"; + byte[] messageMac = computeHMAC(wrapHmacKeyIntegrity, wrapSeqNum, hmacMD5, message, offset, len); - private byte[] wrapIntegrityProtectedMessage(byte[] message, int offset, int len) throws SaslException { - - byte[] messageMac = computeHMAC(wrapHmacKeyIntegrity, wrapSeqNum, hmacMD5, message, offset, len); + byte[] result = new byte[len + 16]; + System.arraycopy(message, offset, result, 0, len); + System.arraycopy(messageMac, 0, result, len, 10); + integerByteOrdered(1, result, len + 10, 2); // 2-byte message type number in network byte order with value 1 + integerByteOrdered(wrapSeqNum, result, len + 12, 4); // 4-byte sequence number in network byte order + wrapSeqNum++; + return result; + } - byte[] result = new byte[len + 16]; - System.arraycopy(message, offset, result, 0, len); - System.arraycopy(messageMac, 0, result, len, 10); - integerByteOrdered(1, result, len + 10, 2); // 2-byte message type number in network byte order with value 1 - integerByteOrdered(wrapSeqNum, result, len + 12, 4); // 4-byte sequence number in network byte order - wrapSeqNum++; - return result; - } + private byte[] unwrapIntegrityProtectedMessage(byte[] message, int offset, int len) throws SaslException { - private byte[] unwrapIntegrityProtectedMessage(byte[] message, int offset, int len) throws SaslException { + int messageType = decodeByteOrderedInteger(message, offset + len - 6, 2); + int extractedSeqNum = decodeByteOrderedInteger(message, offset + len - 4, 4); - int messageType = decodeByteOrderedInteger(message, offset + len - 6, 2); - int extractedSeqNum = decodeByteOrderedInteger(message, offset + len - 4, 4); + if (messageType != 1) { + throw saslDigest.mechMessageTypeMustEqual(1, messageType).toSaslException(); + } - if (messageType != 1) { - throw saslDigest.mechMessageTypeMustEqual(1, messageType).toSaslException(); - } + if (extractedSeqNum != unwrapSeqNum) { + throw saslDigest.mechBadSequenceNumberWhileUnwrapping(unwrapSeqNum, extractedSeqNum).toSaslException(); + } - if (extractedSeqNum != unwrapSeqNum) { - throw saslDigest.mechBadSequenceNumberWhileUnwrapping(unwrapSeqNum, extractedSeqNum).toSaslException(); - } + byte[] extractedMessageMac = new byte[10]; + byte[] extractedMessage = new byte[len - 16]; + System.arraycopy(message, offset, extractedMessage, 0, len - 16); + System.arraycopy(message, offset + len - 16, extractedMessageMac, 0, 10); - byte[] extractedMessageMac = new byte[10]; - byte[] extractedMessage = new byte[len - 16]; - System.arraycopy(message, offset, extractedMessage, 0, len - 16); - System.arraycopy(message, offset + len - 16, extractedMessageMac, 0, 10); + byte[] expectedHmac = computeHMAC(unwrapHmacKeyIntegrity, extractedSeqNum, hmacMD5, extractedMessage, 0, extractedMessage.length); - byte[] expectedHmac = computeHMAC(unwrapHmacKeyIntegrity, extractedSeqNum, hmacMD5, extractedMessage, 0, extractedMessage.length); + // validate MAC block + if (Arrays2.equals(expectedHmac, 0, extractedMessageMac, 0, 10) == false) { + return NO_BYTES; + } - // validate MAC block - if (Arrays2.equals(expectedHmac, 0, extractedMessageMac, 0, 10) == false) { - return NO_BYTES; + unwrapSeqNum++; // increment only if MAC is valid + return extractedMessage; } - unwrapSeqNum++; // increment only if MAC is valid - return extractedMessage; - } - - private byte[] wrapConfidentialityProtectedMessage(byte[] message, int offset, int len) throws SaslException { + private byte[] wrapConfidentialityProtectedMessage(byte[] message, int offset, int len) throws SaslException { - byte[] messageMac = computeHMAC(wrapHmacKeyIntegrity, wrapSeqNum, hmacMD5, message, offset, len); + byte[] messageMac = computeHMAC(wrapHmacKeyIntegrity, wrapSeqNum, hmacMD5, message, offset, len); - int paddingLength = 0; - byte[] pad = null; - int blockSize = wrapCipher.getBlockSize(); - if (blockSize > 0) { - paddingLength = blockSize - ((len + 10) % blockSize); - pad = new byte[paddingLength]; - Arrays.fill(pad, (byte)paddingLength); - } + int paddingLength = 0; + byte[] pad = null; + int blockSize = wrapCipher.getBlockSize(); + if (blockSize > 0) { + paddingLength = blockSize - ((len + 10) % blockSize); + pad = new byte[paddingLength]; + Arrays.fill(pad, (byte)paddingLength); + } - byte[] toCipher = new byte[len + paddingLength + 10]; - System.arraycopy(message, offset, toCipher, 0, len); - if (paddingLength > 0) { - System.arraycopy(pad, 0, toCipher, len, paddingLength); - } - System.arraycopy(messageMac, 0, toCipher, len + paddingLength, 10); + byte[] toCipher = new byte[len + paddingLength + 10]; + System.arraycopy(message, offset, toCipher, 0, len); + if (paddingLength > 0) { + System.arraycopy(pad, 0, toCipher, len, paddingLength); + } + System.arraycopy(messageMac, 0, toCipher, len + paddingLength, 10); - byte[] cipheredPart = null; - try { - cipheredPart = wrapCipher.update(toCipher); - } catch (Exception e) { - throw saslDigest.mechProblemDuringCrypt(e).toSaslException(); - } - if (cipheredPart == null){ - throw saslDigest.mechProblemDuringCryptResultIsNull().toSaslException(); - } + byte[] cipheredPart = null; + try { + cipheredPart = wrapCipher.update(toCipher); + } catch (Exception e) { + throw saslDigest.mechProblemDuringCrypt(e).toSaslException(); + } + if (cipheredPart == null){ + throw saslDigest.mechProblemDuringCryptResultIsNull().toSaslException(); + } - byte[] result = new byte[cipheredPart.length + 6]; - System.arraycopy(cipheredPart, 0, result, 0, cipheredPart.length); - integerByteOrdered(1, result, cipheredPart.length, 2); // 2-byte message type number in network byte order with value 1 - integerByteOrdered(wrapSeqNum, result, cipheredPart.length + 2, 4); // 4-byte sequence number in network byte order + byte[] result = new byte[cipheredPart.length + 6]; + System.arraycopy(cipheredPart, 0, result, 0, cipheredPart.length); + integerByteOrdered(1, result, cipheredPart.length, 2); // 2-byte message type number in network byte order with value 1 + integerByteOrdered(wrapSeqNum, result, cipheredPart.length + 2, 4); // 4-byte sequence number in network byte order - wrapSeqNum++; - return result; - } + wrapSeqNum++; + return result; + } - private byte[] unwrapConfidentialityProtectedMessage(byte[] message, int offset, int len) throws SaslException { + private byte[] unwrapConfidentialityProtectedMessage(byte[] message, int offset, int len) throws SaslException { - int messageType = decodeByteOrderedInteger(message, offset + len - 6, 2); - int extractedSeqNum = decodeByteOrderedInteger(message, offset + len - 4, 4); + int messageType = decodeByteOrderedInteger(message, offset + len - 6, 2); + int extractedSeqNum = decodeByteOrderedInteger(message, offset + len - 4, 4); - if (messageType != 1) { - throw saslDigest.mechMessageTypeMustEqual(1, messageType).toSaslException(); - } + if (messageType != 1) { + throw saslDigest.mechMessageTypeMustEqual(1, messageType).toSaslException(); + } - if (extractedSeqNum != unwrapSeqNum) { - throw saslDigest.mechBadSequenceNumberWhileUnwrapping(unwrapSeqNum, extractedSeqNum).toSaslException(); - } + if (extractedSeqNum != unwrapSeqNum) { + throw saslDigest.mechBadSequenceNumberWhileUnwrapping(unwrapSeqNum, extractedSeqNum).toSaslException(); + } - byte[] clearText = null; - try { - clearText = unwrapCipher.update(message, offset, len - 6); - } catch (Exception e) { - throw saslDigest.mechProblemDuringDecrypt(e).toSaslException(); - } - if (clearText == null){ - throw saslDigest.mechProblemDuringDecryptResultIsNull().toSaslException(); - } + byte[] clearText = null; + try { + clearText = unwrapCipher.update(message, offset, len - 6); + } catch (Exception e) { + throw saslDigest.mechProblemDuringDecrypt(e).toSaslException(); + } + if (clearText == null){ + throw saslDigest.mechProblemDuringDecryptResultIsNull().toSaslException(); + } - byte[] hmac = new byte[10]; - System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10); - - byte[] decryptedMessage = null; - // strip potential padding - if (unwrapCipher.getBlockSize() > 0) { - int padSize = clearText[clearText.length - 10 - 1]; - int decryptedMessageSize = clearText.length - 10; - if (padSize < 8) { - int i = clearText.length - 10 - 1; - while (clearText[i] == padSize) { - i--; + byte[] hmac = new byte[10]; + System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10); + + byte[] decryptedMessage = null; + // strip potential padding + if (unwrapCipher.getBlockSize() > 0) { + int padSize = clearText[clearText.length - 10 - 1]; + int decryptedMessageSize = clearText.length - 10; + if (padSize < 8) { + int i = clearText.length - 10 - 1; + while (clearText[i] == padSize) { + i--; + } + decryptedMessageSize = i + 1; } - decryptedMessageSize = i + 1; + decryptedMessage = new byte[decryptedMessageSize]; + System.arraycopy(clearText, 0, decryptedMessage, 0, decryptedMessageSize); + } else { + decryptedMessage = new byte[clearText.length - 10]; + System.arraycopy(clearText, 0, decryptedMessage, 0, clearText.length - 10); } - decryptedMessage = new byte[decryptedMessageSize]; - System.arraycopy(clearText, 0, decryptedMessage, 0, decryptedMessageSize); - } else { - decryptedMessage = new byte[clearText.length - 10]; - System.arraycopy(clearText, 0, decryptedMessage, 0, clearText.length - 10); - } - byte[] expectedHmac = computeHMAC(unwrapHmacKeyIntegrity, extractedSeqNum, hmacMD5, decryptedMessage, 0, decryptedMessage.length); + byte[] expectedHmac = computeHMAC(unwrapHmacKeyIntegrity, extractedSeqNum, hmacMD5, decryptedMessage, 0, decryptedMessage.length); + + // check hmac-s + if (Arrays2.equals(expectedHmac, 0, hmac, 0, 10) == false) { + return NO_BYTES; + } - // check hmac-s - if (Arrays2.equals(expectedHmac, 0, hmac, 0, 10) == false) { - return NO_BYTES; + unwrapSeqNum++; // increment only if MAC is valid + return decryptedMessage; } - unwrapSeqNum++; // increment only if MAC is valid - return decryptedMessage; } protected void createCiphersAndKeys() throws SaslException { From 16af04f62a441cde2e63c4f500ecc75d7422e547 Mon Sep 17 00:00:00 2001 From: keshav kumar Date: Mon, 6 Feb 2023 13:05:03 +0530 Subject: [PATCH 008/205] [ELY-2508] Add tests for DigestMechanismFactory --- http/digest/pom.xml | 12 ++ .../digest/DigestMechanismFactoryTest.java | 142 ++++++++++++++++++ 2 files changed, 154 insertions(+) create mode 100644 http/digest/src/test/java/org/wildfly/security/http/digest/DigestMechanismFactoryTest.java diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 60e56975403..0ba776c13c2 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -76,6 +76,18 @@ org.wildfly.common wildfly-common + + + + org.jmockit + jmockit + test + + + junit + junit + test + diff --git a/http/digest/src/test/java/org/wildfly/security/http/digest/DigestMechanismFactoryTest.java b/http/digest/src/test/java/org/wildfly/security/http/digest/DigestMechanismFactoryTest.java new file mode 100644 index 00000000000..307bff709b7 --- /dev/null +++ b/http/digest/src/test/java/org/wildfly/security/http/digest/DigestMechanismFactoryTest.java @@ -0,0 +1,142 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2023 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.digest; + +import org.junit.Assert; +import org.junit.Test; +import org.wildfly.security.http.HttpAuthenticationException; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import java.io.IOException; +import java.util.HashMap; + +/** + * Tests of DigestMechanismFactory Class. + * + * @author Keshav Kumar + */ + +public class DigestMechanismFactoryTest { + + private DigestMechanismFactory digestMechanismFactory = new DigestMechanismFactory(); + + CallbackHandler dummyCallbackHandler = new CallbackHandler() { + @Override + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + } + }; + + /** + * Tests that getMechanismNames(Map) correctly + * handles null or empty properties parameter as possible value. + */ + @Test + public void testGetMechanismNamesPropertiesNull(){ + String[] mechanismNames1 = digestMechanismFactory.getMechanismNames(null); + Assert.assertNotNull("Array of mechanism names cannot be null.",mechanismNames1); + + String[] mechanismNames2 = digestMechanismFactory.getMechanismNames(new HashMap()); + Assert.assertNotNull("Array of mechanism names cannot be null.",mechanismNames2); + } + + /** + * Tests that getMechanismNames(Map) does not return null. + */ + @Test + public void testGetMechanismNamesReturnNotNull(){ + String[] mechanismNames = digestMechanismFactory.getMechanismNames(null); + Assert.assertNotNull("Array of mechanism names cannot be null.", mechanismNames); + } + + /** + * Tests that createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler) + * does handle null mechanism name parameter correctly - does not allow. + * @throws HttpAuthenticationException + */ + @Test + public void testCreateAuthenticationMechanismMechanismNameNull() throws HttpAuthenticationException{ + try { + digestMechanismFactory.createAuthenticationMechanism(null,new HashMap(),dummyCallbackHandler); + Assert.fail("Mechanism name could not be null"); + }catch (IllegalArgumentException illegalArgumentException){ + // OK - expected exception state + } + } + + /** + * Tests that {createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler) + * does handle null properties parameter correctly - does not allow. + */ + @Test + public void testCreateAuthenticationMechanismPropertiesNull() throws HttpAuthenticationException{ + try { + digestMechanismFactory.createAuthenticationMechanism("DIGEST",null,dummyCallbackHandler); + Assert.fail("Properties could not be null"); + }catch (IllegalArgumentException illegalArgumentException){ + // OK - expected exception state + } + } + + /** + * Tests that createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler) + * does handle null callbackHandler parameter correctly - does not allow. + */ + @Test + public void testCreateAuthenticationMechanismCallbackHandlerNull() throws HttpAuthenticationException{ + try { + digestMechanismFactory.createAuthenticationMechanism("DIGEST",new HashMap(),null); + Assert.fail("CallbackHandler could not be null"); + }catch (IllegalArgumentException illegalArgumentException){ + // OK - expected exception state + } + } + + /** + * Tests that createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler) + * does handle wrong mechanism ("BASIC") - returns null. + */ + @Test + public void testCreateAuthenticationMechanismBasicMechanismName() throws HttpAuthenticationException{ + HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = digestMechanismFactory.createAuthenticationMechanism("BASIC",new HashMap(),dummyCallbackHandler); + Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); + } + + /** + * Tests that createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler) + * does handle all not null parameter correctly - does not return null. + */ + @Test + public void testCreateAuthenticationMechanismReturnNotNull() throws HttpAuthenticationException{ + HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = digestMechanismFactory.createAuthenticationMechanism("DIGEST",new HashMap(),dummyCallbackHandler); + Assert.assertNotNull("HttpServerAuthenticationMechanism cannot be null.",httpServerAuthenticationMechanism); + } + + /** + * Tests that createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler) + * does handle wrong mechanism name correctly - returns null. + */ + @Test + public void testCreateAuthenticationMechanismWrongMechanismName() throws HttpAuthenticationException{ + HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = digestMechanismFactory.createAuthenticationMechanism("MECHANISM_NAME_DOES_NOT_EXISTS",new HashMap(),dummyCallbackHandler); + Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); + } +} From df0508a9b28cb3bc7b37a272f662814597e0b05d Mon Sep 17 00:00:00 2001 From: keshav kumar Date: Mon, 10 Jul 2023 22:47:51 +0530 Subject: [PATCH 009/205] =?UTF-8?q?[ELY-2511]=20Add=20test=20that=20verifi?= =?UTF-8?q?es=20that=20digest=20response=20prefix=20is=20case=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../DigestAuthenticationMechanismTest.java | 60 ++++++++++++------- 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java index 1da396d9a58..2532f28a592 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java @@ -63,6 +63,18 @@ public static void removePasswordProvider() { Security.removeProvider(provider.getName()); } + public void evaluateRequest(String[] authorization, HttpServerAuthenticationMechanism mechanism) throws Exception{ + TestingHttpServerRequest request = new TestingHttpServerRequest(authorization); + mechanism.evaluateRequest(request); + Assert.assertEquals(Status.COMPLETE, request.getResult()); + } + + public void evaluateRequest(String[] authorization, HttpServerAuthenticationMechanism mechanism, String uri) throws Exception{ + TestingHttpServerRequest request = new TestingHttpServerRequest(authorization, new URI(uri)); + mechanism.evaluateRequest(request); + Assert.assertEquals(Status.COMPLETE, request.getResult()); + } + @Test public void testRfc2617() throws Exception { mockDigestNonce("AAAAAQABsxiWa25/kpFxsPCrpDCFsjkTzs/Xr7RPsi/VVN6faYp21Hia3h4="); @@ -78,7 +90,7 @@ public void testRfc2617() throws Exception { Assert.assertEquals(UNAUTHORIZED, response.getStatusCode()); Assert.assertEquals("Digest realm=\"testrealm@host.com\", nonce=\"AAAAAQABsxiWa25/kpFxsPCrpDCFsjkTzs/Xr7RPsi/VVN6faYp21Hia3h4=\", opaque=\"00000000000000000000000000000000\", algorithm=MD5, qop=auth", response.getAuthenticateHeader()); - TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + evaluateRequest(new String[] { "Digest username=\"Mufasa\",\n" + " realm=\"testrealm@host.com\",\n" + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",\n" + @@ -89,9 +101,21 @@ public void testRfc2617() throws Exception { " response=\"" + computeDigest("/dir/index.html", "dcd98b7102dd2f0e8b11d0f600bfb0c093", "0a4f113b", "00000001", "Mufasa", "Circle Of Life", "MD5", "testrealm@host.com", "auth", "GET") + "\",\n" + " opaque=\"00000000000000000000000000000000\",\n" + " algorithm=MD5" - }); - mechanism.evaluateRequest(request2); - Assert.assertEquals(Status.COMPLETE, request2.getResult()); + },mechanism); + + // test case insensitive + evaluateRequest(new String[] { + "DiGeSt username=\"Mufasa\",\n" + + " realm=\"testrealm@host.com\",\n" + + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",\n" + + " uri=\"/dir/index.html\",\n" + + " qop=auth,\n" + + " nc=00000001,\n" + + " cnonce=\"0a4f113b\",\n" + + " response=\"" + computeDigest("/dir/index.html", "dcd98b7102dd2f0e8b11d0f600bfb0c093", "0a4f113b", "00000001", "Mufasa", "Circle Of Life", "MD5", "testrealm@host.com", "auth", "GET") + "\",\n" + + " opaque=\"00000000000000000000000000000000\",\n" + + " algorithm=MD5" + },mechanism); } @Test @@ -104,7 +128,8 @@ public void testRfc2617EncodedQuery() throws Exception { String path = "/dir/index.html?foo=b%2Fr"; String uri = "http://localhost" + path; - TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + + evaluateRequest(new String[]{ "Digest username=\"Mufasa\",\n" + " realm=\"testrealm@host.com\",\n" + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",\n" + @@ -115,9 +140,7 @@ public void testRfc2617EncodedQuery() throws Exception { " response=\"" + computeDigest("http://localhost/dir/index.html?foo=b%2Fr", "dcd98b7102dd2f0e8b11d0f600bfb0c093", "0a4f113b", "00000001", "Mufasa", "Circle Of Life", "MD5", "testrealm@host.com", "auth", "GET") + "\",\n" + " opaque=\"00000000000000000000000000000000\",\n" + " algorithm=MD5" - }, new URI(uri)); - mechanism.evaluateRequest(request2); - Assert.assertEquals(Status.COMPLETE, request2.getResult()); + },mechanism,uri); } @Test @@ -130,7 +153,8 @@ public void testRfc2617EncodedPath() throws Exception { String path = "/dir/foo%2Fr/index.html?foo=b%2Fr"; String uri = "http://localhost" + path; - TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + + evaluateRequest(new String[] { "Digest username=\"Mufasa\",\n" + " realm=\"testrealm@host.com\",\n" + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",\n" + @@ -141,9 +165,7 @@ public void testRfc2617EncodedPath() throws Exception { " response=\"" + computeDigest("http://localhost/dir/foo%2Fr/index.html?foo=b%2Fr", "dcd98b7102dd2f0e8b11d0f600bfb0c093", "0a4f113b", "00000001", "Mufasa", "Circle Of Life", "MD5", "testrealm@host.com", "auth", "GET") + "\",\n" + " opaque=\"00000000000000000000000000000000\",\n" + " algorithm=MD5" - }, new URI(uri)); - mechanism.evaluateRequest(request2); - Assert.assertEquals(Status.COMPLETE, request2.getResult()); + },mechanism, uri); } @Test @@ -161,7 +183,7 @@ public void testRfc7616sha256() throws Exception { Assert.assertEquals(UNAUTHORIZED, response.getStatusCode()); Assert.assertEquals("Digest realm=\"http-auth@example.org\", nonce=\"7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v\", opaque=\"00000000000000000000000000000000\", algorithm=SHA-256, qop=auth", response.getAuthenticateHeader()); - TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + evaluateRequest(new String[] { "Digest username=\"Mufasa\",\n" + " realm=\"http-auth@example.org\",\n" + " uri=\"/dir/index.html\",\n" + @@ -172,9 +194,7 @@ public void testRfc7616sha256() throws Exception { " qop=auth,\n" + " response=\"" + computeDigest("/dir/index.html", "7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v", "f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ", "00000001", "Mufasa", "Circle of Life", "SHA-256", "http-auth@example.org", "auth", "GET") + "\",\n" + " opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\"" - }); - mechanism.evaluateRequest(request2); - Assert.assertEquals(Status.COMPLETE, request2.getResult()); + },mechanism); } @Test @@ -192,7 +212,7 @@ public void testSha512_256() throws Exception { Assert.assertEquals(UNAUTHORIZED, response.getStatusCode()); Assert.assertEquals("Digest realm=\"api@example.org\", nonce=\"5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK\", opaque=\"00000000000000000000000000000000\", algorithm=SHA-512-256, qop=auth", response.getAuthenticateHeader()); - TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + evaluateRequest(new String[] { "Digest username*=UTF-8''J%C3%A4s%C3%B8n%20Doe,\n" + " realm=\"api@example.org\",\n" + " uri=\"/doe.json\",\n" + @@ -204,9 +224,7 @@ public void testSha512_256() throws Exception { " response=\"" + computeDigest("/doe.json", "5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK", "NTg6RKcb9boFIAS3KrFK9BGeh+iDa/sm6jUMp2wds69v", "00000001", "J\u00E4s\u00F8n Doe", "Secret, or not?", "SHA-512-256", "api@example.org", "auth", "GET") + "\",\n" + " opaque=\"00000000000000000000000000000000\",\n" + " userhash=false" - }); - mechanism.evaluateRequest(request2); - Assert.assertEquals(Status.COMPLETE, request2.getResult()); + },mechanism); } private String computeDigest(String uri, String nonce, String cnonce, String nc, String username, String password, String algorithm, String realm, String qop, String method) throws NoSuchAlgorithmException { @@ -238,4 +256,4 @@ private String encode(String src, MessageDigest md) { } return res.toString(); } -} +} \ No newline at end of file From e42172a626d14e94be1f1e6407e43768026efff5 Mon Sep 17 00:00:00 2001 From: keshav kumar Date: Mon, 20 Feb 2023 16:28:44 +0530 Subject: [PATCH 010/205] [ELY-2174] Add tests for the BEARER authentication mechanism. --- tests/base/pom.xml | 4 ++ .../security/http/HttpAuthenticatorTest.java | 7 +-- .../BearerAuthenticationMechanismTest.java | 58 +++++++++++++++++++ .../http/impl/AbstractBaseHttpTest.java | 57 +++++++++++++----- 4 files changed, 107 insertions(+), 19 deletions(-) create mode 100644 tests/base/src/test/java/org/wildfly/security/http/bearer/BearerAuthenticationMechanismTest.java diff --git a/tests/base/pom.xml b/tests/base/pom.xml index bc218d67904..9bff9676634 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -402,6 +402,10 @@ org.wildfly.security wildfly-elytron-http-digest + + org.wildfly.security + wildfly-elytron-http-bearer + org.wildfly.security wildfly-elytron-http-external diff --git a/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java b/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java index e20540e3765..f1bc2e557c6 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java @@ -64,7 +64,7 @@ public class HttpAuthenticatorTest extends AbstractBaseHttpTest { " qop=auth,\n" + " response=\"8ca523f5e9506fed4657c9700eebdbec\",\n" + " opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\""; - private final String digestSha256Header = "Digest username=\"Mufasa\",\n" + private final String digestSha256Header = "Digest username=\"Mufasa\",\n" + " realm=\"http-auth@example.org\",\n" + " uri=\"/dir/index.html\",\n" + " algorithm=SHA-256,\n" @@ -180,7 +180,7 @@ public List prepareBasicSilentMechanisms() th return mechanisms; } - public void prepareSilentBasicWithDigestMechanisms() throws Exception{ + public void prepareSilentBasicWithDigestMechanisms() throws Exception { List mechanisms = prepareBasicSilentMechanisms(); Map digestProps = new HashMap<>(); digestProps.put(CONFIG_REALM, "http-auth@example.org"); @@ -219,7 +219,7 @@ public void testBasicSilent() throws Exception { } @Test - public void testBasicSilentWithDigest() throws Exception{ + public void testBasicSilentWithDigest() throws Exception { // authenticate using only DIGEST mechanism prepareSilentBasicWithDigestMechanisms(); authenticateWithDigestMD5(); @@ -255,5 +255,4 @@ public void testUsingSecurityProviderServerMechanismWithDigestMD5() throws Excep authenticateWithDigestMD5(); } - } diff --git a/tests/base/src/test/java/org/wildfly/security/http/bearer/BearerAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/bearer/BearerAuthenticationMechanismTest.java new file mode 100644 index 00000000000..a3087b37ad4 --- /dev/null +++ b/tests/base/src/test/java/org/wildfly/security/http/bearer/BearerAuthenticationMechanismTest.java @@ -0,0 +1,58 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2023 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.bearer; + +import org.junit.Assert; +import org.junit.Test; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; +import org.wildfly.security.http.impl.AbstractBaseHttpTest; + +import static org.wildfly.security.http.HttpConstants.BEARER_TOKEN; +import static org.wildfly.security.http.HttpConstants.UNAUTHORIZED; + +import java.util.Collections; + +/** + * Test of server side of the Bearer HTTP mechanism. + * + * @author Keshav Kumar + */ +public class BearerAuthenticationMechanismTest extends AbstractBaseHttpTest { + + @Test + public void testBearerAuthenticationMechanism() throws Exception { + HttpServerAuthenticationMechanism mechanism = bearerFactory.createAuthenticationMechanism(BEARER_TOKEN, Collections.emptyMap(), getCallbackHandler(null, "testrealm@host.com", null, "random")); + + //Test no authentication in progress + TestingHttpServerRequest request1 = new TestingHttpServerRequest(new String[]{}); + mechanism.evaluateRequest(request1); + Assert.assertEquals(Status.NO_AUTH, request1.getResult()); + + //Test unsuccessful authentication + TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[]{"Bearer test"}); + mechanism.evaluateRequest(request2); + Assert.assertEquals(Status.FAILED, request2.getResult()); + Assert.assertEquals(UNAUTHORIZED, request2.getResponse().getStatusCode()); + + //Test successful Authentication + TestingHttpServerRequest request3 = new TestingHttpServerRequest(new String[]{"Bearer random"}); + mechanism.evaluateRequest(request3); + Assert.assertEquals(Status.COMPLETE, request3.getResult()); + } +} diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java index 52c7bde6181..7290a17d396 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java @@ -40,6 +40,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Set; import javax.net.ssl.SSLSession; @@ -62,8 +63,10 @@ import org.wildfly.security.auth.callback.IdentityCredentialCallback; import org.wildfly.security.auth.server.SecurityIdentity; import org.wildfly.security.authz.Roles; +import org.wildfly.security.credential.BearerTokenCredential; import org.wildfly.security.credential.Credential; import org.wildfly.security.credential.PasswordCredential; +import org.wildfly.security.evidence.BearerTokenEvidence; import org.wildfly.security.evidence.PasswordGuessEvidence; import org.wildfly.security.http.HttpAuthenticationException; import org.wildfly.security.http.HttpExchangeSpi; @@ -75,6 +78,7 @@ import org.wildfly.security.http.HttpServerResponse; import org.wildfly.security.http.Scope; import org.wildfly.security.http.basic.BasicMechanismFactory; +import org.wildfly.security.http.bearer.BearerMechanismFactory; import org.wildfly.security.http.digest.DigestMechanismFactory; import org.wildfly.security.http.digest.NonceManager; import org.wildfly.security.http.external.ExternalMechanismFactory; @@ -92,14 +96,16 @@ public class AbstractBaseHttpTest { protected HttpServerAuthenticationMechanismFactory basicFactory = new BasicMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); protected HttpServerAuthenticationMechanismFactory digestFactory = new DigestMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); protected final HttpServerAuthenticationMechanismFactory externalFactory = new ExternalMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); + protected final HttpServerAuthenticationMechanismFactory bearerFactory = new BearerMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); protected HttpServerAuthenticationMechanismFactory statefulBasicFactory = new org.wildfly.security.http.sfbasic.BasicMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); - protected void mockDigestNonce(final String nonce){ - new MockUp(){ + protected void mockDigestNonce(final String nonce) { + new MockUp() { @Mock String generateNonce(byte[] salt) { return nonce; } + @Mock boolean useNonce(final String nonce, byte[] salt, int nonceCount) { return true; @@ -113,6 +119,7 @@ protected SecurityIdentity mockSecurityIdentity(Principal p) { public Principal getPrincipal() { return p; } + @Mock public Roles getRoles() { return Roles.NONE; @@ -375,7 +382,7 @@ public HttpScope getScope(Scope scope, String id) { throw new IllegalStateException(); } - public void setRemoteUser (String remoteUser) { + public void setRemoteUser(String remoteUser) { this.remoteUser = remoteUser; } @@ -439,8 +446,12 @@ public boolean forward(String path) { } protected CallbackHandler getCallbackHandler(String username, String realm, String password) { + return getCallbackHandler(username, realm, password, null); + } + + protected CallbackHandler getCallbackHandler(String username, String realm, String password, String token) { return callbacks -> { - for(Callback callback : callbacks) { + for (Callback callback : callbacks) { if (callback instanceof AvailableRealmsCallback) { ((AvailableRealmsCallback) callback).setRealmNames(realm); } else if (callback instanceof RealmCallback) { @@ -459,27 +470,43 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri throw new IllegalStateException(e); } } else if (callback instanceof EvidenceVerifyCallback) { - PasswordGuessEvidence evidence = (PasswordGuessEvidence) ((EvidenceVerifyCallback) callback).getEvidence(); - ((EvidenceVerifyCallback) callback).setVerified(Arrays.equals(evidence.getGuess(), password.toCharArray())); - evidence.destroy(); + if (((EvidenceVerifyCallback) callback).getEvidence() instanceof PasswordGuessEvidence) { + PasswordGuessEvidence evidence = (PasswordGuessEvidence) ((EvidenceVerifyCallback) callback).getEvidence(); + ((EvidenceVerifyCallback) callback).setVerified(Arrays.equals(evidence.getGuess(), password.toCharArray())); + evidence.destroy(); + } else if (((EvidenceVerifyCallback) callback).getEvidence() instanceof BearerTokenEvidence) { + BearerTokenEvidence evidence = (BearerTokenEvidence) ((EvidenceVerifyCallback) callback).getEvidence(); + ((EvidenceVerifyCallback) callback).setVerified(Objects.equals(token, evidence.getToken())); + } } else if (callback instanceof AuthenticationCompleteCallback) { // NO-OP } else if (callback instanceof IdentityCredentialCallback) { Credential credential = ((IdentityCredentialCallback) callback).getCredential(); - MatcherAssert.assertThat(credential, CoreMatchers.instanceOf(PasswordCredential.class)); - ClearPassword clearPwdCredential = ((PasswordCredential) credential).getPassword().castAs(ClearPassword.class); - Assert.assertNotNull(clearPwdCredential); - Assert.assertArrayEquals(password.toCharArray(), clearPwdCredential.getPassword()); + if (token != null) { + MatcherAssert.assertThat(credential, CoreMatchers.instanceOf(BearerTokenCredential.class)); + String obtainedToken = ((BearerTokenCredential) credential).getToken(); + Assert.assertNotNull(obtainedToken); + Assert.assertEquals(obtainedToken, token); + } else { + MatcherAssert.assertThat(credential, CoreMatchers.instanceOf(PasswordCredential.class)); + ClearPassword clearPwdCredential = ((PasswordCredential) credential).getPassword().castAs(ClearPassword.class); + Assert.assertNotNull(clearPwdCredential); + Assert.assertArrayEquals(password.toCharArray(), clearPwdCredential.getPassword()); + } } else if (callback instanceof AuthorizeCallback) { - if(username.equals(((AuthorizeCallback) callback).getAuthenticationID()) && - username.equals(((AuthorizeCallback) callback).getAuthorizationID())) { + if (token != null) { ((AuthorizeCallback) callback).setAuthorized(true); } else { - ((AuthorizeCallback) callback).setAuthorized(false); + if (username.equals(((AuthorizeCallback) callback).getAuthenticationID()) && + username.equals(((AuthorizeCallback) callback).getAuthorizationID())) { + ((AuthorizeCallback) callback).setAuthorized(true); + } else { + ((AuthorizeCallback) callback).setAuthorized(false); + } } } else if (callback instanceof CachedIdentityAuthorizeCallback) { CachedIdentityAuthorizeCallback ciac = (CachedIdentityAuthorizeCallback) callback; - if(ciac.getAuthorizationPrincipal() != null && + if (ciac.getAuthorizationPrincipal() != null && username.equals(ciac.getAuthorizationPrincipal().getName())) { ciac.setAuthorized(mockSecurityIdentity(ciac.getAuthorizationPrincipal())); } else if (ciac.getIdentity() != null && username.equals(ciac.getIdentity().getPrincipal().getName())) { From 68a5b46be149fbb196e224b6da403c405dcec342 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Wed, 19 Jul 2023 10:33:34 -0400 Subject: [PATCH 011/205] [ELY-2578] Upgrade nimbus-jose-jwt from 8.2.1 to 9.31 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e2e11e973d9..d7ecbe801a3 100644 --- a/pom.xml +++ b/pom.xml @@ -84,7 +84,7 @@ 2.4.0 2.0.0 2.4.9 - 8.2.1 + 9.31 3.8.1 1.0.8.Final 1.0.1.Final From 7e41cdaac85afc397a07a04a171ed2ffb988f3d5 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Mon, 31 Jul 2023 10:50:10 -0400 Subject: [PATCH 012/205] [ELY-2577] OIDC testsuite relies on localhost being in /etc/hosts --- CONTRIBUTING.md | 2 ++ .../src/test/java/org/wildfly/security/http/oidc/OidcTest.java | 1 + 2 files changed, 3 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 27c26b7ae87..9f2389e103b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -81,6 +81,8 @@ To run only a specific test, use: ```bash mvn clean install -Dtest=TestClassName ``` +Note: Some tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). + For more information, including details on how WildFly Elytron is integrated in WildFly Core and WildFly, check out our [developer guide](https://wildfly-security.github.io/wildfly-elytron/getting-started-for-developers/). ## Contributing Guidelines diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 84132472d1c..9ce5a55c934 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -162,6 +162,7 @@ public void testTokenSignatureAlgorithm() throws Exception { true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } + // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { try { From 8cd9e0a096c305e7a9ffca28a840868079d0ca1e Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 24 Aug 2023 09:50:25 -0400 Subject: [PATCH 013/205] Next is 2.3.0 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 72bdd1fe506..cfcc1ade762 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 728276f01e6..8202c013f3b 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 05fdd1f2a68..c5351c594c5 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 620fb0a8941..4b5cf83740b 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 98e419533e2..dc8266202ed 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index f9b8539ab76..ca451f8cf34 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index dca9bb3bae1..cfd4f1738ae 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 2bf5c04ac2d..99569dbf943 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 73eb914c5f6..29e6d8c6324 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 9dc14043f88..890008c0b7d 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 455f483e1f6..bf307eafc44 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 9878daa88af..e2b958ccfa0 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index ea413dff71f..1a003fc1912 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index e2fdcbe6f66..52290de33ab 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 31deac68df2..4712a807987 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index c8d0242e890..67a9b7dc152 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 5ae5d3fc020..34b97e3cf16 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index c22b8cb6446..e203c94060c 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 67096dceceb..80f39a93f27 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 8a7288e2d9d..82814d20624 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 530e7e81d5b..80b3644a51b 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 38de3343af7..6583de37c96 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 656aebba1f8..ff9e1503a25 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index ef3992f3bd2..ad7e880f5a6 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index eeea6200d57..22f4bb3f929 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 0dc47296b21..b48a52963a0 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 21ff7f0f682..4b1369bc9a0 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index a4e996feb5a..4606eacd976 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index be137f0e480..a538ce33cb9 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index da7a12c11ba..7cf1b91a98b 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index ca7851cb9bd..e83afa13bd4 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 766d383028d..c50ceb607c0 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index b8d5cc779f4..37bc40e68e9 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 571a5bb6c7b..2d0842358eb 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 6c48e303469..c8081dd5cc6 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 25f98ef5291..a99e73855ef 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index a3866d31829..73faf47ec3e 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index d614f3893ee..7499b4d4541 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 7ffc0726720..c140df03fa5 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 3e3dc518228..c3aa8c1b53b 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 62904d9c6b5..86937b456cc 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 74793ed417e..76c4411f6fe 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index b26e48a2c06..98a55883595 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index a2bbe5d1464..26124f232e9 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 89b66dc9485..c4ebfd7b3ee 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 0e750465d81..6f39dceee55 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 50bf6bb0d53..dd2ad6a5605 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/pom.xml b/pom.xml index e2e11e973d9..2c4fe4c5bd9 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 93945e47f08..889c5a81fce 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 3b64e4929c3..614c051115d 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index f56a1f27544..785238a78d0 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 131d6156956..c76ec9190e4 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 23038063bf5..e270855ad5c 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index e8e34dceee8..2fca013e325 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index b6140ae620f..83eaedd1802 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index f056d91a72e..8cf888d04d5 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 473d059a559..23893cb0756 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index e5399b28639..1255705e1cc 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 200b751817a..12cc6216251 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index da3aedbe0dd..06dff5ddd54 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 574f892bb98..0abd735f832 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 64a0cbac4c3..88a3d3aaea9 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 6ab429f6763..587fec26bee 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index a5c8334c114..3fc5f2005bd 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index c08ba555c59..5e407d4de47 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 8f9b2cb49df..fc6f5e070a8 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 4c8cb249a72..14849388d2e 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index edac4697477..dba0dbbdcd1 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index d305b8478c1..f16de5aeeb4 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index d455ae968dd..1df51b3229e 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 3abc3cc77ce..ef0e47bf668 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 0b8e9309435..342e790034b 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 91c1715b861..ce77c8a9173 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 4158b3f65d4..d810d45b1e3 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 0428cad0521..397fa3fc183 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 14d491fa901..3f5f25986e1 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.2.2.CR1-SNAPSHOT + 2.3.0.CR1-SNAPSHOT.Final ../../pom.xml From 7bfea75f4154507d2eff68b180967bafca23ccda Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 24 Aug 2023 11:55:06 -0400 Subject: [PATCH 014/205] [ELY-2587] Perform API check against 2.2.2.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1df51b3229e..db4fc9854ab 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -553,7 +553,7 @@ org.wildfly.security wildfly-elytron - 2.2.1.Final + 2.2.2.Final jar From 9857a8e017bf737b6bf8161b26e1002b561bf186 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 1 Sep 2023 12:42:10 -0400 Subject: [PATCH 015/205] Next is 2.3.0 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index cfcc1ade762..e0d97b040ab 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 8202c013f3b..492e6e26b52 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index c5351c594c5..9ac05bf0860 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 4b5cf83740b..2eeba9df51a 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index dc8266202ed..92633c9b3c5 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index ca451f8cf34..f01f6da2bd2 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index cfd4f1738ae..0d4e570a2ec 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 99569dbf943..58b23c0d2e1 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 29e6d8c6324..2f7733a6de5 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 890008c0b7d..c036fdefaab 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index bf307eafc44..fe2ff24288f 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index e2b958ccfa0..0e852557154 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 1a003fc1912..bb3e1a73b4a 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 52290de33ab..d49656a2649 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 4712a807987..fdd824841e2 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 67a9b7dc152..5a9eee5442a 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 34b97e3cf16..f41823ef880 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index e203c94060c..a626bfcfb7d 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 80f39a93f27..534b7111a0e 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 82814d20624..47eb3376a87 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 80b3644a51b..c3e0ef05f67 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 6583de37c96..2de774de9a1 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index ff9e1503a25..e99f3d1b58f 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index ad7e880f5a6..98a9580d632 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 22f4bb3f929..07221384674 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index b48a52963a0..2b50f2c12ef 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 4b1369bc9a0..0df48ec4127 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 4606eacd976..c15741682a2 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index a538ce33cb9..d7c15889085 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 7cf1b91a98b..48418b186ea 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index e83afa13bd4..771c25252a2 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index c50ceb607c0..75337518145 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 37bc40e68e9..b41fbe72d00 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 2d0842358eb..9c8cd05ef08 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index c8081dd5cc6..006053cc028 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index a99e73855ef..985c58057a5 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 73faf47ec3e..dc9d9a7a3e4 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 7499b4d4541..9241c978148 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index c140df03fa5..bb1e9d5f371 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index c3aa8c1b53b..935ff5a8716 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 86937b456cc..6b0d4ce5cba 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 76c4411f6fe..ab4e80850f8 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 98a55883595..f5082a2b317 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 26124f232e9..a10c83cb685 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index c4ebfd7b3ee..e38124ebfa3 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 6f39dceee55..db7d6ad0f56 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index dd2ad6a5605..c860557f216 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 2c4fe4c5bd9..ba9aa556f34 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 889c5a81fce..b857e8387fc 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 614c051115d..046b91341b4 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 785238a78d0..be04830974a 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index c76ec9190e4..992fb6adf00 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index e270855ad5c..69b9d203b60 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 2fca013e325..50d2653a88a 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 83eaedd1802..13415c61ef3 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 8cf888d04d5..984cbee305d 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 23893cb0756..2836d2fff8c 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 1255705e1cc..87b11945b4b 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 12cc6216251..1bb8e031290 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 06dff5ddd54..2e741eb6977 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 0abd735f832..958d5dcb49b 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 88a3d3aaea9..f4060d04183 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 587fec26bee..ba48bc8427c 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 3fc5f2005bd..a394df120e4 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 5e407d4de47..1703e92fdc1 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index fc6f5e070a8..f88e5aae14e 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 14849388d2e..f1a839d1b67 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index dba0dbbdcd1..c0298e2f5f5 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index f16de5aeeb4..8e0f7f96717 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index db4fc9854ab..ee20eb395dc 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index ef0e47bf668..bc865c3acf0 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 342e790034b..1bbb6f8f913 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index ce77c8a9173..107d31c287a 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index d810d45b1e3..ae5c8254204 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 397fa3fc183..eb9452cd863 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 3f5f25986e1..dd4ba3c5357 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT.Final + 2.3.0.CR1-SNAPSHOT ../../pom.xml From 7b98b0fc2e3f226fdf1c67207dcf24e47b8ab7bb Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Thu, 7 Sep 2023 12:17:52 -0400 Subject: [PATCH 016/205] [ELY-2582] Upgrade Jackson FasterXML to version 2.15.2 - resolves CVE PRISMA-2023-0067 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index ba9aa556f34..9dcf58673c7 100644 --- a/pom.xml +++ b/pom.xml @@ -56,8 +56,8 @@ 11 - 2.13.4 - ${version.com.fasterxml.jackson}.2 + 2.15.2 + ${version.com.fasterxml.jackson} 1.4 2.0.2 3.8.1 From 2ffb7e6fd81b33f0d5da710fec78ead36602ea3d Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 11:02:47 -0700 Subject: [PATCH 017/205] ELY-2642:Simplify assertion in testMissingIteration method --- .../java/org/wildfly/security/tool/MaskCommandTest.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java index 3ce57f7b912..c392ad457fc 100644 --- a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java @@ -17,6 +17,7 @@ */ package org.wildfly.security.tool; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Params.LINE_SEPARATOR; @@ -80,8 +81,9 @@ public void testMissingIteration() { String retVal = executeCommandAndCheckStatusAndGetOutput(args); String[] retValLines = retVal.split(LINE_SEPARATOR); - assertTrue("Message about invalid iteration parameter must be present", ("Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.").equals(retValLines[0])); - assertTrue("Output has to be the as pre-generated one", ("MASK-" + pregenerated + ";" + salt + ";" + defaultIteration).equals(retValLines[1])); + assertEquals("Message about invalid iteration parameter must be present", "Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.", + retValLines[0]); + assertEquals("Output has to be the as pre-generated one", "MASK-" + pregenerated + ";" + salt + ";" + defaultIteration, retValLines[1]); } @Test From c735f04439b44fe387db0a5d497100793d4613c6 Mon Sep 17 00:00:00 2001 From: Deepali Kasture Date: Fri, 22 Sep 2023 15:53:12 -0400 Subject: [PATCH 018/205] [ELY-2629] Move method permissionFor in IntNameSetPermissionCollection class --- .../permission/IntNameSetPermissionCollection.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/permission/src/main/java/org/wildfly/security/permission/IntNameSetPermissionCollection.java b/permission/src/main/java/org/wildfly/security/permission/IntNameSetPermissionCollection.java index 81653a35ae2..1174e427149 100644 --- a/permission/src/main/java/org/wildfly/security/permission/IntNameSetPermissionCollection.java +++ b/permission/src/main/java/org/wildfly/security/permission/IntNameSetPermissionCollection.java @@ -33,10 +33,6 @@ final class IntNameSetPermissionCollection extends NameSetPermissionCollection { super(sourcePermission, nameEnumeration); } - private Permission permissionFor(int id) { - return ((AbstractNamedPermission)getSourcePermission()).withName(getNameEnumeration().nameOf(id)); - } - protected void doAdd(final AbstractPermission permission) { int setBits= getBitsForName(permission); final AtomicInteger bitSet = this.bitSet; @@ -113,6 +109,10 @@ public boolean hasNext() { public Permission next() { return nextElement(); } + + private Permission permissionFor(int id) { + return ((AbstractNamedPermission)getSourcePermission()).withName(getNameEnumeration().nameOf(id)); + } } } From e0dd3ee8d1b82b86e48f063fb617062f78dadbe8 Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 13:49:49 -0700 Subject: [PATCH 019/205] ELY-2643 : Simplify assertions in testIterationAsStringValue method in MaskCommandTest --- .../java/org/wildfly/security/tool/MaskCommandTest.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java index c392ad457fc..c99066c3391 100644 --- a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java @@ -126,12 +126,13 @@ public void testIterationAsStringValue() { String[] args = { "--secret", secret, "--salt", salt, "--iteration", "abcd" }; + String retVal = executeCommandAndCheckStatusAndGetOutput(args); String[] retValLines = retVal.split(LINE_SEPARATOR); - assertTrue("IllegalArgumentException must be present", ("java.lang.IllegalArgumentException: ELYTOOL00007: Invalid \"iteration\" value. Must be an integer between 1 and 2147483647, inclusive").equals(retValLines[0])); - assertTrue("Message about invalid iteration parameter must be present", ("Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.").equals(retValLines[1])); - assertTrue("Output has to be the as pre-generated one", ("MASK-" + pregenerated + ";" + salt + ";" + defaultIteration).equals(retValLines[2])); + assertEquals("IllegalArgumentException must be present", "java.lang.IllegalArgumentException: ELYTOOL00007: Invalid \"iteration\" value. Must be an integer between 1 and 2147483647, inclusive", retValLines[0]); + assertEquals("Message about invalid iteration parameter must be present", "Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.", retValLines[1]); + assertEquals("Output has to be the as pre-generated one", "MASK-" + pregenerated + ";" + salt + ";" + defaultIteration, retValLines[2]); } @Test From 0ed9fba448ab965270916bd1fb3795eae012c711 Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 14:20:55 -0700 Subject: [PATCH 020/205] ELY-2644 : Simplify assertions in testIterationAsLongMax method in MaskCommandTest --- .../java/org/wildfly/security/tool/MaskCommandTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java index c99066c3391..0bec23f2cf9 100644 --- a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java @@ -147,9 +147,9 @@ public void testIterationAsLongMax() { String retVal = executeCommandAndCheckStatusAndGetOutput(args); String[] retValLines = retVal.split(LINE_SEPARATOR); - assertTrue("IllegalArgumentException must be present", ("java.lang.IllegalArgumentException: ELYTOOL00007: Invalid \"iteration\" value. Must be an integer between 1 and 2147483647, inclusive").equals(retValLines[0])); - assertTrue("Message about invalid iteration parameter must be present", ("Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.").equals(retValLines[1])); - assertTrue("Output has to be the as pre-generated one", ("MASK-" + pregenerated + ";" + salt + ";" + defaultIteration).equals(retValLines[2])); + assertEquals("IllegalArgumentException must be present", "java.lang.IllegalArgumentException: ELYTOOL00007: Invalid \"iteration\" value. Must be an integer between 1 and 2147483647, inclusive", retValLines[0]); + assertEquals("Message about invalid iteration parameter must be present", "Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.", retValLines[1]); + assertEquals("Output has to be the as pre-generated one", "MASK-" + pregenerated + ";" + salt + ";" + defaultIteration, retValLines[2]); } @Test From 6c3bb4d85420ce978deeb551b287c78bb5c1f0b5 Mon Sep 17 00:00:00 2001 From: srishti Date: Fri, 22 Sep 2023 14:34:30 -0700 Subject: [PATCH 021/205] ELY-2616: Replace this switch statement by if statements to increase readability --- .../credential/store/impl/VaultObjectInputStream.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/credential/store/src/main/java/org/wildfly/security/credential/store/impl/VaultObjectInputStream.java b/credential/store/src/main/java/org/wildfly/security/credential/store/impl/VaultObjectInputStream.java index c71e9202ee2..566a144e16c 100644 --- a/credential/store/src/main/java/org/wildfly/security/credential/store/impl/VaultObjectInputStream.java +++ b/credential/store/src/main/java/org/wildfly/security/credential/store/impl/VaultObjectInputStream.java @@ -31,9 +31,10 @@ final class VaultObjectInputStream extends ObjectInputStream { protected Class resolveClass(final ObjectStreamClass desc) throws IOException, ClassNotFoundException { final String name = desc.getName(); - switch (name) { - case SecurityVaultData.PICKETBOX_CLASS_NAME: return SecurityVaultData.class; - default: return super.resolveClass(desc); + if (name.equals(SecurityVaultData.PICKETBOX_CLASS_NAME)) { + return SecurityVaultData.class; + } else { + return super.resolveClass(desc); } } } From 0dd7f6445307e03df6d1bbf0540777111eaab50d Mon Sep 17 00:00:00 2001 From: Deepali Kasture Date: Fri, 22 Sep 2023 17:53:46 -0400 Subject: [PATCH 022/205] ELY-2617:Add a default case to this switch in DigestMechanismFactory --- .../wildfly/security/http/digest/DigestMechanismFactory.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestMechanismFactory.java b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestMechanismFactory.java index 85ba265ba63..3a64c3fe130 100644 --- a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestMechanismFactory.java +++ b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestMechanismFactory.java @@ -109,8 +109,9 @@ public HttpServerAuthenticationMechanism createAuthenticationMechanism(String me return new DigestAuthenticationMechanism(callbackHandler, nonceManager, (String) properties.get(CONFIG_REALM), (String) properties.get(CONFIG_CONTEXT_PATH), DIGEST_SHA256_NAME, SHA256, providers, (String) properties.get(HttpConstants.CONFIG_VALIDATE_DIGEST_URI)); case DIGEST_SHA512_256_NAME: return new DigestAuthenticationMechanism(callbackHandler, nonceManager, (String) properties.get(CONFIG_REALM), (String) properties.get(CONFIG_CONTEXT_PATH), DIGEST_SHA512_256_NAME, SHA512_256, providers, (String) properties.get(HttpConstants.CONFIG_VALIDATE_DIGEST_URI)); + default: + return null; } - return null; } /* From b9bf6dc2aef3f6303cf092dbb0e02ef6bea385e6 Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 10:47:16 -0700 Subject: [PATCH 023/205] ELY-2641 : Simplify assersions in MaskCommandTest#testMissingSaltAndIteration method --- .../test/java/org/wildfly/security/tool/MaskCommandTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java index 3ce57f7b912..d685f8289af 100644 --- a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java @@ -17,6 +17,7 @@ */ package org.wildfly.security.tool; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Params.LINE_SEPARATOR; @@ -64,7 +65,7 @@ public void testMissingSaltAndIteration() { String[] retValLines = retVal.split(LINE_SEPARATOR); assertTrue("Message about invalid salt parameter must be present", retValLines[0].contains("Invalid \"salt\" parameter. Generated value")); - assertTrue("Message about invalid iteration parameter must be present", ("Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.").equals(retValLines[1])); + assertEquals("Message about invalid iteration parameter must be present", "Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.", retValLines[1]); assertTrue("Message about invalid salt parameter must be present", retValLines[2].contains("MASK-")); } From 90025c5ff93950b1544a5391eab15c31393dcb35 Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 15:07:08 -0700 Subject: [PATCH 024/205] ELY-2645 : Simplify assertions in testIterationAsNegativeValue method in MaskCommandTest --- .../java/org/wildfly/security/tool/MaskCommandTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java index 0bec23f2cf9..ad186021938 100644 --- a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java @@ -164,9 +164,9 @@ public void testIterationAsNegativeValue() { String retVal = executeCommandAndCheckStatusAndGetOutput(args); String[] retValLines = retVal.split(LINE_SEPARATOR); - assertTrue("IllegalArgumentException must be present", ("java.lang.IllegalArgumentException: ELYTOOL00007: Invalid \"iteration\" value. Must be an integer between 1 and 2147483647, inclusive").equals(retValLines[0])); - assertTrue("Message about invalid iteration parameter must be present", ("Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.").equals(retValLines[1])); - assertTrue("Output has to be the as pre-generated one", ("MASK-" + pregenerated + ";" + salt + ";" + defaultIteration).equals(retValLines[2])); + assertEquals("IllegalArgumentException must be present", "java.lang.IllegalArgumentException: ELYTOOL00007: Invalid \"iteration\" value. Must be an integer between 1 and 2147483647, inclusive",retValLines[0]); + assertEquals("Message about invalid iteration parameter must be present", "Invalid \"iteration\" parameter. Default value \"" + defaultIteration + "\" will be used.",retValLines[1]); + assertEquals("Output has to be the as pre-generated one", "MASK-" + pregenerated + ";" + salt + ";" + defaultIteration, retValLines[2]); } @Test From 8294043df29c8c8e75f39a8f85fb1af65c8cf35d Mon Sep 17 00:00:00 2001 From: srishti Date: Fri, 22 Sep 2023 15:12:02 -0700 Subject: [PATCH 025/205] ELY-2618 Replacing if-else statement by return statement in OidcClientConfiguration.java --- .../wildfly/security/http/oidc/OidcClientConfiguration.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java index db872b30a89..3e18fb4eb6d 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java @@ -419,10 +419,7 @@ public void setSSLRequired(SSLRequired sslRequired) { } public boolean isSSLEnabled() { - if (SSLRequired.NONE == sslRequired) { - return false; - } - return true; + return SSLRequired.NONE != sslRequired; } public int getConfidentialPort() { From ed9e56c3e783777b4410e540bc61652a3c7a1bbf Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 15:15:54 -0700 Subject: [PATCH 026/205] ELY-2640 : Simplify assertion in maskCompatibilityCheck test in MaskCommandTest class --- .../test/java/org/wildfly/security/tool/MaskCommandTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java index 0bec23f2cf9..41edb62f15b 100644 --- a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java @@ -52,7 +52,7 @@ public void maskCompatibilityCheck() throws Exception { String retVal = executeCommandAndCheckStatusAndGetOutput(args); String retValNoNewLine = retVal.substring(0, retVal.indexOf(LINE_SEPARATOR)); - assertTrue("output has to be the as pre-generated one", ("MASK-" + pbGenerated + ";" + "ASDF1234" + ";" + 123).equals(retValNoNewLine)); + assertEquals("output has to be the as pre-generated one", "MASK-" + pbGenerated + ";" + "ASDF1234" + ";" + 123, retValNoNewLine); } @Test From b015d0ef42d707311b3f169b799052e906cacbdb Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 15:23:27 -0700 Subject: [PATCH 027/205] ELY-2635 : Update README to specify 2.x instead of the 1.x branch --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c889a528d36..25c67e2d316 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,8 @@ Bugs and features are tracked within the Elytron Jira project at https://issues. Contributions ------------- -All new features and enhancements should be submitted to 1.x branch only. -Our [contribution guide](https://github.com/wildfly-security/wildfly-elytron/blob/1.x/CONTRIBUTING.md) will guide you through the steps for getting started on the WildFly Elytron project and will go through how to format and submit your first PR. +All new features and enhancements should be submitted to 2.x branch only. +Our [contribution guide](https://github.com/wildfly-security/wildfly-elytron/blob/2.x/CONTRIBUTING.md) will guide you through the steps for getting started on the WildFly Elytron project and will go through how to format and submit your first PR. For more details, check out our [getting started guide](https://wildfly-security.github.io/wildfly-elytron/getting-started-for-developers/) for developers. @@ -45,4 +45,4 @@ There are a couple ways to get in touch with us. Feel free to ask questions on the WildFly user [forum](https://groups.google.com/g/wildfly). -The WildFly Elytron team also has an open chat room where you can listen in and ask questions. Join us on [Zulip chat](https://wildfly.zulipchat.com/#narrow/stream/173102-wildfly-elytron). \ No newline at end of file +The WildFly Elytron team also has an open chat room where you can listen in and ask questions. Join us on [Zulip chat](https://wildfly.zulipchat.com/#narrow/stream/173102-wildfly-elytron). From 0e09156be7bf43fcad2fe134c4ffa70a7e90c0ec Mon Sep 17 00:00:00 2001 From: Deepali Kasture Date: Fri, 22 Sep 2023 18:35:35 -0400 Subject: [PATCH 028/205] ELY-2623:Add a new test methods testing that the verifyEvidence method of identity obtained from DistributedSecurityRealm --- .../auth/realm/DistributedSecurityRealmTest.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/base/src/test/java/org/wildfly/security/auth/realm/DistributedSecurityRealmTest.java b/tests/base/src/test/java/org/wildfly/security/auth/realm/DistributedSecurityRealmTest.java index 1e0001c20bc..1a1abbe686b 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/realm/DistributedSecurityRealmTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/realm/DistributedSecurityRealmTest.java @@ -133,6 +133,16 @@ public void testExistingIdentity3() throws Exception { identity.dispose(); } + @Test + public void testVerifyEvidence() throws Exception { + + RealmIdentity identity = realm.getRealmIdentity(new NamePrincipal("user1")); + Assert.assertTrue(identity.verifyEvidence(new PasswordGuessEvidence(pass1))); + Assert.assertFalse(identity.verifyEvidence(new PasswordGuessEvidence(pass2))); + Assert.assertFalse(identity.verifyEvidence(new PasswordGuessEvidence(pass3))); + identity.dispose(); + } + @Test public void testEvidence() throws Exception { RealmIdentity identity = realm.getRealmIdentity(new SimpleEvidence("evidenceUser", true)); From 33e292357bd947e84c6f7616317096bc886da80f Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 15:54:07 -0700 Subject: [PATCH 029/205] ELY-2619 : Immediately return this expression instead of assigning it to the temporary variable --- .../java/org/wildfly/security/http/oidc/OidcHttpFacade.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java index d27a3a9f200..a4c1b94bc1d 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java @@ -121,8 +121,7 @@ public Principal getPrincipal() { SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback(); IdentityCredentialCallback credentialCallback = new IdentityCredentialCallback(new BearerTokenCredential(OidcPrincipal.class.cast(principal).getOidcSecurityContext().getTokenString()), true); callbackHandler.handle(new Callback[]{credentialCallback, AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback}); - SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity(); - return securityIdentity; + return securityIdentityCallback.getSecurityIdentity(); } } catch (UnsupportedCallbackException | IOException e) { throw new RuntimeException(e); From bdcda6315ff459480d27ae3c4857f2453ead5ee7 Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 16:00:21 -0700 Subject: [PATCH 030/205] ELY-2609 : Replace if-then-else statement with a single return statement in OidcPrincipal --- .../java/org/wildfly/security/http/oidc/OidcPrincipal.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcPrincipal.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcPrincipal.java index dc26a5c49be..b506b6b7596 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcPrincipal.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcPrincipal.java @@ -50,9 +50,7 @@ public boolean equals(Object o) { OidcPrincipal that = (OidcPrincipal) o; - if (! name.equals(that.name)) return false; - - return true; + return name.equals(that.name); } @Override From 3fb24563a95a9a4aac554d3524f07e392db298ea Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 15:48:49 -0700 Subject: [PATCH 031/205] ELY-2628 : Move the method LongNameSetPermissionCollection#permissionFor to the inner class Iter ELY-2628 : Move the method LongNameSetPermissionCollection#permissionFor to the inner class Iter ELY-2628 : Move the method LongNameSetPermissionCollection#permissionFor to the inner class Iter --- .../permission/LongNameSetPermissionCollection.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/permission/src/main/java/org/wildfly/security/permission/LongNameSetPermissionCollection.java b/permission/src/main/java/org/wildfly/security/permission/LongNameSetPermissionCollection.java index 3ef54a65549..4ebc3469911 100644 --- a/permission/src/main/java/org/wildfly/security/permission/LongNameSetPermissionCollection.java +++ b/permission/src/main/java/org/wildfly/security/permission/LongNameSetPermissionCollection.java @@ -33,10 +33,6 @@ final class LongNameSetPermissionCollection extends NameSetPermissionCollection super(sourcePermission, nameEnumeration); } - private Permission permissionFor(int id) { - return ((AbstractNamedPermission)getSourcePermission()).withName(getNameEnumeration().nameOf(id)); - } - protected void doAdd(final AbstractPermission permission) { long setBits = getBitsForName(permission); final AtomicLong bitSet = this.bitSet; @@ -113,6 +109,10 @@ public boolean hasNext() { public Permission next() { return nextElement(); } + + private Permission permissionFor(int id) { + return ((AbstractNamedPermission)getSourcePermission()).withName(getNameEnumeration().nameOf(id)); + } } } From c94a5186ad377b0540a9249134e809b0a3a1b63b Mon Sep 17 00:00:00 2001 From: Ger-Jan te Dorsthorst Date: Tue, 26 Sep 2023 17:40:33 +0200 Subject: [PATCH 032/205] [ELY-2592] Update the SyslogAuditEndpoint constructor to no longer use a ternary statement --- .../org/wildfly/security/audit/SyslogAuditEndpoint.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/audit/src/main/java/org/wildfly/security/audit/SyslogAuditEndpoint.java b/audit/src/main/java/org/wildfly/security/audit/SyslogAuditEndpoint.java index 577c96f15e1..70d772f1856 100644 --- a/audit/src/main/java/org/wildfly/security/audit/SyslogAuditEndpoint.java +++ b/audit/src/main/java/org/wildfly/security/audit/SyslogAuditEndpoint.java @@ -66,7 +66,13 @@ public Integer run() { */ SyslogAuditEndpoint(Builder builder) throws IOException { maxReconnectAttempts = builder.maxReconnectAttempts; - protocol = builder.ssl ? Protocol.SSL_TCP : builder.tcp ? Protocol.TCP : Protocol.UDP; + if (builder.ssl) { + protocol = Protocol.SSL_TCP; + } else if (builder.tcp) { + protocol = Protocol.TCP; + } else { + protocol = Protocol.UDP; + } syslogHandler = new SyslogHandler(checkNotNullParam("serverAddress", builder.serverAddress), builder.port, Facility.SECURITY, builder.format, protocol, checkNotNullParam("hostName", builder.hostName)); From 8b6ef9f1ba86f8822a8c5a44561dd37335b5e86e Mon Sep 17 00:00:00 2001 From: Ger-Jan te Dorsthorst Date: Tue, 26 Sep 2023 17:53:55 +0200 Subject: [PATCH 033/205] [ELY-2593] Update the CompositePrincipal constructor to no longer use a ternary statement --- .../security/auth/principal/CompositePrincipal.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/auth/base/src/main/java/org/wildfly/security/auth/principal/CompositePrincipal.java b/auth/base/src/main/java/org/wildfly/security/auth/principal/CompositePrincipal.java index 88a9b473d1e..8bd0383454c 100644 --- a/auth/base/src/main/java/org/wildfly/security/auth/principal/CompositePrincipal.java +++ b/auth/base/src/main/java/org/wildfly/security/auth/principal/CompositePrincipal.java @@ -62,7 +62,13 @@ public CompositePrincipal(Principal... principals) { } private CompositePrincipal(Principal[] principals, boolean clone) { - p = principals.length == 0 ? NO_PRINCIPALS : clone ? principals.clone() : principals; + if (principals.length == 0) { + p = NO_PRINCIPALS; + } else if (clone) { + p = principals.clone(); + } else { + p = principals; + } for (int i = 0; i < p.length; i++) { Assert.checkNotNullArrayParam("principals", i, p[i]); } From 3f3fb5a488839dae69d0af3b065a872a9090db78 Mon Sep 17 00:00:00 2001 From: nasonawa Date: Thu, 28 Sep 2023 20:51:59 +0530 Subject: [PATCH 034/205] [ELY-2599] Update assertEquals calls in RegexRoleMapperTest so that the expected value and actual value are passed in the correct order --- .../security/authz/RegexRoleMapperTest.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/auth/server/base/src/test/java/org/wildfly/security/authz/RegexRoleMapperTest.java b/auth/server/base/src/test/java/org/wildfly/security/authz/RegexRoleMapperTest.java index 0dcd79c601a..87e660bad03 100644 --- a/auth/server/base/src/test/java/org/wildfly/security/authz/RegexRoleMapperTest.java +++ b/auth/server/base/src/test/java/org/wildfly/security/authz/RegexRoleMapperTest.java @@ -48,7 +48,7 @@ public void testRegexMapper() { iterator.next(); count++; } - assertEquals(count, 3); + assertEquals(3, count); } @Test @@ -69,7 +69,7 @@ public void testRegexMapperDoNotKeepNonMapped() { iterator.next(); count++; } - assertEquals(count, 2); + assertEquals(2,count); } @Test @@ -90,7 +90,7 @@ public void testRegexMapper2() { iterator.next(); count++; } - assertEquals(count, 2); + assertEquals(2,count); } @Test @@ -111,7 +111,7 @@ public void testRegexMapper3() { iterator.next(); count++; } - assertEquals(count, 3); + assertEquals(3,count); } @Test @@ -132,7 +132,7 @@ public void testRegexMapperEmailKeep() { iterator.next(); count++; } - assertEquals(count, 3); + assertEquals(3,count); } @Test @@ -153,7 +153,7 @@ public void testRegexMapperEmailDoNotKeep() { iterator.next(); count++; } - assertEquals(count, 2); + assertEquals( 2,count); } @Test @@ -174,7 +174,7 @@ public void testRegexMapperEmailDoNotKeepReplaceAll() { iterator.next(); count++; } - assertEquals(count, 2); + assertEquals( 2,count); } @Test(expected = IllegalArgumentException.class) @@ -238,7 +238,7 @@ public void testRegexMapperReplaceAllSubstrings() { iterator.next(); count++; } - assertEquals(count, 2); + assertEquals(2,count); } private Set createSet(String... values) { From 19dfeca8eace01ecd1a088f9c44f5823fee9b515 Mon Sep 17 00:00:00 2001 From: nasonawa Date: Tue, 26 Sep 2023 07:20:37 +0530 Subject: [PATCH 035/205] [ELY-2601] declared newMap on a separate line in PasswordKeyStoreSpi --- .../org/wildfly/security/keystore/PasswordKeyStoreSpi.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/credential/base/src/main/java/org/wildfly/security/keystore/PasswordKeyStoreSpi.java b/credential/base/src/main/java/org/wildfly/security/keystore/PasswordKeyStoreSpi.java index b5c592f6303..3cf4959452a 100644 --- a/credential/base/src/main/java/org/wildfly/security/keystore/PasswordKeyStoreSpi.java +++ b/credential/base/src/main/java/org/wildfly/security/keystore/PasswordKeyStoreSpi.java @@ -91,7 +91,9 @@ public void engineSetEntry(final String alias, final KeyStore.Entry entry, final if (protParam != null) { throw log.keyCannotBeProtected(alias); } - HashMap map, newMap; + HashMap map; + HashMap newMap; + do { map = pwRef.get(); if (map == null) { From fa47fd525513460a2e7f7be954033109bb0523ef Mon Sep 17 00:00:00 2001 From: Ger-Jan te Dorsthorst Date: Tue, 26 Sep 2023 16:47:12 +0200 Subject: [PATCH 036/205] [ELY-2591] Move min method into the PeriodicRotatingFileAuditEndpoint#Builder class --- .../security/audit/PeriodicRotatingFileAuditEndpoint.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/audit/src/main/java/org/wildfly/security/audit/PeriodicRotatingFileAuditEndpoint.java b/audit/src/main/java/org/wildfly/security/audit/PeriodicRotatingFileAuditEndpoint.java index 52ac51b871f..c0aeede7342 100644 --- a/audit/src/main/java/org/wildfly/security/audit/PeriodicRotatingFileAuditEndpoint.java +++ b/audit/src/main/java/org/wildfly/security/audit/PeriodicRotatingFileAuditEndpoint.java @@ -233,9 +233,10 @@ public Builder setSuffix(String suffix) throws IllegalArgumentException { public AuditEndpoint build() throws IOException { return new PeriodicRotatingFileAuditEndpoint(this); } - } - private static > T min(T a, T b) { - return a.compareTo(b) <= 0 ? a : b; + private static > T min(T a, T b) { + return a.compareTo(b) <= 0 ? a : b; + } } + } \ No newline at end of file From b1f4197e56517ce96755618b322ea62b713d9db0 Mon Sep 17 00:00:00 2001 From: xjusko Date: Tue, 3 Oct 2023 11:22:44 +0200 Subject: [PATCH 037/205] [ELY-2632] Add incorrect response field test for server with SASL Digest authentication. --- .../sasl/digest/CompatibilityServerTest.java | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java index 3258ded2825..fa8e5416ee0 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java @@ -743,4 +743,28 @@ public void testMoreRealmsWithEscapedDelimiters() throws Exception { assertEquals("chris", server.getAuthorizationID()); } + @Test + public void testIncorrectResponseField() throws Exception { + mockNonce("OA6MG9tEQGm2hh"); + + SaslServer server = + new SaslServerBuilder(DigestServerFactory.class, SaslMechanismInformation.Names.DIGEST_MD5) + .setUserName("chris") + .setPassword(ClearPassword.ALGORITHM_CLEAR, new ClearPasswordSpec("secret".toCharArray())) + .setProtocol("imap").setServerName("elwood.innosoft.com") + .addMechanismRealm("elwood.innosoft.com") + .build(); + assertFalse(server.isComplete()); + + byte[] message = server.evaluateResponse(new byte[0]); + assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",charset=utf-8,algorithm=md5-sess", new String(message, "UTF-8")); + assertFalse(server.isComplete()); + + byte[] invalidMessage = "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=incorrectResponse,qop=auth".getBytes(StandardCharsets.UTF_8); + try { + server.evaluateResponse(invalidMessage); + } catch (SaslException e) { + assertTrue(e.getMessage().contains("invalid proof")); + } + } } From aeeca5f6e86004964547972ea3705334b3b332e2 Mon Sep 17 00:00:00 2001 From: Ger-Jan te Dorsthorst Date: Wed, 4 Oct 2023 15:04:35 +0200 Subject: [PATCH 038/205] [ELY-2624] Update the JavaDoc for the PrincipalDecoder#aggregate method --- .../org/wildfly/security/auth/server/PrincipalDecoder.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth/server/base/src/main/java/org/wildfly/security/auth/server/PrincipalDecoder.java b/auth/server/base/src/main/java/org/wildfly/security/auth/server/PrincipalDecoder.java index bfa033f7477..7f48a45f3f0 100644 --- a/auth/server/base/src/main/java/org/wildfly/security/auth/server/PrincipalDecoder.java +++ b/auth/server/base/src/main/java/org/wildfly/security/auth/server/PrincipalDecoder.java @@ -74,8 +74,8 @@ default PrincipalDecoder withRewriter(NameRewriter nameRewriter) { } /** - * Create an aggregated credential decoder. The aggregated decoder will check each credential decoder until one - * matches the credential; this result will be returned. + * Create an aggregated principal decoder. The aggregated decoder will check each principal decoder until one + * matches the principal; this result will be returned. * * @param decoders the constituent decoders * @return the aggregated decoder From e4b57689e2bc9bf480bd4284250796994113dd26 Mon Sep 17 00:00:00 2001 From: xjusko Date: Thu, 5 Oct 2023 15:31:36 +0200 Subject: [PATCH 039/205] [ELY-2622] Add a new test class that makes use of the BearerMechanismFactory --- http/bearer/pom.xml | 5 + .../bearer/BearerMechanismFactoryTest.java | 127 ++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100644 http/bearer/src/test/java/org/wildfly/security/http/bearer/BearerMechanismFactoryTest.java diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index e99f3d1b58f..2be33fb93b6 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -68,6 +68,11 @@ org.wildfly.common wildfly-common + + junit + junit + test + diff --git a/http/bearer/src/test/java/org/wildfly/security/http/bearer/BearerMechanismFactoryTest.java b/http/bearer/src/test/java/org/wildfly/security/http/bearer/BearerMechanismFactoryTest.java new file mode 100644 index 00000000000..08c09f0dc90 --- /dev/null +++ b/http/bearer/src/test/java/org/wildfly/security/http/bearer/BearerMechanismFactoryTest.java @@ -0,0 +1,127 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2023 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.bearer; + + +import org.junit.Test; +import org.junit.Assert; +import org.wildfly.security.http.HttpAuthenticationException; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; + +import javax.security.auth.callback.CallbackHandler; +import java.util.HashMap; + +import static org.wildfly.security.http.HttpConstants.BASIC_NAME; +import static org.wildfly.security.http.HttpConstants.BEARER_TOKEN; + +/** + * This test class contains unit tests for the {@link BearerMechanismFactory}. + * + * @author Marek Jusko + */ +public class BearerMechanismFactoryTest { + + private final BearerMechanismFactory bearerMechanismFactory = new BearerMechanismFactory(); + private final HashMap emptyProperties = new HashMap<>(); + + CallbackHandler dummyCallbackHandler = callbacks -> {}; + + /** + * Unit test for the {@link BearerMechanismFactory#getMechanismNames} method with a {@code null} properties map. + * Verifies that the method returns a non-null array containing the Bearer mechanism name. + */ + @Test + public void testGetMechanismNamesWithNullProperties() { + BearerMechanismFactory factory = new BearerMechanismFactory(); + String[] mechanismNames = factory.getMechanismNames(null); + + Assert.assertNotNull("Array of mechanism names cannot be null.", mechanismNames); + Assert.assertEquals(1, mechanismNames.length); + Assert.assertEquals(BEARER_TOKEN, mechanismNames[0]); + } + + /** + * Unit test for the {@link BearerMechanismFactory#getMechanismNames} method with an empty properties map. + * Verifies that the method returns a non-null array containing the Bearer mechanism name. + */ + @Test + public void testGetMechanismNamesWithEmptyProperties() { + BearerMechanismFactory factory = new BearerMechanismFactory(); + String[] mechanismNames = factory.getMechanismNames(emptyProperties); + + Assert.assertNotNull("Array of mechanism names cannot be null.", mechanismNames); + Assert.assertEquals(1, mechanismNames.length); + Assert.assertEquals(BEARER_TOKEN, mechanismNames[0]); + } + + /** + * Verifies that creating an authentication mechanism with a null mechanism name results in an IllegalArgumentException. + */ + @Test(expected = IllegalArgumentException.class) + public void testCreateAuthenticationMechanismMechanismNameNull() throws HttpAuthenticationException { + bearerMechanismFactory.createAuthenticationMechanism(null, emptyProperties, dummyCallbackHandler); + Assert.fail("IllegalArgumentException expected for null mechanismName."); + } + + /** + * Verifies that creating an authentication mechanism with null properties results in an IllegalArgumentException. + */ + @Test(expected = IllegalArgumentException.class) + public void testCreateAuthenticationMechanismPropertiesNull() throws HttpAuthenticationException { + bearerMechanismFactory.createAuthenticationMechanism(BEARER_TOKEN, null, dummyCallbackHandler); + Assert.fail("IllegalArgumentException expected for null properties."); + } + + /** + * Verifies that creating an authentication mechanism with a null callback handler results in an IllegalArgumentException. + */ + @Test(expected = IllegalArgumentException.class) + public void testCreateAuthenticationMechanismCallbackHandlerNull() throws HttpAuthenticationException { + bearerMechanismFactory.createAuthenticationMechanism(BEARER_TOKEN, emptyProperties, null); + Assert.fail("IllegalArgumentException expected for null callbackHandler."); + } + + /** + * Verifies that creating an authentication mechanism with the BASIC mechanism name returns null. + */ + @Test + public void testCreateAuthenticationMechanismBasicMechanismName() throws HttpAuthenticationException { + HttpServerAuthenticationMechanism mechanism = bearerMechanismFactory.createAuthenticationMechanism(BASIC_NAME, emptyProperties, dummyCallbackHandler); + Assert.assertNull("Expected null mechanism for the BASIC mechanism name.", mechanism); + } + + /** + * Verifies that creating an authentication mechanism with an incorrect mechanism name returns null. + */ + @Test + public void testCreateAuthenticationMechanismIncorrectMechanismName() throws HttpAuthenticationException { + HttpServerAuthenticationMechanism mechanism = bearerMechanismFactory.createAuthenticationMechanism("INCORRECT_NAME", emptyProperties, dummyCallbackHandler); + Assert.assertNull("Expected null mechanism for an incorrect mechanism name.", mechanism); + } + + /** + * Tests that creating a Bearer authentication mechanism with valid parameters returns a non-null mechanism. + */ + @Test + public void testCreateValidBearerAuthenticationMechanism() throws HttpAuthenticationException{ + HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = bearerMechanismFactory.createAuthenticationMechanism(BEARER_TOKEN, emptyProperties, dummyCallbackHandler); + Assert.assertNotNull("HttpServerAuthenticationMechanism cannot be null.",httpServerAuthenticationMechanism); + } + +} From f8518949720b749600975d8070973d5c6834d65c Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 6 Oct 2023 14:20:56 -0400 Subject: [PATCH 040/205] [ELY-2658] Remove the unassigned call to the constructor in X500AttributePrincipalDecoderTest#testDecodeWithConcatenation --- .../security/x500/X500AttributePrincipalDecoderTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java b/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java index 19a3fa89433..11efb0a05a2 100644 --- a/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java +++ b/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java @@ -63,7 +63,7 @@ public void testDecodeAttributeWithSubrange() { @Test public void testDecodeWithConcatenation() { - X500Principal principal; new X500Principal("cn=bob.smith,cn=bob,ou=people,dc=example,dc=redhat,dc=com"); + X500Principal principal; PrincipalDecoder dcDecoder, dcDecoder1, cnDecoder, ouDecoder, concatenatingDecoder; principal = new X500Principal("cn=bob.smith,cn=bob,ou=people,dc=example,dc=redhat,dc=com"); dcDecoder = new X500AttributePrincipalDecoder(X500.OID_DC); From 34d8b0202c187e150c94003f34fd022aff8a04dd Mon Sep 17 00:00:00 2001 From: Ger-Jan te Dorsthorst Date: Mon, 2 Oct 2023 20:25:12 +0200 Subject: [PATCH 041/205] [ELY-2625] Add a test to X500AttributePrincipalDecoderTest that makes use of the PrincipalDecoder#aggregate method --- .../X500AttributePrincipalDecoderTest.java | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java b/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java index 19a3fa89433..f38da64b8e5 100644 --- a/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java +++ b/tests/base/src/test/java/org/wildfly/security/x500/X500AttributePrincipalDecoderTest.java @@ -19,6 +19,7 @@ package org.wildfly.security.x500; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; import javax.security.auth.x500.X500Principal; @@ -61,6 +62,37 @@ public void testDecodeAttributeWithSubrange() { assertEquals("jboss.redhat.com", decoder.getName(principal)); } + @Test + public void testDecodeWithAggregation() { + X500Principal principal = new X500Principal("cn=bob.smith,cn=bob,ou=people,dc=example,dc=redhat,dc=com"); + PrincipalDecoder dcDecoder = new X500AttributePrincipalDecoder(X500.OID_DC); + PrincipalDecoder cnDecoder = new X500AttributePrincipalDecoder(X500.OID_AT_COMMON_NAME, 1); + PrincipalDecoder aggregateDecoder = PrincipalDecoder.aggregate(cnDecoder, dcDecoder); + assertEquals("bob.smith", aggregateDecoder.getName(principal)); + aggregateDecoder = PrincipalDecoder.aggregate(dcDecoder, cnDecoder); + assertEquals("example.redhat.com", aggregateDecoder.getName(principal)); + + principal = new X500Principal("cn=bob.smith,ou=people,dc=example,dc=redhat"); + cnDecoder = new X500AttributePrincipalDecoder(X500.OID_AT_COMMON_NAME); + PrincipalDecoder ouDecoder = new X500AttributePrincipalDecoder(X500.OID_AT_ORGANIZATIONAL_UNIT_NAME, 1); + dcDecoder = new X500AttributePrincipalDecoder(X500.OID_DC, 1); + PrincipalDecoder dcDecoder1 = new X500AttributePrincipalDecoder(X500.OID_DC, 1, 1); + aggregateDecoder = PrincipalDecoder.aggregate(dcDecoder1, dcDecoder, ouDecoder, cnDecoder); + assertEquals("redhat", aggregateDecoder.getName(principal)); + aggregateDecoder = PrincipalDecoder.aggregate(dcDecoder, dcDecoder1, ouDecoder, cnDecoder); + assertEquals("example", aggregateDecoder.getName(principal)); + aggregateDecoder = PrincipalDecoder.aggregate(cnDecoder, dcDecoder1, dcDecoder, ouDecoder); + assertEquals("bob.smith", aggregateDecoder.getName(principal)); + + principal = new X500Principal("cn=bob.smith,dc=example,dc=redhat"); + aggregateDecoder = PrincipalDecoder.aggregate(ouDecoder); + assertNull(aggregateDecoder.getName(principal)); + aggregateDecoder = PrincipalDecoder.aggregate(dcDecoder, ouDecoder); + assertEquals("example", aggregateDecoder.getName(principal)); + aggregateDecoder = PrincipalDecoder.aggregate(dcDecoder, ouDecoder, dcDecoder1); + assertEquals("example", aggregateDecoder.getName(principal)); + } + @Test public void testDecodeWithConcatenation() { X500Principal principal; new X500Principal("cn=bob.smith,cn=bob,ou=people,dc=example,dc=redhat,dc=com"); From bfe6164022e7001b6fee2dfc4f31fc55bb294df3 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 6 Oct 2023 16:06:18 -0400 Subject: [PATCH 042/205] [ELY-2620] Add a test that makes use of the RoleMapper#and method to RoleMappingTest --- .../security/authz/RoleMappingTest.java | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java b/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java index 7bf83335c08..22b526d1cb6 100644 --- a/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java +++ b/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java @@ -259,6 +259,41 @@ public void testDifferenceRoles() { assertEquals(1, count); } + @Test + public void testIntersectionMappedRoles() { + Roles roles = createRoles("foo", "joe"); + + Map> mappingMap1 = new HashMap<>(); + mappingMap1.put("foo", createSet("bar", "role")); + + RoleMapper mapper1 = new MappedRoleMapper.Builder() + .setRoleMap(mappingMap1).build(); + + Map> mappingMap2 = new HashMap<>(); + mappingMap2.put("foo", createSet("bar", "test")); + + RoleMapper mapper2 = new MappedRoleMapper.Builder() + .setRoleMap(mappingMap2).build(); + + RoleMapper mapper3 = mapper1.and(mapper2); + + Roles mappedRoles = mapper3.mapRoles(roles); + + assertTrue(mappedRoles.contains("bar")); + assertFalse(mappedRoles.contains("role")); + assertFalse(mappedRoles.contains("test")); + assertFalse(mappedRoles.contains("foo")); + assertFalse(mappedRoles.contains("joe")); + + Iterator iterator = mappedRoles.iterator(); + int count = 0; + while (iterator.hasNext()) { + iterator.next(); + count++; + } + assertEquals(1, count); + } + private Set createSet(String... values) { HashSet set = new HashSet<>(); for (String s : values) set.add(s); From 6c4b48203c67bc0f016112aabb6ba28ac4f976c0 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 6 Oct 2023 16:44:11 -0400 Subject: [PATCH 043/205] [ELY-2613] Update an assertEquals call in ScramServerCompatibilityTest#testAllowedAuthorizationId so that the expected value and actual value are passed in the correct order --- .../security/sasl/scram/ScramServerCompatibilityTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/scram/ScramServerCompatibilityTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/scram/ScramServerCompatibilityTest.java index 7c8c7cbcb1b..fbbd40c747c 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/scram/ScramServerCompatibilityTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/scram/ScramServerCompatibilityTest.java @@ -215,7 +215,7 @@ public void testAllowedAuthorizationId() throws Exception { assertEquals("v=xzTfS758LckdRoQKN/ZFY/Bauxo=", new String(message, StandardCharsets.UTF_8)); assertTrue(saslServer.isComplete()); - assertEquals(saslServer.getAuthorizationID(), "user"); + assertEquals("user", saslServer.getAuthorizationID()); } /** From 186a856c0e4e7594e86fc15ffde64856cae2baed Mon Sep 17 00:00:00 2001 From: Sravan Kumar Date: Sat, 7 Oct 2023 04:08:37 +0000 Subject: [PATCH 044/205] ELY-2412 Updated link to Elytron's Jira issues in README.adoc --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 25c67e2d316..e2a22f2df4c 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ $ mvn clean install Issue Tracking -------------- -Bugs and features are tracked within the Elytron Jira project at https://issues.jboss.org/browse/ELY +Bugs and features are tracked within the Elytron Jira project at https://issues.redhat.com/browse/ELY Contributions ------------- From 3def1a1a470a5b72dd1a8b6c7f5d4972be5652e5 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Sun, 8 Oct 2023 19:57:36 -0400 Subject: [PATCH 045/205] [ELY-2602] Update assertEquals calls in ElytronXmlParserTest so that the expected value and actual value are passed in the correct order --- .../wildfly/security/auth/client/ElytronXmlParserTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth/client/src/test/java/org/wildfly/security/auth/client/ElytronXmlParserTest.java b/auth/client/src/test/java/org/wildfly/security/auth/client/ElytronXmlParserTest.java index 58e29768184..ac33fd96f04 100644 --- a/auth/client/src/test/java/org/wildfly/security/auth/client/ElytronXmlParserTest.java +++ b/auth/client/src/test/java/org/wildfly/security/auth/client/ElytronXmlParserTest.java @@ -167,8 +167,8 @@ public void testWebservices() throws Exception { Assert.assertNotNull(node); String wsHttpMechanism = node.getConfiguration().getWsHttpMechanism(); String wsSecurityType = node.getConfiguration().getWsSecurityType(); - Assert.assertEquals(wsHttpMechanism, "BASIC"); - Assert.assertEquals(wsSecurityType, "UsernameToken"); + Assert.assertEquals("BASIC", wsHttpMechanism); + Assert.assertEquals("UsernameToken", wsSecurityType); } @Test From ed46950d2c3a72da3ad133334418ec37fd0cecf0 Mon Sep 17 00:00:00 2001 From: Vaibhav Jain Date: Mon, 9 Oct 2023 01:03:03 +0530 Subject: [PATCH 046/205] [ELY-2608] Adding MASK- prefix in a constant variable --- .../main/java/org/wildfly/security/tool/VaultCommand.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java index 3b3b2b2ee86..11181c5fd57 100644 --- a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java @@ -85,6 +85,7 @@ public class VaultCommand extends Command { public static final String VAULT_COMMAND = "vault"; public static final String FAIL_IF_EXIST_PARAM = "fail-if-exist"; + public static final String MASK_PREFIX = "MASK-"; // convert options public static final String KEYSTORE_PASSWORD_PARAM = "keystore-password"; @@ -391,7 +392,7 @@ private List parseDescriptorFile(String descriptorFileLocation) thro } private CredentialSourceProtectionParameter getCredentialStoreProtectionParameter(final String vaultPassword, final String salt, final int iterationCount) throws GeneralSecurityException { - char[] password = vaultPassword.startsWith("MASK-") ? decodeMaskedPassword(vaultPassword.substring("MASK-".length()), salt, iterationCount) + char[] password = vaultPassword.startsWith(MASK_PREFIX) ? decodeMaskedPassword(vaultPassword.substring(MASK_PREFIX.length()), salt, iterationCount) : vaultPassword.toCharArray(); return new CredentialStore.CredentialSourceProtectionParameter( IdentityCredentials.NONE.withCredential( @@ -399,7 +400,7 @@ private CredentialSourceProtectionParameter getCredentialStoreProtectionParamete } private CredentialSourceProtectionParameter getVaultCredentialStoreProtectionParameter(final String keyStoreURL, final String vaultPassword, final String salt, final int iterationCount, final String secretKeyAlias) throws GeneralSecurityException, IOException { - char[] password = vaultPassword.startsWith("MASK-") ? decodeMaskedPassword(vaultPassword.substring("MASK-".length()), salt, iterationCount) + char[] password = vaultPassword.startsWith(MASK_PREFIX) ? decodeMaskedPassword(vaultPassword.substring(MASK_PREFIX.length()), salt, iterationCount) : vaultPassword.toCharArray(); final KeyStore keyStore = KeyStore.getInstance(defaultKeyStoreType); try (FileInputStream in = new FileInputStream(new File(keyStoreURL))) { @@ -445,7 +446,7 @@ private void printSummary (String keystorePassword, String salt, int iterationCo if (keystorePassword != null) { password = keystorePassword; if (salt != null && iterationCount > -1) { - password = keystorePassword.startsWith("MASK-") ? keystorePassword + ";" + salt + ";" + String.valueOf(iterationCount) + password = keystorePassword.startsWith(MASK_PREFIX) ? keystorePassword + ";" + salt + ";" + String.valueOf(iterationCount) : MaskCommand.computeMasked(keystorePassword, salt, iterationCount); } } From 8ff278ed22219e3cb00ae4f6a5b048d286a99e71 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Mon, 9 Oct 2023 11:29:47 -0400 Subject: [PATCH 047/205] =?UTF-8?q?[ELY-2604]=20Make=20the=20constructor?= =?UTF-8?q?=20for=20FailoverRealmIdentity=20to=20=E2=80=9Cprotected?= =?UTF-8?q?=E2=80=9D=20since=20it=20is=20an=20abstract=20class?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/wildfly/security/auth/realm/FailoverSecurityRealm.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FailoverSecurityRealm.java b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FailoverSecurityRealm.java index 9264e6dad06..2edcbbdc5ff 100644 --- a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FailoverSecurityRealm.java +++ b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FailoverSecurityRealm.java @@ -134,7 +134,7 @@ protected abstract class FailoverRealmIdentity implements RealmIdentity { protected RealmIdentity delegate; protected boolean failed = false; - public FailoverRealmIdentity(final RealmIdentity identity) { + protected FailoverRealmIdentity(final RealmIdentity identity) { this.delegate = identity; } From 4a22fc1ad69e2dd9060bafc493f8516fc5d7a4e5 Mon Sep 17 00:00:00 2001 From: xjusko Date: Mon, 2 Oct 2023 14:40:08 +0200 Subject: [PATCH 048/205] [ELY-2614] Refactor KeyStoreUtilTest to use common method. --- .../security/keystore/KeyStoreUtilTest.java | 133 +++++------------- 1 file changed, 34 insertions(+), 99 deletions(-) diff --git a/keystore/src/test/java/org/wildfly/security/keystore/KeyStoreUtilTest.java b/keystore/src/test/java/org/wildfly/security/keystore/KeyStoreUtilTest.java index 1ff8b92dbaa..07bc7814a81 100644 --- a/keystore/src/test/java/org/wildfly/security/keystore/KeyStoreUtilTest.java +++ b/keystore/src/test/java/org/wildfly/security/keystore/KeyStoreUtilTest.java @@ -102,122 +102,32 @@ public void afterTest() { @Test public void testJKS() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { - System.out.println("Testing JKS..."); - Certificate jkscert = generateCertificate(); - String filename = "testks.jks"; - String alias = "alias"; - char[] password = "password".toCharArray(); - - generateKeyStoreWithKey(filename, "jks", alias, password, jkscert); - - KeyStore loadedStore = KeyStoreUtil.loadKeyStore(providerSupplier, null, new FileInputStream(new File(workingDir, filename)), filename, password); - Assert.assertNotNull(loadedStore); - Certificate loadedCert = loadedStore.getCertificate(alias); - - Assert.assertEquals(jkscert, loadedCert); + testKeyStore("testks.jks", "jks", false); } @Test public void testJCEKS() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { - System.out.println("Testing JCEKS..."); - Certificate jkscert = generateCertificate(); - String filename = "testks.pkcs12"; - String alias = "alias"; - char[] password = "password".toCharArray(); - - generateKeyStoreWithKey(filename, "jceks", alias, password, jkscert); - - KeyStore loadedStore = KeyStoreUtil.loadKeyStore(providerSupplier, null, new FileInputStream(new File(workingDir, filename)), filename, password); - Assert.assertNotNull(loadedStore); - Certificate loadedCert = loadedStore.getCertificate(alias); - - Assert.assertEquals(jkscert, loadedCert); + testKeyStore("testks.pkcs12", "jceks", false); } @Test public void testPKCS12() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { - System.out.println("Testing PKCS12..."); - Certificate jkscert = generateCertificate(); - String filename = "testks.asdf"; - String alias = "alias"; - char[] password = "password".toCharArray(); - - generateKeyStoreWithKey(filename, "pkcs12", alias, password, jkscert); - - KeyStore loadedStore = KeyStoreUtil.loadKeyStore(providerSupplier, null, new FileInputStream(new File(workingDir, filename)), filename, password); - Assert.assertNotNull(loadedStore); - Certificate loadedCert = loadedStore.getCertificate(alias); - - Assert.assertEquals(jkscert, loadedCert); + testKeyStore("testks.asdf", "pkcs12", false); } @Test - public void testBKS() throws CertificateException, KeyStoreException, IOException { - System.out.println("Testing BKS..."); - Certificate jkscert = generateCertificate(); - String filename = "testks.bks"; - String alias = "alias"; - char[] password = "password".toCharArray(); - boolean bcfailed = false; - try { - generateKeyStoreWithKey(filename, "bks", alias, password, jkscert); - } catch (Exception e) { - bcfailed = true; - } - - Assume.assumeFalse("BC elytronProvider not found, skipping BC keystore recognition", bcfailed); - - KeyStore loadedStore = KeyStoreUtil.loadKeyStore(providerSupplier, null, new FileInputStream(new File(workingDir, filename)), filename, password); - Assert.assertNotNull(loadedStore); - Certificate loadedCert = loadedStore.getCertificate(alias); - - Assert.assertEquals(jkscert, loadedCert); + public void testBKS() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException { + testKeyStore("testks.asdf", "bks", true); } @Test - public void testUBER() throws CertificateException, KeyStoreException, IOException { - System.out.println("Testing UBER..."); - Certificate jkscert = generateCertificate(); - String filename = "testks.ubr"; - String alias = "alias"; - char[] password = "password".toCharArray(); - boolean bcfailed = false; - try { - generateKeyStoreWithKey(filename, "uber", alias, password, jkscert); - } catch (Exception e) { - bcfailed = true; - } - - Assume.assumeFalse("BC elytronProvider not found, skipping BC keystore recognition", bcfailed); - - KeyStore loadedStore = KeyStoreUtil.loadKeyStore(providerSupplier, null, new FileInputStream(new File(workingDir, filename)), filename, password); - Assert.assertNotNull(loadedStore); - Certificate loadedCert = loadedStore.getCertificate(alias); - - Assert.assertEquals(jkscert, loadedCert); + public void testUBER() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException { + testKeyStore("testks.asdf", "uber", true); } @Test - public void testBCFKS() throws CertificateException, KeyStoreException, IOException { - System.out.println("Testing BCFKS..."); - Certificate jkscert = generateCertificate(); - String filename = "testks.bcfks"; - String alias = "alias"; - char[] password = "password".toCharArray(); - boolean bcfailed = false; - try { - generateKeyStoreWithKey(filename, "bcfks", alias, password, jkscert); - } catch (Exception e) { - bcfailed = true; - } - - Assume.assumeFalse("BC elytronProvider not found, skipping BC keystore recognition", bcfailed); - - KeyStore loadedStore = KeyStoreUtil.loadKeyStore(providerSupplier, null, new FileInputStream(new File(workingDir, filename)), filename, password); - Assert.assertNotNull(loadedStore); - Certificate loadedCert = loadedStore.getCertificate(alias); - - Assert.assertEquals(jkscert, loadedCert); + public void testBCFKS() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException { + testKeyStore("testks.asdf", "bcfks", true); } @Test @@ -302,4 +212,29 @@ private static File getWorkingDir() { } return workingDir; } + + private void testKeyStore(String filename, String keystoreType, boolean testBCKeyStore) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException { + System.out.println("Testing " + keystoreType.toUpperCase() + "..."); + Certificate jkscert = generateCertificate(); + String alias = "alias"; + char[] password = "password".toCharArray(); + + if (testBCKeyStore) { + boolean bcfailed = false; + try { + generateKeyStoreWithKey(filename, keystoreType, alias, password, jkscert); + } catch (Exception e) { + bcfailed = true; + } + Assume.assumeFalse("BC elytronProvider not found, skipping BC keystore recognition", bcfailed); + } else { + generateKeyStoreWithKey(filename, keystoreType, alias, password, jkscert); + } + + KeyStore loadedStore = KeyStoreUtil.loadKeyStore(providerSupplier, null, new FileInputStream(new File(workingDir, filename)), filename, password); + Assert.assertNotNull(loadedStore); + Certificate loadedCert = loadedStore.getCertificate(alias); + + Assert.assertEquals(jkscert, loadedCert); + } } From fb44b7c59ea6ae429e270b8e24ff9c49c7146701 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 6 Oct 2023 15:31:56 -0400 Subject: [PATCH 049/205] [ELY-2621] Add a test that makes use of the RoleMapper#or method to RoleMappingTest --- .../security/authz/RoleMappingTest.java | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java b/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java index 22b526d1cb6..3cec301e615 100644 --- a/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java +++ b/auth/server/base/src/test/java/org/wildfly/security/authz/RoleMappingTest.java @@ -294,6 +294,41 @@ public void testIntersectionMappedRoles() { assertEquals(1, count); } + @Test + public void testUnionMappedRoles() { + Roles roles = createRoles("foo", "joe"); + + Map> mappingMap1 = new HashMap<>(); + mappingMap1.put("foo", createSet("bar", "role")); + + RoleMapper mapper1 = new MappedRoleMapper.Builder() + .setRoleMap(mappingMap1).build(); + + Map> mappingMap2 = new HashMap<>(); + mappingMap2.put("foo", createSet("bar", "test")); + + RoleMapper mapper2 = new MappedRoleMapper.Builder() + .setRoleMap(mappingMap2).build(); + + RoleMapper mapper3 = mapper1.or(mapper2); + + Roles mappedRoles = mapper3.mapRoles(roles); + + assertTrue(mappedRoles.contains("bar")); + assertTrue(mappedRoles.contains("role")); + assertTrue(mappedRoles.contains("test")); + assertFalse(mappedRoles.contains("foo")); + assertFalse(mappedRoles.contains("joe")); + + Iterator iterator = mappedRoles.iterator(); + int count = 0; + while (iterator.hasNext()) { + iterator.next(); + count++; + } + assertEquals(3, count); + } + private Set createSet(String... values) { HashSet set = new HashSet<>(); for (String s : values) set.add(s); From 9226989da17a6d4ad966aafe8cb457cfd1e3736c Mon Sep 17 00:00:00 2001 From: sugan0tech Date: Sun, 8 Oct 2023 20:12:59 +0530 Subject: [PATCH 050/205] [ELY-2612] Code refactor (removed duplicates) --- .../sasl/scram/BasicScramSelfTest.java | 43 +++++++------------ 1 file changed, 15 insertions(+), 28 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/scram/BasicScramSelfTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/scram/BasicScramSelfTest.java index 0eeeb7a4d25..4c0933d6af0 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/scram/BasicScramSelfTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/scram/BasicScramSelfTest.java @@ -92,46 +92,22 @@ public Void run() { @Test public void testAuthenticationSha1ClearPassword() throws Exception { - final SaslServer saslServer = - new SaslServerBuilder(ScramSaslServerFactory.class, SaslMechanismInformation.Names.SCRAM_SHA_1) - .setUserName("user") - .setPassword("pencil".toCharArray()) - .build(); - CallbackHandler clientHandler = createClientCallbackHandler("user", "pencil".toCharArray()); - testAuthentication(SaslMechanismInformation.Names.SCRAM_SHA_1, saslServer, clientHandler, "user", EMPTY); + performAuthenticationTest("user", "pencil", "user", "pencil"); } @Test(expected = SaslException.class) public void testAuthenticationSha1ClearPasswordBadUsername() throws Exception { - final SaslServer saslServer = - new SaslServerBuilder(ScramSaslServerFactory.class, SaslMechanismInformation.Names.SCRAM_SHA_1) - .setUserName("user") - .setPassword("pencil".toCharArray()) - .build(); - CallbackHandler clientHandler = createClientCallbackHandler("wrong", "pencil".toCharArray()); - testAuthentication(SaslMechanismInformation.Names.SCRAM_SHA_1, saslServer, clientHandler, "user", EMPTY); + performAuthenticationTest("user", "pencil", "wrong", "pencil"); } @Test(expected = SaslException.class) public void testAuthenticationSha1ClearPasswordBadPassword() throws Exception { - final SaslServer saslServer = - new SaslServerBuilder(ScramSaslServerFactory.class, SaslMechanismInformation.Names.SCRAM_SHA_1) - .setUserName("user") - .setPassword("pencil".toCharArray()) - .build(); - CallbackHandler clientHandler = createClientCallbackHandler("user", "wrong".toCharArray()); - testAuthentication(SaslMechanismInformation.Names.SCRAM_SHA_1, saslServer, clientHandler, "user", EMPTY); + performAuthenticationTest("user", "pencil", "user", "wrong"); } @Test public void testAuthenticationSha1ClearCredentialPassword() throws Exception { - final SaslServer saslServer = - new SaslServerBuilder(ScramSaslServerFactory.class, SaslMechanismInformation.Names.SCRAM_SHA_1) - .setUserName("user") - .setPassword("pencil".toCharArray()) - .build(); - CallbackHandler clientHandler = createClientCallbackHandler("user", "pencil".toCharArray()); - testAuthentication(SaslMechanismInformation.Names.SCRAM_SHA_1, saslServer, clientHandler, "user", EMPTY); + performAuthenticationTest("user", "pencil", "user", "pencil"); } @Test @@ -265,6 +241,17 @@ public void testPlusClientWithBindingWithNonPlusServer() throws Exception { } } + private void performAuthenticationTest(String username, String password, String clientUsername, String clientPassword) throws Exception { + final SaslServer saslServer = + new SaslServerBuilder(ScramSaslServerFactory.class, SaslMechanismInformation.Names.SCRAM_SHA_1) + .setUserName(username) + .setPassword(password.toCharArray()) + .build(); + CallbackHandler clientHandler = createClientCallbackHandler(clientUsername, clientPassword.toCharArray()); + + testAuthentication(SaslMechanismInformation.Names.SCRAM_SHA_1, saslServer, clientHandler, username, EMPTY); + } + private void testAuthentication(String mechanism, SaslServer saslServer, CallbackHandler clientHandler, String authorizationId, Map clientProps) throws Exception { final SaslClientFactory clientFactory = obtainSaslClientFactory(); assertNotNull(clientFactory); From 02e7f195e1e91dbed3cdf8917f019105cbf9521f Mon Sep 17 00:00:00 2001 From: lvydra Date: Fri, 6 Oct 2023 08:34:28 +0200 Subject: [PATCH 051/205] [ELY-2615] Add a test class that tests creating and making use of a custom NameRewriter --- .../auth/server/CustomNameRewriterTest.java | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 tests/base/src/test/java/org/wildfly/security/auth/server/CustomNameRewriterTest.java diff --git a/tests/base/src/test/java/org/wildfly/security/auth/server/CustomNameRewriterTest.java b/tests/base/src/test/java/org/wildfly/security/auth/server/CustomNameRewriterTest.java new file mode 100644 index 00000000000..c3a8f59d7ab --- /dev/null +++ b/tests/base/src/test/java/org/wildfly/security/auth/server/CustomNameRewriterTest.java @@ -0,0 +1,92 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2023 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.auth.server; + +import org.junit.Test; +import org.wildfly.security.auth.permission.LoginPermission; +import org.wildfly.security.auth.realm.FileSystemSecurityRealm; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class CustomNameRewriterTest { + + private static final String BEFORE_USER_NAME = "Bob"; + private static final String AFTER_USER_NAME = "Robert"; + + @Test + public void testCustomNameRewriter() { + CustomNameRewriter rewriter = new CustomNameRewriter(); + String adjustedName = rewriter.rewriteName(BEFORE_USER_NAME); + assertEquals(AFTER_USER_NAME, adjustedName); + } + + @Test + public void testCustomNameRewriterAuthentication() throws Exception { + FileSystemSecurityRealm fileSystemSecurityRealm = createSecurityRealm(); + CustomNameRewriter rewriter = new CustomNameRewriter(); + SecurityDomain domainWithRewriter = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", fileSystemSecurityRealm).build() + .setPermissionMapper(((permissionMappable, roles) -> LoginPermission.getInstance())) + .setPreRealmRewriter(rewriter) + .build(); + ServerAuthenticationContext sac1 = domainWithRewriter.createNewAuthenticationContext(); + sac1.setAuthenticationName(BEFORE_USER_NAME); // security domain contains the user "Robert" + assertTrue(sac1.authorize()); + + SecurityDomain domainWithoutRewriter = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", fileSystemSecurityRealm).build() + .setPermissionMapper(((permissionMappable, roles) -> LoginPermission.getInstance())) + .build(); + ServerAuthenticationContext sac2 = domainWithoutRewriter.createNewAuthenticationContext(); + sac2.setAuthenticationName(BEFORE_USER_NAME); // should fail if rewriter not configured + assertFalse(sac2.authorize()); + } + + @Test + public void testCustomNameRewriterNonExistingUser() throws Exception{ + FileSystemSecurityRealm fileSystemSecurityRealm = createSecurityRealm(); + CustomNameRewriter rewriter = new CustomNameRewriter(); + SecurityDomain securityDomain = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", fileSystemSecurityRealm).build() + .setPermissionMapper(((permissionMappable, roles) -> LoginPermission.getInstance())) + .setPreRealmRewriter(rewriter) + .build(); + ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext(); + sac.setAuthenticationName("John"); + assertFalse(sac.authorize()); + } + + private FileSystemSecurityRealm createSecurityRealm() throws Exception { + FileSystemSecurityRealm realm = new FileSystemSecurityRealm(ServerUtils.getRootPath(true, getClass())); + ServerUtils.addUser(realm, AFTER_USER_NAME); + return realm; + } + + private final class CustomNameRewriter implements NameRewriter { + + @Override + public String rewriteName(String original) { + if (original == null) { + return null; + } else if (original.equals(BEFORE_USER_NAME)) { + return AFTER_USER_NAME; + } else { + return original; + } + } + } +} From 4198c903558acc62266220a464e617e82727084e Mon Sep 17 00:00:00 2001 From: sugan0tech Date: Sun, 8 Oct 2023 17:28:30 +0530 Subject: [PATCH 052/205] [ELY-2610] migrate getAccessTokenHash method to AtHashValidator class. --- .../security/http/oidc/TokenValidator.java | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/TokenValidator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/TokenValidator.java index b1540bb1146..746318043f6 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/TokenValidator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/TokenValidator.java @@ -274,6 +274,18 @@ public ErrorCodeValidator.Error validate(JwtContext jwtContext) throws Malformed } return null; } + + private static String getAccessTokenHash(String accessTokenString, String jwsAlgorithm) throws NoSuchAlgorithmException { + byte[] inputBytes = accessTokenString.getBytes(StandardCharsets.UTF_8); + String javaAlgName = getJavaAlgorithmForHash(jwsAlgorithm); + MessageDigest md = MessageDigest.getInstance(javaAlgName); + md.update(inputBytes); + byte[] hash = md.digest(); + int hashLength = hash.length / 2; + byte[] hashInput = Arrays.copyOf(hash, hashLength); // leftmost half of the hash + return ByteIterator.ofBytes(hashInput).base64Encode(BASE64_URL, false).drainToString(); + } + } private static class TypeValidator implements ErrorCodeValidator { @@ -297,17 +309,6 @@ public ErrorCodeValidator.Error validate(JwtContext jwtContext) throws Malformed } } - private static String getAccessTokenHash(String accessTokenString, String jwsAlgorithm) throws NoSuchAlgorithmException { - byte[] inputBytes = accessTokenString.getBytes(StandardCharsets.UTF_8); - String javaAlgName = getJavaAlgorithmForHash(jwsAlgorithm); - MessageDigest md = MessageDigest.getInstance(javaAlgName); - md.update(inputBytes); - byte[] hash = md.digest(); - int hashLength = hash.length / 2; - byte[] hashInput = Arrays.copyOf(hash, hashLength); // leftmost half of the hash - return ByteIterator.ofBytes(hashInput).base64Encode(BASE64_URL, false).drainToString(); - } - public static class VerifiedTokens { private final AccessToken accessToken; From 0400fe2ca6bb8ba3c783854fa1256096d13ad3b8 Mon Sep 17 00:00:00 2001 From: Abhishek Nigam Date: Sat, 7 Oct 2023 00:53:39 +0530 Subject: [PATCH 053/205] [ELY-2603] replace switch statement with if condition to improve readability This closes ticket https://issues.redhat.com/browse/ELY-2603 --- .../security/auth/client/ElytronXmlParser.java | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java index 0a9702d1c87..2268b276428 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java @@ -714,13 +714,10 @@ private static void parseCertificateRevocationLists(ConfigurationXMLStreamReader while (reader.hasNext()) { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { - switch (reader.getLocalName()) { - case "certificate-revocation-list": { - parseCertificateRevocationList(reader, builder, xmlVersion, true); - break; - } - default: - throw reader.unexpectedElement(); + if (reader.getLocalName().equals("certificate-revocation-list")) { + parseCertificateRevocationList(reader, builder, xmlVersion, true); + } else { + throw reader.unexpectedElement(); } } else if (tag != END_ELEMENT) { throw reader.unexpectedContent(); From 50f5108fa49809e10bdfd77f98ef61bfaab2f80d Mon Sep 17 00:00:00 2001 From: Abhishek Nigam Date: Sat, 7 Oct 2023 00:54:18 +0530 Subject: [PATCH 054/205] [ELY-2596] add missing @Override annotation on override method This add missing @Override annotation on dispose() method of class FileSystemSecurityRealm This closes ticket https://issues.redhat.com/browse/ELY-2596 --- .../org/wildfly/security/auth/realm/FileSystemSecurityRealm.java | 1 + 1 file changed, 1 insertion(+) diff --git a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java index 6ef7cc4cc9a..ba1ef0c0418 100644 --- a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java +++ b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java @@ -1099,6 +1099,7 @@ private void writeIdentity(final XMLStreamWriter streamWriter, final LoadedIdent streamWriter.writeEndDocument(); } + @Override public void dispose() { // Release the lock for this realm identity IdentityLock identityLock = lock; From 6dbf7f98adcd2850d5ceb007e46d8a7f195b31cf Mon Sep 17 00:00:00 2001 From: Abhishek Nigam Date: Sat, 7 Oct 2023 00:12:21 +0530 Subject: [PATCH 055/205] [ELY-2607] directly append iterationCount(int) to String instead of using String.valueOf() This closes ticket https://issues.redhat.com/browse/ELY-2607 --- tool/src/main/java/org/wildfly/security/tool/VaultCommand.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java index 11181c5fd57..edf7fb18acb 100644 --- a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java @@ -446,7 +446,7 @@ private void printSummary (String keystorePassword, String salt, int iterationCo if (keystorePassword != null) { password = keystorePassword; if (salt != null && iterationCount > -1) { - password = keystorePassword.startsWith(MASK_PREFIX) ? keystorePassword + ";" + salt + ";" + String.valueOf(iterationCount) + password = keystorePassword.startsWith(MASK_PREFIX) ? keystorePassword + ";" + salt + ";" + iterationCount : MaskCommand.computeMasked(keystorePassword, salt, iterationCount); } } From 7529e8929c7ac6fdc83a44b5f5d60af8030bd9b7 Mon Sep 17 00:00:00 2001 From: Abhishek Nigam Date: Sat, 7 Oct 2023 00:14:29 +0530 Subject: [PATCH 056/205] [ELY-2606] make two Elytron class data members final This makes data members ElytronToolExitStatus_unrecognizedCommand & ElytronToolExitStatus_OK final (they're already declared as public static) since their values don't change. This closes ticket https://issues.redhat.com/browse/ELY-2606 --- tool/src/main/java/org/wildfly/security/tool/ElytronTool.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java b/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java index 0d0d4193a10..2cae692d978 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java @@ -36,11 +36,11 @@ public class ElytronTool { /** * status code for unrecognized command */ - public static int ElytronToolExitStatus_unrecognizedCommand = 1; + public static final int ElytronToolExitStatus_unrecognizedCommand = 1; /** * status code for no problems */ - public static int ElytronToolExitStatus_OK = 0; + public static final int ElytronToolExitStatus_OK = 0; private Map commandRegistry = new HashMap<>(); /** From 96f93ef6c27ea749c5f080f11b45c7a32375af1a Mon Sep 17 00:00:00 2001 From: Abhishek Nigam Date: Sat, 7 Oct 2023 00:18:34 +0530 Subject: [PATCH 057/205] [ELY-2605] make two CredentialStoreCommand class data members final This makes data members ACTION_NOT_DEFINED & ALIAS_NOT_FOUND final (they're already declared as public static) since their values don't change. This closes ticket https://issues.redhat.com/browse/ELY-2605 --- .../org/wildfly/security/tool/CredentialStoreCommand.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java index 62b2637a773..493d5df134c 100644 --- a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java @@ -92,8 +92,8 @@ */ class CredentialStoreCommand extends Command { - public static int ACTION_NOT_DEFINED = 5; - public static int ALIAS_NOT_FOUND = 6; + public static final int ACTION_NOT_DEFINED = 5; + public static final int ALIAS_NOT_FOUND = 6; public static final String RSA_ALGORITHM = "RSA"; public static final String DSA_ALGORITHM = "DSA"; From e681ae54a117c6051acae4bca2e7b3502a363669 Mon Sep 17 00:00:00 2001 From: Abhishek Nigam Date: Sat, 7 Oct 2023 00:22:30 +0530 Subject: [PATCH 058/205] [ELY-2595] remove unused parameter This removes unused parameter identityToWrite from requiredVersion method signature. This closes ticket https://issues.redhat.com/browse/ELY-2595 --- .../wildfly/security/auth/realm/FileSystemSecurityRealm.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java index ba1ef0c0418..2b04bf1ca19 100644 --- a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java +++ b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java @@ -1000,7 +1000,7 @@ private Void replaceIdentityPrivileged(final LoadedIdentity newIdentity) throws } } - private Version requiredVersion(final LoadedIdentity identityToWrite) { + private Version requiredVersion() { // As new functionality is added we will identify if we need to use a later version // if new functionality is used then use the required schema version otherwise fallback // to an older version. @@ -1018,7 +1018,7 @@ private void writeIdentity(final XMLStreamWriter streamWriter, final LoadedIdent streamWriter.writeStartDocument(); streamWriter.writeCharacters("\n"); streamWriter.writeStartElement("identity"); - streamWriter.writeDefaultNamespace(requiredVersion(newIdentity).getNamespace()); + streamWriter.writeDefaultNamespace(requiredVersion().getNamespace()); if (integrityEnabled) { streamWriter.writeCharacters("\n "); From 4c6214100ceecc3e222e9585f5e06a84dbe5701a Mon Sep 17 00:00:00 2001 From: Abhishek Nigam Date: Sat, 7 Oct 2023 00:25:46 +0530 Subject: [PATCH 059/205] [ELY-2597] merge if statements in verifyCertificate method This merges an if statement with it's enclosing if statement to increase readability. This closes ticket https://issues.redhat.com/browse/ELY-2597 --- .../security/auth/realm/ldap/X509EvidenceVerifier.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java index 8b2bd7bd61a..b764ee60f50 100644 --- a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java +++ b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java @@ -176,10 +176,8 @@ public boolean verifyCertificate(X509Certificate certificate, Attributes attribu for (int i = 0; i < size; i++) { Object attrDigest = attribute.get(i); - if (attrDigest != null){ - if (digest.equalsIgnoreCase((String) attrDigest)) { - return true; - } + if (attrDigest != null && digest.equalsIgnoreCase((String) attrDigest)){ + return true; } } } catch (NoSuchAlgorithmException | CertificateEncodingException e) { From 5c21c443629175259cc689f84f31ddbbabfb5ae3 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 13 Oct 2023 14:26:27 -0400 Subject: [PATCH 060/205] [ELY-2676] Merge if statement with the enclosing one in AcmeClientSpi#getRetryAfter --- .../org/wildfly/security/x500/cert/acme/AcmeClientSpi.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/x500/cert/acme/src/main/java/org/wildfly/security/x500/cert/acme/AcmeClientSpi.java b/x500/cert/acme/src/main/java/org/wildfly/security/x500/cert/acme/AcmeClientSpi.java index 3003ae0d4c4..452480eb7a9 100644 --- a/x500/cert/acme/src/main/java/org/wildfly/security/x500/cert/acme/AcmeClientSpi.java +++ b/x500/cert/acme/src/main/java/org/wildfly/security/x500/cert/acme/AcmeClientSpi.java @@ -921,10 +921,8 @@ private static long getRetryAfter(HttpURLConnection connection, boolean useDefau } } - if (retryAfterMilli == -1) { - if (useDefaultIfHeaderNotPresent) { - retryAfterMilli = DEFAULT_RETRY_AFTER_MILLI; - } + if (retryAfterMilli == -1 && useDefaultIfHeaderNotPresent) { + retryAfterMilli = DEFAULT_RETRY_AFTER_MILLI; } return retryAfterMilli; } From f1cea2007abfb32a58f73d875735d1abfa5324d0 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 13 Oct 2023 15:10:47 -0400 Subject: [PATCH 061/205] [ELY-2677] Merge if statement with the enclosing one in X500#createX509CertificateChain --- .../src/main/java/org/wildfly/security/x500/X500.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/x500/base/src/main/java/org/wildfly/security/x500/X500.java b/x500/base/src/main/java/org/wildfly/security/x500/X500.java index 1c1e6ddafd4..0ab9ed83401 100644 --- a/x500/base/src/main/java/org/wildfly/security/x500/X500.java +++ b/x500/base/src/main/java/org/wildfly/security/x500/X500.java @@ -246,12 +246,10 @@ private static boolean createX509CertificateChain(final X509Certificate firstCer return false; } for (X509Certificate issuerCertificate : issuerCertificates) { - if (issuedBy(firstCertificate, issuerCertificate)) { + if (issuedBy(firstCertificate, issuerCertificate) && createX509CertificateChain(issuerCertificate, certificateChain, certificatesMap)) { // recurse - if (createX509CertificateChain(issuerCertificate, certificateChain, certificatesMap)) { - certificateChain.add(firstCertificate); - return true; - } + certificateChain.add(firstCertificate); + return true; } } return false; From f450ee020bb6959be97e057d6ee6b0741712e9ad Mon Sep 17 00:00:00 2001 From: Vaibhav Jain Date: Sat, 14 Oct 2023 00:57:08 +0530 Subject: [PATCH 062/205] [ELY-2686] Merge an if statement with the enclosing one in X509EvidenceVerifier --- .../security/auth/realm/ldap/X509EvidenceVerifier.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java index 8b2bd7bd61a..068a151d5d6 100644 --- a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java +++ b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/X509EvidenceVerifier.java @@ -217,10 +217,9 @@ public boolean verifyCertificate(X509Certificate certificate, Attributes attribu try { for (int i = 0; i < size; i++) { Object attrCertificate = attribute.get(i); - if (attrCertificate != null){ - if (MessageDigest.isEqual(certificate.getEncoded(), (byte[]) attrCertificate)) { - return true; - } + if (attrCertificate != null + && MessageDigest.isEqual(certificate.getEncoded(), (byte[]) attrCertificate)) { + return true; } } } catch (CertificateEncodingException e) { From 2761569058631f70a1e3d09fc2e82c54057d5775 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 13 Oct 2023 14:49:35 -0400 Subject: [PATCH 063/205] [ELY-2685] Replace assert in PasswordBasedEncryptionUtilTest with a proper check --- .../security/util/PasswordBasedEncryptionUtilTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/util/PasswordBasedEncryptionUtilTest.java b/tests/base/src/test/java/org/wildfly/security/util/PasswordBasedEncryptionUtilTest.java index b0fc5420197..d3e511c4547 100644 --- a/tests/base/src/test/java/org/wildfly/security/util/PasswordBasedEncryptionUtilTest.java +++ b/tests/base/src/test/java/org/wildfly/security/util/PasswordBasedEncryptionUtilTest.java @@ -183,9 +183,9 @@ private void checkPb(String secret, String salt, int iteration, String pbGenerat String crossDecrypted = new String(decryptUtil.decodeAndDecrypt(pbGenerated)); String decrypted = new String(decryptUtil.decodeAndDecrypt(encrypted)); - Assert.assertTrue("Elytron in PB compatible mode failed", decrypted.equals(secret)); - Assert.assertTrue("PicketBox encrypted, Elytron decrypted in compatible mode, failed", crossDecrypted.equals(secret)); - Assert.assertTrue("Elytron in compatible mode encrypted, PicketBox encrypted must be the same", pbGenerated.equals(encrypted)); + Assert.assertEquals("Elytron in PB compatible mode failed", secret, decrypted); + Assert.assertEquals("PicketBox encrypted, Elytron decrypted in compatible mode, failed", secret, crossDecrypted); + Assert.assertEquals("Elytron in compatible mode encrypted, PicketBox encrypted must be the same", encrypted, pbGenerated); } From 289ba447009d88886a6bd4e4b275bc8617052357 Mon Sep 17 00:00:00 2001 From: lvydra Date: Mon, 16 Oct 2023 17:14:58 +0200 Subject: [PATCH 064/205] [ELY-2699] Update tests in DigestTest to call a common method in order to remove duplicated code --- .../security/sasl/digest/DigestTest.java | 83 +++++-------------- 1 file changed, 19 insertions(+), 64 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/digest/DigestTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/digest/DigestTest.java index e8e62fa8d51..4ec12c09e1f 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/digest/DigestTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/digest/DigestTest.java @@ -42,6 +42,7 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.sasl.Sasl; import javax.security.sasl.SaslClient; +import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; import javax.security.sasl.SaslServerFactory; @@ -146,14 +147,7 @@ public void testSuccessfulExchange() throws Exception { CallbackHandler clientCallback = createClearPwdClientCallbackHandler("George", "gpwd", "TestRealm"); SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST }, "George", "TestProtocol", "TestServer", Collections.emptyMap(), clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - log.debug("Challenge:"+ new String(message, StandardCharsets.ISO_8859_1)); - message = client.evaluateChallenge(message); - log.debug("Client response:"+ new String(message, StandardCharsets.ISO_8859_1)); - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server, client); } /** * Test a successful exchange using the DIGEST mechanism but the default realm. @@ -171,15 +165,7 @@ public void testSuccessfulExchange_DefaultRealm() throws Exception { CallbackHandler clientCallback = createClearPwdClientCallbackHandler("George", "gpwd", null); SaslClient client = Sasl.createSaslClient(new String[]{DIGEST}, "George", "TestProtocol", "TestServer", Collections.emptyMap(), clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - log.debug("Challenge:"+ new String(message, StandardCharsets.ISO_8859_1)); - message = client.evaluateChallenge(message); - log.debug("Client response:"+ new String(message, StandardCharsets.ISO_8859_1)); - - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server, client); } /** @@ -201,15 +187,7 @@ public void testSuccessfulExchange_AlternativeProtocol() throws Exception { CallbackHandler clientCallback = createClearPwdClientCallbackHandler("George", "gpwd", null); SaslClient client = Sasl.createSaslClient(new String[]{DIGEST}, "George", "OtherProtocol", "TestServer", Collections.emptyMap(), clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - log.debug("Challenge:"+ new String(message, StandardCharsets.UTF_8)); - message = client.evaluateChallenge(message); - log.debug("Client response:"+ new String(message, StandardCharsets.UTF_8)); - - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server, client); } /** @@ -318,14 +296,7 @@ public void testRealmSelection() throws Exception { CallbackHandler clientCallback = createClearPwdClientCallbackHandler("George", "gpwd", "last\\ "); SaslClient client = Sasl.createSaslClient(new String[]{DIGEST}, "George", "TestProtocol", "TestServer", Collections.emptyMap(), clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - log.debug("Challenge:"+ new String(message, StandardCharsets.ISO_8859_1)); - message = client.evaluateChallenge(message); - log.debug("Client response:" + new String(message, StandardCharsets.ISO_8859_1)); - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server, client); } /* @@ -515,13 +486,7 @@ public void testSuccessfulExchange_PreHashedClient() throws Exception { SaslClient client = Sasl.createSaslClient(new String[]{DIGEST}, "George", "TestProtocol", "TestServer", clientProps, clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - - message = client.evaluateChallenge(message); - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server,client); } /** @@ -544,13 +509,7 @@ public void testSuccessfulExchange_DefaultRealm_PreHashedClient() throws Excepti clientProps.put(PRE_DIGESTED_PROPERTY, "true"); SaslClient client = Sasl.createSaslClient(new String[]{DIGEST}, "George", "TestProtocol", "TestServer", clientProps, clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - message = client.evaluateChallenge(message); - - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server,client); } /** @@ -753,14 +712,7 @@ public void testSuccessfulExchangeNullAuthorizationId() throws Exception { CallbackHandler clientCallback = createClearPwdClientCallbackHandler("George", "gpwd", "TestRealm"); SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST }, null, "TestProtocol", "TestServer", Collections.emptyMap(), clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - log.debug("Challenge:"+ new String(message, StandardCharsets.ISO_8859_1)); - message = client.evaluateChallenge(message); - log.debug("Client response:"+ new String(message, StandardCharsets.ISO_8859_1)); - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server, client); } /** @@ -779,14 +731,7 @@ public void testSuccessfulExchangeEmptyAuthorizationId() throws Exception { CallbackHandler clientCallback = createClearPwdClientCallbackHandler("George", "gpwd", "TestRealm"); SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST }, "", "TestProtocol", "TestServer", Collections.emptyMap(), clientCallback); - assertFalse(client.hasInitialResponse()); - byte[] message = server.evaluateResponse(new byte[0]); - log.debug("Challenge:"+ new String(message, StandardCharsets.ISO_8859_1)); - message = client.evaluateChallenge(message); - log.debug("Client response:"+ new String(message, StandardCharsets.ISO_8859_1)); - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertEquals("George", server.getAuthorizationID()); + assertExchange(server, client); } private KeySpec getDigestKeySpec(String username, String password, String realm) throws NoSuchAlgorithmException { @@ -826,4 +771,14 @@ public void testUnboundServerName() throws Exception { assertEquals("TestServer5", server.getNegotiatedProperty(Sasl.BOUND_SERVER_NAME)); } + private void assertExchange(SaslServer server, SaslClient client) throws SaslException { + assertFalse(client.hasInitialResponse()); + byte[] message = server.evaluateResponse(new byte[0]); + log.debug("Challenge:"+ new String(message, StandardCharsets.ISO_8859_1)); + message = client.evaluateChallenge(message); + log.debug("Client response:"+ new String(message, StandardCharsets.ISO_8859_1)); + server.evaluateResponse(message); + assertTrue(server.isComplete()); + assertEquals("George", server.getAuthorizationID()); + } } From 936f9c92b611bd64f38f3e0288fe82acc203664b Mon Sep 17 00:00:00 2001 From: Akshayabhat Date: Fri, 22 Sep 2023 15:54:34 -0700 Subject: [PATCH 065/205] [ELY-2647] Add link to elytron-examples in README --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index c889a528d36..99fbd5c76f3 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,11 @@ Our [contribution guide](https://github.com/wildfly-security/wildfly-elytron/blo For more details, check out our [getting started guide](https://wildfly-security.github.io/wildfly-elytron/getting-started-for-developers/) for developers. +Example Feature Demos +--------------------- + +Our [elytron-examples](https://github.com/wildfly-security-incubator/elytron-examples) repository contains example demos of WildFly Elytron features. + Get Help -------- There are a couple ways to get in touch with us. From 9a428067b308fc93cea1020b36ba6d424d423449 Mon Sep 17 00:00:00 2001 From: Learner045 Date: Mon, 25 Sep 2023 21:37:36 -0400 Subject: [PATCH 066/205] ELY-2594 Changed switch to if-else to increase readability for ElytronXmlParser --- .../wildfly/security/auth/client/ElytronXmlParser.java | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java index 0a9702d1c87..334a058e9f0 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java @@ -1084,12 +1084,10 @@ static ExceptionSupplier, ConfigXMLParseException> parseRulesTyp final int tag = reader.nextTag(); if (tag == START_ELEMENT) { checkElementNamespace(reader, xmlVersion); - switch (reader.getLocalName()) { - case "rule": { - rulesList.add(ruleParseFunction.apply(reader, configurations)); - break; - } - default: throw reader.unexpectedElement(); + if (reader.getLocalName().equals("rule")) { + rulesList.add(ruleParseFunction.apply(reader, configurations)); + } else { + throw reader.unexpectedElement(); } } else if (tag == END_ELEMENT) { return () -> { From 11bf990a684c74fe115654e5aa9bffe2385f991d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Andr=C3=A9s=20P=C3=A9rez=20Batanero?= Date: Mon, 16 Oct 2023 19:34:08 +0200 Subject: [PATCH 067/205] [ELY-2694] Update assertEquals calls in CommandCredentialSourceTest so that the expected value and actual value are passed in the correct order --- .../credential/source/impl/CommandCredentialSourceTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java b/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java index 7f7454c71f6..37e5ab97577 100644 --- a/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java +++ b/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java @@ -43,7 +43,7 @@ public void testCommand() throws GeneralSecurityException, IOException { assertNotNull(password); final ClearPassword clearPassword = password.castAs(ClearPassword.class, ClearPassword.ALGORITHM_CLEAR); assertNotNull(clearPassword); - assertEquals(new String(clearPassword.getPassword()), "secret_key_THREE"); + assertEquals("secret_key_THREE", new String(clearPassword.getPassword())); } private static CommandCredentialSource.Builder getBuilder() { From a233708b1e4d2a5f49562418486163c0d0b4fbbd Mon Sep 17 00:00:00 2001 From: Evelina Berg Date: Mon, 16 Oct 2023 20:00:49 +0200 Subject: [PATCH 068/205] [ELY-2690]-merge-an-if-statement-with-the-enclosing-one-in-SSLUtils --- ssl/src/main/java/org/wildfly/security/ssl/SSLUtils.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ssl/src/main/java/org/wildfly/security/ssl/SSLUtils.java b/ssl/src/main/java/org/wildfly/security/ssl/SSLUtils.java index 4d1285a6c9a..4377fed8663 100644 --- a/ssl/src/main/java/org/wildfly/security/ssl/SSLUtils.java +++ b/ssl/src/main/java/org/wildfly/security/ssl/SSLUtils.java @@ -128,10 +128,8 @@ public static SecurityFactory createSslContextFactory(ProtocolSelect return () -> { for (String protocol : supportedProtocols) { List providerList = preferredProviderByAlgorithm.getOrDefault(protocol.toUpperCase(Locale.ENGLISH), Collections.emptyList()); - if (log.isTraceEnabled()) { - if (providerList.isEmpty()) { - log.tracef("No providers are available for protocol %s", protocol); - } + if (log.isTraceEnabled() && providerList.isEmpty()) { + log.tracef("No providers are available for protocol %s", protocol); } for (Provider provider : providerList) { try { From 7249a7f68e7b11b9176fbf52a6b5b8ab4785fce1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Andr=C3=A9s=20P=C3=A9rez=20Batanero?= Date: Mon, 16 Oct 2023 23:49:03 +0200 Subject: [PATCH 069/205] [ELY-2695] Update the import statement in CommandCredentialSourceTest for the Assert class objects to import them explicitly --- .../credential/source/impl/CommandCredentialSourceTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java b/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java index 7f7454c71f6..f98c3aa84e4 100644 --- a/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java +++ b/tests/base/src/test/java/org/wildfly/security/credential/source/impl/CommandCredentialSourceTest.java @@ -18,7 +18,8 @@ package org.wildfly.security.credential.source.impl; -import static org.junit.Assert.*; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertEquals; import java.io.File; import java.io.IOException; From b6b854932a2917ce425211d89b91cf43b37543db Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Wed, 18 Oct 2023 09:55:14 -0300 Subject: [PATCH 070/205] ELY-2692 Merge an if statement with the enclosing one in X509RevocationTrustManager ELY-2692 Merge an if statement with the enclosing one in X509RevocationTrustManager --- .../security/ssl/X509RevocationTrustManager.java | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java b/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java index aef9cf3d35e..df82d42870a 100644 --- a/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java +++ b/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java @@ -408,15 +408,14 @@ private void checkCertPathLength(X509Certificate currCert) throws CertPathValida pathLenConstraint = maxPathLength; } - if (!subject.equals(issuer)) { - if (pathLenConstraint < i) { - throw new CertPathValidatorException - ("check failed: pathLenConstraint violated - " - + "this cert must be the last cert in the " - + "certification path", null, null, -1, - PKIXReason.PATH_TOO_LONG); - } + if (!subject.equals(issuer) && pathLenConstraint < i) { + throw new CertPathValidatorException + ("check failed: pathLenConstraint violated - " + + "this cert must be the last cert in the " + + "certification path", null, null, -1, + PKIXReason.PATH_TOO_LONG); } + if (pathLenConstraint < maxPathLength) maxPathLength = pathLenConstraint; } From 130c1ba563fcf2677f60e8ba920a7ddc29567484 Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Wed, 18 Oct 2023 13:51:00 -0300 Subject: [PATCH 071/205] ELY-2687 Merge an if statement with the enclosing one in ServerAuthenticationContext --- .../server/ServerAuthenticationContext.java | 24 +++++++++---------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java b/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java index 595017a398f..2cac5eaea95 100644 --- a/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java +++ b/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java @@ -892,19 +892,17 @@ private void handleOne(final Callback[] callbacks, final int idx) throws IOExcep // external method (e.g.: EXTERNAL SASL and TLS) where only authorization is necessary. We delay authentication // until we receive an authorization request. // In the future, we may want to support external methods other than TLS peer authentication - if (stateRef.get().canVerifyEvidence()) { - if (peerCerts != null) { - log.tracef("Authentication ID is null but SSL peer certificates are available. Trying to authenticate peer"); - // if SASL mechanism is used with skip-certificate-verification property then do not verifyEvidence against the security realm - if (saslSkipCertificateVerification) { - // Since evidence verification is being skipped here, ensure evidence decoding still takes place - X509PeerCertificateChainEvidence evidence = new X509PeerCertificateChainEvidence(peerCerts); - setDecodedEvidencePrincipal(evidence); - stateRef.get().setPrincipal(evidence.getDecodedPrincipal(), false); - } - else { - verifyEvidence(new X509PeerCertificateChainEvidence(peerCerts)); - } + if (stateRef.get().canVerifyEvidence() && peerCerts != null) { + log.tracef("Authentication ID is null but SSL peer certificates are available. Trying to authenticate peer"); + // if SASL mechanism is used with skip-certificate-verification property then do not verifyEvidence against the security realm + if (saslSkipCertificateVerification) { + // Since evidence verification is being skipped here, ensure evidence decoding still takes place + X509PeerCertificateChainEvidence evidence = new X509PeerCertificateChainEvidence(peerCerts); + setDecodedEvidencePrincipal(evidence); + stateRef.get().setPrincipal(evidence.getDecodedPrincipal(), false); + } + else { + verifyEvidence(new X509PeerCertificateChainEvidence(peerCerts)); } } } From 366047b56b63f89143634c377af76be9c571c993 Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Wed, 18 Oct 2023 14:46:02 -0300 Subject: [PATCH 072/205] ELY-2688 Merge an if statement with the enclosing one --- .../wildfly/security/http/oidc/RequestAuthenticator.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/RequestAuthenticator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/RequestAuthenticator.java index ca894423206..87b18e0abef 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/RequestAuthenticator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/RequestAuthenticator.java @@ -54,10 +54,8 @@ public RequestAuthenticator(OidcHttpFacade facade, OidcClientConfiguration deplo public AuthOutcome authenticate() { AuthOutcome authenticate = doAuthenticate(); - if (AuthOutcome.AUTHENTICATED.equals(authenticate)) { - if (! facade.isAuthorized()) { - return AuthOutcome.FAILED; - } + if (AuthOutcome.AUTHENTICATED.equals(authenticate) && !facade.isAuthorized()) { + return AuthOutcome.FAILED; } return authenticate; } From b818827248e6b9cf0170c8f4d9448440e1e054eb Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Wed, 18 Oct 2023 13:45:10 -0300 Subject: [PATCH 073/205] ELY-2691 Merge if statement with the enclosing one in X509RevocationTrustManager#checkCertPathLength ELY-2691 Merge if statement with the enclosing one in X509RevocationTrustManager#checkCertPathLength --- .../wildfly/security/ssl/X509RevocationTrustManager.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java b/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java index aef9cf3d35e..8d83b96f05d 100644 --- a/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java +++ b/ssl/src/main/java/org/wildfly/security/ssl/X509RevocationTrustManager.java @@ -394,11 +394,9 @@ private void checkCertPathLength(X509Certificate currCert) throws CertPathValida X500Principal issuer = currCert.getIssuerX500Principal(); int pathLenConstraint = -1; - if (currCert.getVersion() < 3) { // version 1 or version 2 - if (i == 1) { - if (subject.equals(issuer)) { - pathLenConstraint = Integer.MAX_VALUE; - } + if (currCert.getVersion() < 3) { // version 1 or version 2 + if (i == 1 && subject.equals(issuer)) { + pathLenConstraint = Integer.MAX_VALUE; } } else { pathLenConstraint = currCert.getBasicConstraints(); From fed7b8888bef9cfb054120aaf8e563af0608b078 Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Thu, 19 Oct 2023 19:00:21 -0300 Subject: [PATCH 074/205] ELY-2700 Bump version.com.fasterxml.jackson --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dcf58673c7..8343fb04154 100644 --- a/pom.xml +++ b/pom.xml @@ -56,7 +56,7 @@ 11 - 2.15.2 + 2.15.3 ${version.com.fasterxml.jackson} 1.4 2.0.2 From 6b189caf03b2e7771fd9ecbbc7639dde6864d437 Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Thu, 19 Oct 2023 19:05:41 -0300 Subject: [PATCH 075/205] ELY-2650 Upgrade sshd-common from 2.9.2 to 2.10.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dcf58673c7..22199f6fac3 100644 --- a/pom.xml +++ b/pom.xml @@ -66,7 +66,7 @@ 2.0.0-M3 1.0.0-M8 1.67 - 2.9.2 + 2.10.0 4.5.13 4.4.15 3.4.3.Final From c98a85d9402fbd69a12ecc036bdf55b707a4a57e Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Thu, 19 Oct 2023 19:34:29 -0300 Subject: [PATCH 076/205] ELY-2660 Upgrade commons-cli:commons-cli from 1.4 to 1.5.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dcf58673c7..6dec70ecf3c 100644 --- a/pom.xml +++ b/pom.xml @@ -58,7 +58,7 @@ 11 2.15.2 ${version.com.fasterxml.jackson} - 1.4 + 1.5.0 2.0.2 3.8.1 2.0.0-M24 From 299454e0264f42fa850061762e095c5a797cd5b6 Mon Sep 17 00:00:00 2001 From: xjusko Date: Thu, 19 Oct 2023 09:24:07 +0200 Subject: [PATCH 077/205] [ELY-2682] Refactor OAuth2SaslClientV11Test to use common method --- .../sasl/oauth2/OAuth2SaslClientV11Test.java | 115 +++++------------- 1 file changed, 28 insertions(+), 87 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java b/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java index 86162b3530d..bed733763b6 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java @@ -130,54 +130,12 @@ public static void tearDown() throws Exception { @Test public void testWithResourceOwnerCredentialsUsingConfiguration() throws Exception { - URI serverUri = URI.create("protocol://test1.org"); - SaslClient saslClient = createSaslClientFromConfiguration(serverUri); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - - assertTrue(saslServer.isComplete()); - assertTrue(saslClient.isComplete()); + testWithSaslClientAndServer("protocol://test1.org"); } @Test public void testWithClientCredentialsUsingConfiguration() throws Exception { - URI serverUri = URI.create("protocol://test2.org"); - SaslClient saslClient = createSaslClientFromConfiguration(serverUri); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - - assertTrue(saslServer.isComplete()); - assertTrue(saslClient.isComplete()); + testWithSaslClientAndServer("protocol://test2.org"); } @Test @@ -259,27 +217,7 @@ public void testWithResourceOwnerCredentials() throws Exception { @Test public void testWithBearerTokenFromConfiguration() throws Exception { - SaslClient saslClient = createSaslClientFromConfiguration(URI.create("protocol://test5.org")); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - - assertTrue(saslServer.isComplete()); - assertTrue(saslClient.isComplete()); + testWithSaslClientAndServer("protocol://test5.org"); } @Test @@ -473,28 +411,7 @@ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallback @Test public void testWithResourceOwnerCredentialsInCredentialStoreUsingConfiguration() throws Exception { - URI serverUri = URI.create("protocol://test8.org"); - SaslClient saslClient = createSaslClientFromConfiguration(serverUri); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - - assertTrue(saslServer.isComplete()); - assertTrue(saslClient.isComplete()); + testWithSaslClientAndServer("protocol://test8.org"); } @Test @@ -620,4 +537,28 @@ private SaslClient createSaslClientFromConfiguration(URI serverUri) throws SaslE AuthenticationConfiguration authenticationConfiguration = contextConfigurationClient.getAuthenticationConfiguration(serverUri, context); return contextConfigurationClient.createSaslClient(serverUri, authenticationConfiguration, Collections.singletonList(SaslMechanismInformation.Names.OAUTHBEARER)); } + + private void testWithSaslClientAndServer(String serverUri) throws Exception { + SaslClient saslClient = createSaslClientFromConfiguration(URI.create(serverUri)); + + assertNotNull("OAuth2SaslClient is null", saslClient); + + SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) + .setServerName("resourceserver.comn") + .setProtocol("imap") + .addRealm("oauth-realm", createSecurityRealmMock()) + .setDefaultRealmName("oauth-realm") + .build(); + + byte[] message = AbstractSaslParticipant.NO_BYTES; + + do { + message = saslClient.evaluateChallenge(message); + if (message == null) break; + message = saslServer.evaluateResponse(message); + } while (message != null); + + assertTrue(saslServer.isComplete()); + assertTrue(saslClient.isComplete()); + } } From 4e0019a2fdfe11dda3df3d6b4adc86bed84ef6db Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 20 Oct 2023 13:51:52 -0400 Subject: [PATCH 078/205] [ELY-2679] Replace assert in VaultCommandTest with a proper check --- .../test/java/org/wildfly/security/tool/VaultCommandTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java index e53cc183589..1a72617bff6 100644 --- a/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java @@ -508,7 +508,7 @@ private void executeVaultCommandWithParams(String[] args, boolean shouldPass, St String message = "Execution of vault command with arguments {" + String.join(" ", args) + "} should" + (shouldPass? " succeeded ": " failed ") + "but it" + (shouldPass? " failed": " succeeded"); - Assert.assertTrue(message, passed == shouldPass); + Assert.assertEquals(message, shouldPass, passed); if (expectedOutput != null) { Assert.assertTrue("Command output should contain \"" + expectedOutput + "\"", output.contains(expectedOutput)); From 7b6fbc64ad66e4f686d60afd10f4e3338cf03f15 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 20 Oct 2023 14:00:55 -0400 Subject: [PATCH 079/205] [ELY-2678] Replace assert in VaultCommandTest with a proper check --- .../test/java/org/wildfly/security/tool/VaultCommandTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java index e53cc183589..89fd2fbe898 100644 --- a/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/VaultCommandTest.java @@ -384,7 +384,7 @@ public void bulkConversionBasicTest() throws Exception { // conversion String output = executeCommandAndCheckStatusAndGetOutput(args); String[] parts = output.split("converted to credential store"); - Assert.assertTrue("Three credential stores has to be created", parts.length == 4); + Assert.assertEquals("Three credential stores has to be created", 4, parts.length); Assert.assertTrue("Check file names must pass", output.indexOf("vault-v1/vault-jceks.keystore") > 0 && output.indexOf("vault-v1-more/vault-jceks.keystore") > 0); // check result From a0701fc6b196655b31c778e6520d8ba66f409394 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 20 Oct 2023 14:22:03 -0400 Subject: [PATCH 080/205] [ELY-2672] Upgrade org.kohsuke.metainf-services:metainf-services from 1.7 to 1.11 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dcf58673c7..19d6b02e9e9 100644 --- a/pom.xml +++ b/pom.xml @@ -78,7 +78,7 @@ 2.0.0 5.0.0 2.4.0.Final - 1.7 + 1.11 4.13.1 1.34 2.4.0 From b8112dc2355d1c1f0663b42a727316bd2d2af57c Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Sat, 21 Oct 2023 20:40:46 -0300 Subject: [PATCH 081/205] ELY-2666 Upgrade org.apache.sshd:sshd-common from 2.9.2 to 2.10.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dcf58673c7..22199f6fac3 100644 --- a/pom.xml +++ b/pom.xml @@ -66,7 +66,7 @@ 2.0.0-M3 1.0.0-M8 1.67 - 2.9.2 + 2.10.0 4.5.13 4.4.15 3.4.3.Final From 8624e1b551094bbd9b56d4bcc2240404c9a705db Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Thu, 19 Oct 2023 23:01:37 -0300 Subject: [PATCH 082/205] ELY-2681 Refactor OAuth2SaslClientV10Test to use common method ELY-2681 Refactor OAuth2SaslClientV10Test to use common method --- .../sasl/oauth2/OAuth2SaslClientV10Test.java | 93 ++++++------------- 1 file changed, 27 insertions(+), 66 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV10Test.java b/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV10Test.java index 86edcb5fc06..f8370ce9944 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV10Test.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV10Test.java @@ -101,54 +101,12 @@ public static void onAfter() throws Exception { @Test public void testWithResourceOwnerCredentialsUsingConfiguration() throws Exception { - URI serverUri = URI.create("protocol://test1.org"); - SaslClient saslClient = createSaslClientFromConfiguration(serverUri); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - - assertTrue(saslServer.isComplete()); - assertTrue(saslClient.isComplete()); + testWithSaslClientAndServer("protocol://test1.org"); } @Test public void testWithClientCredentialsUsingConfiguration() throws Exception { - URI serverUri = URI.create("protocol://test2.org"); - SaslClient saslClient = createSaslClientFromConfiguration(serverUri); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - - assertTrue(saslServer.isComplete()); - assertTrue(saslClient.isComplete()); + testWithSaslClientAndServer("protocol://test2.org"); } @Test @@ -204,28 +162,7 @@ public void failedInvalidClientCredentialsUsingConfiguration() throws Exception @Test public void testWithResourceOwnerCredentials() throws Exception { - URI serverUri = URI.create("protocol://test5.org"); - SaslClient saslClient = createSaslClientFromConfiguration(serverUri); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - - assertTrue(saslServer.isComplete()); - assertTrue(saslClient.isComplete()); + testWithSaslClientAndServer("protocol://test5.org"); } @Test @@ -496,4 +433,28 @@ private SaslClient createSaslClientFromConfiguration(URI serverUri) throws SaslE AuthenticationConfiguration authenticationConfiguration = contextConfigurationClient.getAuthenticationConfiguration(serverUri, context); return contextConfigurationClient.createSaslClient(serverUri, authenticationConfiguration, Arrays.asList(SaslMechanismInformation.Names.OAUTHBEARER)); } + + private void testWithSaslClientAndServer(String serverUri) throws Exception { + SaslClient saslClient = createSaslClientFromConfiguration(URI.create(serverUri)); + + assertNotNull("OAuth2SaslClient is null", saslClient); + + SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) + .setServerName("resourceserver.comn") + .setProtocol("imap") + .addRealm("oauth-realm", createSecurityRealmMock()) + .setDefaultRealmName("oauth-realm") + .build(); + + byte[] message = AbstractSaslParticipant.NO_BYTES; + + do { + message = saslClient.evaluateChallenge(message); + if (message == null) break; + message = saslServer.evaluateResponse(message); + } while (message != null); + + assertTrue(saslServer.isComplete()); + assertTrue(saslClient.isComplete()); + } } From 075dcb3781f6da07542b6883c6e9b811bc9edf68 Mon Sep 17 00:00:00 2001 From: sugan0tech Date: Sun, 22 Oct 2023 22:55:41 +0530 Subject: [PATCH 083/205] [ELY-2684] Update tests in OTPTest to use a common helper method for the tests with unchanged passwords. --- .../wildfly/security/sasl/otp/OTPTest.java | 128 +++++------------- 1 file changed, 37 insertions(+), 91 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/otp/OTPTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/otp/OTPTest.java index 69da63105c3..6ab00211f03 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/otp/OTPTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/otp/OTPTest.java @@ -819,106 +819,18 @@ public void testAuthenticationWithInvalidPassPhrase() throws Exception { @Test public void testAuthenticationWithLongSeed() throws Exception { - final String algorithm = ALGORITHM_OTP_MD5; - final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class); - assertNotNull(clientFactory); - - PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); - final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), - "thisSeedIsTooLong", 500)); - final SaslServerBuilder.BuilderReference securityDomainReference = new SaslServerBuilder.BuilderReference<>(); - final SaslServerBuilder.BuilderReference closeableReference = new SaslServerBuilder.BuilderReference<>(); - try { - final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference); - - final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE); - final SaslClient saslClient = clientFactory.createSaslClient(new String[]{SaslMechanismInformation.Names.OTP}, null, "test", "testserver1.example.com", - Collections.emptyMap(), cbh); - - byte[] message = saslClient.evaluateChallenge(new byte[0]); - try { - saslServer.evaluateResponse(message); - fail("Expected SaslException not thrown"); - } catch (SaslException expected) { - } - saslClient.dispose(); - saslServer.dispose(); - - // The password should remain unchanged - checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm); - } finally { - closeableReference.getReference().close(); - } + testPasswordRemainsUnchanged("thisSeedIsTooLong", 500); } @Test public void testAuthenticationWithNonAlphanumericSeed() throws Exception { - final String algorithm = ALGORITHM_OTP_MD5; - - final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class); - assertNotNull(clientFactory); - - PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); - final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), - "A seed!", 500)); - final SaslServerBuilder.BuilderReference securityDomainReference = new SaslServerBuilder.BuilderReference<>(); - final SaslServerBuilder.BuilderReference closeableReference = new SaslServerBuilder.BuilderReference<>(); - try { - final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference); - - final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE); - final SaslClient saslClient = clientFactory.createSaslClient(new String[]{SaslMechanismInformation.Names.OTP}, null, "test", "testserver1.example.com", - Collections.emptyMap(), cbh); - - byte[] message = saslClient.evaluateChallenge(new byte[0]); - try { - saslServer.evaluateResponse(message); - fail("Expected SaslException not thrown"); - } catch (SaslException expected) { - } - saslClient.dispose(); - saslServer.dispose(); - - // The password should remain unchanged - checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm); - } finally { - closeableReference.getReference().close(); - } + testPasswordRemainsUnchanged("A seed!", 500); } @Test public void testAuthenticationWithInvalidSequenceNumber() throws Exception { - final String algorithm = ALGORITHM_OTP_MD5; - final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class); - assertNotNull(clientFactory); - - PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); - final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), - "ke1234", 0)); - final SaslServerBuilder.BuilderReference securityDomainReference = new SaslServerBuilder.BuilderReference<>(); - final SaslServerBuilder.BuilderReference closeableReference = new SaslServerBuilder.BuilderReference<>(); - try { - final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference); - - final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE); - final SaslClient saslClient = clientFactory.createSaslClient(new String[] { SaslMechanismInformation.Names.OTP }, null, "test", "testserver1.example.com", - Collections.emptyMap(), cbh); - - byte[] message = saslClient.evaluateChallenge(new byte[0]); - try { - saslServer.evaluateResponse(message); - fail("Expected SaslException not thrown"); - } catch (SaslException expected) { - } - saslClient.dispose(); - saslServer.dispose(); - - // The password should remain unchanged - checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm); - } finally { - closeableReference.getReference().close(); - } + testPasswordRemainsUnchanged("ke1234", 0); } @Test @@ -1082,6 +994,40 @@ private CallbackHandler createClientCallbackHandler(String username, String pass return ClientUtils.getCallbackHandler(new URI("remote://localhost"), context); } + private void testPasswordRemainsUnchanged(String seed, int sequenceNumber) throws Exception { + final String algorithm = ALGORITHM_OTP_MD5; + final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class); + assertNotNull(clientFactory); + + PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); + final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), + seed, sequenceNumber)); + final SaslServerBuilder.BuilderReference securityDomainReference = new SaslServerBuilder.BuilderReference<>(); + final SaslServerBuilder.BuilderReference closeableReference = new SaslServerBuilder.BuilderReference<>(); + try { + final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference); + + final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE); + final SaslClient saslClient = clientFactory.createSaslClient(new String[]{SaslMechanismInformation.Names.OTP}, null, "test", "testserver1.example.com", + Collections.emptyMap(), cbh); + + byte[] message = saslClient.evaluateChallenge(new byte[0]); + try { + saslServer.evaluateResponse(message); + fail("Expected SaslException not thrown"); + } catch (SaslException expected) { + } + saslClient.dispose(); + saslServer.dispose(); + + // The password should remain unchanged + checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm); + } finally { + closeableReference.getReference().close(); + } + + } + private static final String[] ALTERNATE_DICTIONARY = new String[] { "poel", "qewn", "xlob", "preg", "qome", "zarm", "sas", "oerk", "sct", "seb", "ilan", "wct", "bp", "sft", From 0ddf317b4524757860783289ffac34c55c5c53d5 Mon Sep 17 00:00:00 2001 From: sugan0tech Date: Sun, 22 Oct 2023 23:39:52 +0530 Subject: [PATCH 084/205] [ELY-2693] Update tests in JwtSecurityRealmTest to use a common helper method for tests with similar use of SSLContext and securityRealm --- .../realm/token/JwtSecurityRealmTest.java | 67 ++++++------------- 1 file changed, 20 insertions(+), 47 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/auth/realm/token/JwtSecurityRealmTest.java b/tests/base/src/test/java/org/wildfly/security/auth/realm/token/JwtSecurityRealmTest.java index 25abd2a9b06..18b4e107c30 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/realm/token/JwtSecurityRealmTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/realm/token/JwtSecurityRealmTest.java @@ -372,22 +372,7 @@ public void testMultipleTokenTypes() throws Exception { @Test public void testUnsecuredJkuEndpoint() throws Exception { - BearerTokenEvidence evidence = new BearerTokenEvidence(createJwt(keyPair1, 60, -1, "1", new URI("https://localhost:50832"))); - - X509TrustManager tm = getTrustManager(); - SSLContext sslContext = new SSLContextBuilder().setTrustManager(tm).setClientMode(true).setSessionTimeout(10).build().create(); - - TokenSecurityRealm securityRealm = TokenSecurityRealm.builder() - .principalClaimName("sub") - .validator(JwtValidator.builder() - .issuer("elytron-oauth2-realm") - .audience("my-app-valid") - .useSslContext(sslContext) - .useSslHostnameVerifier((a,b) -> true).build()) - .build(); - - assertIdentityNotExist(securityRealm, evidence); - + checkIdentityDoesNotExist("1", 50832); } @Test @@ -467,41 +452,12 @@ public void testJkuMultipleKeys() throws Exception { @Test public void testInvalidJku() throws Exception { - BearerTokenEvidence evidence = new BearerTokenEvidence(createJwt(keyPair1, 60, -1, "1", new URI("https://localhost:80"))); - - X509TrustManager tm = getTrustManager(); - SSLContext sslContext = new SSLContextBuilder().setTrustManager(tm).setClientMode(true).setSessionTimeout(10).build().create(); - - TokenSecurityRealm securityRealm = TokenSecurityRealm.builder() - .principalClaimName("sub") - .validator(JwtValidator.builder() - .issuer("elytron-oauth2-realm") - .audience("my-app-valid") - .useSslContext(sslContext).useSslHostnameVerifier((a,b) -> true).build()) - .build(); - - assertIdentityNotExist(securityRealm, evidence); - + checkIdentityDoesNotExist("1", 80); } @Test public void testInvalidKid() throws Exception { - BearerTokenEvidence evidence = new BearerTokenEvidence(createJwt(keyPair1, 60, -1, "badkid", new URI("https://localhost:50831"))); - - X509TrustManager tm = getTrustManager(); - SSLContext sslContext = new SSLContextBuilder().setTrustManager(tm).setClientMode(true).setSessionTimeout(10).build().create(); - - TokenSecurityRealm securityRealm = TokenSecurityRealm.builder() - .principalClaimName("sub") - .validator(JwtValidator.builder() - .issuer("elytron-oauth2-realm") - .audience("my-app-valid") - .useSslContext(sslContext) - .useSslHostnameVerifier((a,b) -> true).build()) - .build(); - - assertIdentityNotExist(securityRealm, evidence); - + checkIdentityDoesNotExist("badkid", 50831); } @Test @@ -845,4 +801,21 @@ public MockResponse dispatch(RecordedRequest recordedRequest) { } }; } + + private void checkIdentityDoesNotExist(String kid, int port) throws Exception { + BearerTokenEvidence evidence = new BearerTokenEvidence(createJwt(keyPair1, 60, -1, kid, new URI("https://localhost:" + port))); + + X509TrustManager tm = getTrustManager(); + SSLContext sslContext = new SSLContextBuilder().setTrustManager(tm).setClientMode(true).setSessionTimeout(10).build().create(); + + TokenSecurityRealm securityRealm = TokenSecurityRealm.builder() + .principalClaimName("sub") + .validator(JwtValidator.builder() + .issuer("elytron-oauth2-realm") + .audience("my-app-valid") + .useSslContext(sslContext).useSslHostnameVerifier((a,b) -> true).build()) + .build(); + + assertIdentityNotExist(securityRealm, evidence); + } } From adc6f811d17ecb780c289b7e52b3adec31e8931f Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Tue, 24 Oct 2023 19:55:26 -0300 Subject: [PATCH 085/205] ELY-2673 Upgrade org.wildfly.common:wildfly-common from 1.5.4.Final to 1.6.0.Final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9dcf58673c7..fe453fe23e3 100644 --- a/pom.xml +++ b/pom.xml @@ -88,7 +88,7 @@ 3.8.1 1.0.8.Final 1.0.1.Final - 1.5.4.Final + 1.6.0.Final 2.7 5.4.1 3.0.0 From 2cf4f39416017d626033d8e471c90f1d9193a045 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 7 Jul 2023 13:49:32 -0400 Subject: [PATCH 086/205] [ELY-2576] Make it possible to use DigestPasswords when using the DIGEST-SHA-256 and DIGEST-SHA-512-256 HTTP Digest authentication mechanisms --- .../digest/DigestAuthenticationMechanism.java | 4 +- .../DigestAuthenticationMechanismTest.java | 32 +++++++++++++ .../http/impl/AbstractBaseHttpTest.java | 46 +++++++++++++++---- 3 files changed, 70 insertions(+), 12 deletions(-) diff --git a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java index 7d7e2f4f7db..6cc61c1b258 100644 --- a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java +++ b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java @@ -49,6 +49,7 @@ import java.security.Provider; import java.util.HashMap; import java.util.List; +import java.util.Locale; import java.util.function.Supplier; import javax.security.auth.callback.Callback; @@ -68,7 +69,6 @@ import org.wildfly.security.mechanism.AuthenticationMechanismException; import org.wildfly.security.mechanism.digest.DigestQuote; import org.wildfly.security.mechanism.digest.PasswordDigestObtainer; -import org.wildfly.security.password.interfaces.DigestPassword; /** * Implementation of the HTTP DIGEST authentication mechanism as defined in RFC 7616. @@ -326,7 +326,7 @@ private byte[] calculateResponseDigest(MessageDigest messageDigest, byte[] hA1, } private byte[] getH_A1(final MessageDigest messageDigest, final String username, final String messageRealm) throws AuthenticationMechanismException { - PasswordDigestObtainer obtainer = new PasswordDigestObtainer(callbackHandler, username, messageRealm, httpDigest, DigestPassword.ALGORITHM_DIGEST_MD5, messageDigest, providers, null, true, false); + PasswordDigestObtainer obtainer = new PasswordDigestObtainer(callbackHandler, username, messageRealm, httpDigest, getMechanismName().toLowerCase(Locale.ROOT), messageDigest, providers, null, true, false); return obtainer.handleUserRealmPasswordCallbacks(); } diff --git a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java index 2532f28a592..5f8964d460b 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java @@ -227,6 +227,38 @@ public void testSha512_256() throws Exception { },mechanism); } + @Test + public void testSha256WithDigestPassword() throws Exception { + mockDigestNonce("5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK"); + Map props = new HashMap<>(); + props.put(CONFIG_REALM, "api@example.org"); + props.put("org.wildfly.security.http.validate-digest-uri", "false"); + HttpServerAuthenticationMechanism mechanism = digestFactory.createAuthenticationMechanism(DIGEST_NAME + "-" + SHA256, props, getCallbackHandler("J\u00E4s\u00F8n Doe", "api@example.org", "Secret, or not?", true)); + + TestingHttpServerRequest request1 = new TestingHttpServerRequest(null); + mechanism.evaluateRequest(request1); + Assert.assertEquals(Status.NO_AUTH, request1.getResult()); + TestingHttpServerResponse response = request1.getResponse(); + Assert.assertEquals(UNAUTHORIZED, response.getStatusCode()); + Assert.assertEquals("Digest realm=\"api@example.org\", nonce=\"5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK\", opaque=\"00000000000000000000000000000000\", algorithm=SHA-256, qop=auth", response.getAuthenticateHeader()); + + TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + "Digest username*=UTF-8''J%C3%A4s%C3%B8n%20Doe,\n" + + " realm=\"api@example.org\",\n" + + " uri=\"/doe.json\",\n" + + " algorithm=SHA-256,\n" + + " nonce=\"5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK\",\n" + + " nc=00000001,\n" + + " cnonce=\"NTg6RKcb9boFIAS3KrFK9BGeh+iDa/sm6jUMp2wds69v\",\n" + + " qop=auth,\n" + + " response=\"" + computeDigest("/doe.json", "5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK", "NTg6RKcb9boFIAS3KrFK9BGeh+iDa/sm6jUMp2wds69v", "00000001", "J\u00E4s\u00F8n Doe", "Secret, or not?", "SHA-256", "api@example.org", "auth", "GET") + "\",\n" + + " opaque=\"00000000000000000000000000000000\",\n" + + " userhash=false" + }); + mechanism.evaluateRequest(request2); + Assert.assertEquals(Status.COMPLETE, request2.getResult()); + } + private String computeDigest(String uri, String nonce, String cnonce, String nc, String username, String password, String algorithm, String realm, String qop, String method) throws NoSuchAlgorithmException { String A1, HashA1, A2, HashA2; MessageDigest md = MessageDigest.getInstance(algorithm); diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java index 7290a17d396..079841980d8 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java @@ -85,7 +85,10 @@ import org.wildfly.security.password.Password; import org.wildfly.security.password.PasswordFactory; import org.wildfly.security.password.interfaces.ClearPassword; +import org.wildfly.security.password.interfaces.DigestPassword; import org.wildfly.security.password.spec.ClearPasswordSpec; +import org.wildfly.security.password.spec.DigestPasswordAlgorithmSpec; +import org.wildfly.security.password.spec.EncryptablePasswordSpec; import mockit.Mock; import mockit.MockUp; @@ -446,10 +449,18 @@ public boolean forward(String path) { } protected CallbackHandler getCallbackHandler(String username, String realm, String password) { - return getCallbackHandler(username, realm, password, null); + return getCallbackHandler(username, realm, password, null, false); } protected CallbackHandler getCallbackHandler(String username, String realm, String password, String token) { + return getCallbackHandler(username, realm, password, token, false); + } + + protected CallbackHandler getCallbackHandler(String username, String realm, String password, boolean useDigestPassword) { + return getCallbackHandler(username, realm, password, null, useDigestPassword); + } + + protected CallbackHandler getCallbackHandler(String username, String realm, String password, String token, boolean useDigestPassword) { return callbacks -> { for (Callback callback : callbacks) { if (callback instanceof AvailableRealmsCallback) { @@ -459,15 +470,30 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri } else if (callback instanceof NameCallback) { Assert.assertEquals(username, ((NameCallback) callback).getDefaultName()); } else if (callback instanceof CredentialCallback) { - if (!ClearPassword.ALGORITHM_CLEAR.equals(((CredentialCallback) callback).getAlgorithm())) { - throw new UnsupportedCallbackException(callback); - } - try { - PasswordFactory factory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, ELYTRON_PASSWORD_PROVIDERS); - Password pass = factory.generatePassword(new ClearPasswordSpec(password.toCharArray())); - ((CredentialCallback) callback).setCredential(new PasswordCredential(pass)); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { - throw new IllegalStateException(e); + if (useDigestPassword) { + if (! DigestPassword.ALGORITHM_DIGEST_SHA_256.equals(((CredentialCallback) callback).getAlgorithm())) { + throw new UnsupportedCallbackException(callback); + } + try { + PasswordFactory factory = PasswordFactory.getInstance(DigestPassword.ALGORITHM_DIGEST_SHA_256, ELYTRON_PASSWORD_PROVIDERS); + DigestPasswordAlgorithmSpec algorithmSpec = new DigestPasswordAlgorithmSpec(username, realm); + EncryptablePasswordSpec encryptableSpec = new EncryptablePasswordSpec(password.toCharArray(), algorithmSpec); + DigestPassword digestPassword = (DigestPassword) factory.generatePassword(encryptableSpec); + ((CredentialCallback) callback).setCredential(new PasswordCredential(digestPassword)); + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + throw new IllegalStateException(e); + } + } else { + if (!ClearPassword.ALGORITHM_CLEAR.equals(((CredentialCallback) callback).getAlgorithm())) { + throw new UnsupportedCallbackException(callback); + } + try { + PasswordFactory factory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, ELYTRON_PASSWORD_PROVIDERS); + Password pass = factory.generatePassword(new ClearPasswordSpec(password.toCharArray())); + ((CredentialCallback) callback).setCredential(new PasswordCredential(pass)); + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + throw new IllegalStateException(e); + } } } else if (callback instanceof EvidenceVerifyCallback) { if (((EvidenceVerifyCallback) callback).getEvidence() instanceof PasswordGuessEvidence) { From c6dd2f123771b6ed79f72275d466f1cf0ce61403 Mon Sep 17 00:00:00 2001 From: areebniyas Date: Thu, 26 Oct 2023 01:23:36 +0530 Subject: [PATCH 087/205] [ELY-2670] Upgrade org.jboss.slf4j:slf4j-jboss-logmanager from 1.0.4.GA to 1.2.0.Final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8343fb04154..36cafe22c52 100644 --- a/pom.xml +++ b/pom.xml @@ -74,7 +74,7 @@ 1.1.6.Final 2.2.1.Final 1.9.2.Final - 1.0.4.GA + 1.2.0.Final 2.0.0 5.0.0 2.4.0.Final From d0f0625d9156b04361d91d346bd61110ae101fc2 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 20 Oct 2023 15:14:38 -0400 Subject: [PATCH 088/205] [ELY-2671] Upgrade org.jboss.threads:jboss-threads from 2.4.0.Final to 3.5.1.Final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b945c4ec1de..a83496fdaf0 100644 --- a/pom.xml +++ b/pom.xml @@ -77,7 +77,7 @@ 1.0.4.GA 2.0.0 5.0.0 - 2.4.0.Final + 3.5.1.Final 1.11 4.13.1 1.34 From 07d8ef617a8ce84312c462145aef3188ac8b7e82 Mon Sep 17 00:00:00 2001 From: lvydra Date: Thu, 26 Oct 2023 10:30:42 +0200 Subject: [PATCH 089/205] [ELY-2661] Upgrade jakarta.enterprise:jakarta.enterprise.cdi-api from 2.0.2 to 4.0.1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a83496fdaf0..99b3d90df32 100644 --- a/pom.xml +++ b/pom.xml @@ -59,7 +59,7 @@ 2.15.3 ${version.com.fasterxml.jackson} 1.5.0 - 2.0.2 + 4.0.1 3.8.1 2.0.0-M24 1.0.0 From a7b1bebfaed77f4143101a40d16424748cbaf91d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Andr=C3=A9s=20P=C3=A9rez=20Batanero?= Date: Thu, 19 Oct 2023 00:41:30 +0200 Subject: [PATCH 090/205] [ELY-2697] Update 4 tests in CompatibilityServerTest to call a common method in order to remove duplicated code --- .../sasl/digest/CompatibilityServerTest.java | 53 ++++++------------- 1 file changed, 15 insertions(+), 38 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java index fa8e5416ee0..42de9f5290c 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java @@ -136,12 +136,7 @@ public void testRfc2831example2() throws Exception { assertEquals("chris", server.getAuthorizationID()); } - - /** - * Test with authorization ID (authzid) of other user - */ - @Test - public void testUnauthorizedAuthorizationId() throws Exception { + private SaslServer testCommonInitSaslServer() throws Exception { mockNonce("OA9BSXrbuRhWay"); Map serverProps = new HashMap(); @@ -159,6 +154,18 @@ public void testUnauthorizedAuthorizationId() throws Exception { assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(message1, "UTF-8")); assertFalse(server.isComplete()); + return server; + } + + + //********************************************** */ + /** + * Test with authorization ID (authzid) of other user + */ + @Test + public void testUnauthorizedAuthorizationId() throws Exception { + SaslServer server = testCommonInitSaslServer(); + byte[] message2 = "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=0d071450228e395e2c0999e02b6aa665,qop=auth,authzid=\"george\"".getBytes(StandardCharsets.UTF_8); try { @@ -560,22 +567,7 @@ public void testQopAuthConfRc440() throws Exception { */ @Test public void testReplayAttack() throws Exception { - mockNonce("OA9BSXrbuRhWay"); - - Map serverProps = new HashMap(); - serverProps.put(REALM_PROPERTY, "elwood.innosoft.com"); - SaslServer server = - new SaslServerBuilder(DigestServerFactory.class, SaslMechanismInformation.Names.DIGEST_MD5) - .setUserName("chris") - .setPassword(ClearPassword.ALGORITHM_CLEAR, new ClearPasswordSpec("secret".toCharArray())) - .setProtocol("acap").setServerName("elwood.innosoft.com") - .setProperties(serverProps) - .build(); - assertFalse(server.isComplete()); - - byte[] message1 = server.evaluateResponse(new byte[0]); - assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(message1, "UTF-8")); - assertFalse(server.isComplete()); + SaslServer server = testCommonInitSaslServer(); byte[] message2 = "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth".getBytes(StandardCharsets.UTF_8); try{ @@ -591,22 +583,7 @@ public void testReplayAttack() throws Exception { */ @Test public void testBadResponse() throws Exception { - mockNonce("OA9BSXrbuRhWay"); - - Map serverProps = new HashMap(); - serverProps.put(REALM_PROPERTY, "elwood.innosoft.com"); - SaslServer server = - new SaslServerBuilder(DigestServerFactory.class, SaslMechanismInformation.Names.DIGEST_MD5) - .setUserName("chris") - .setPassword(ClearPassword.ALGORITHM_CLEAR, new ClearPasswordSpec("secret".toCharArray())) - .setProtocol("acap").setServerName("elwood.innosoft.com") - .setProperties(serverProps) - .build(); - assertFalse(server.isComplete()); - - byte[] message1 = server.evaluateResponse(new byte[0]); - assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(message1, "UTF-8")); - assertFalse(server.isComplete()); + SaslServer server = testCommonInitSaslServer(); byte[] message2 = "charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth".getBytes(StandardCharsets.UTF_8); try{ From a5a74580599e5d87a09f1b958dbaaa43adf0c62d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Andr=C3=A9s=20P=C3=A9rez=20Batanero?= Date: Thu, 26 Oct 2023 17:55:58 +0200 Subject: [PATCH 091/205] [ELY-2696] Update 3 tests in PrincipalMappingSuiteChild to call a common method in order to remove duplicated code --- .../ldap/PrincipalMappingSuiteChild.java | 36 +------------------ 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/ldap/PrincipalMappingSuiteChild.java b/tests/base/src/test/java/org/wildfly/security/ldap/PrincipalMappingSuiteChild.java index 433ad165696..5a4bfa775fb 100644 --- a/tests/base/src/test/java/org/wildfly/security/ldap/PrincipalMappingSuiteChild.java +++ b/tests/base/src/test/java/org/wildfly/security/ldap/PrincipalMappingSuiteChild.java @@ -36,7 +36,7 @@ public class PrincipalMappingSuiteChild { @Test - public void testSimpleToDn() throws RealmUnavailableException { + public void testLdapRealmPrincipalMapping() throws RealmUnavailableException { SecurityRealm realm = LdapSecurityRealmBuilder.builder() .setDirContextSupplier(LdapTestSuite.dirContextFactory.create()) .identityMapping() @@ -68,40 +68,6 @@ public void testDnToSimple() throws RealmUnavailableException { assertFalse("Exists", identity.exists()); } - @Test - public void testSimpleToSimpleValidate() throws RealmUnavailableException { - SecurityRealm realm = LdapSecurityRealmBuilder.builder() - .setDirContextSupplier(LdapTestSuite.dirContextFactory.create()) - .identityMapping() - .setSearchDn("dc=elytron,dc=wildfly,dc=org") - .setRdnIdentifier("uid") - .build() - .build(); - - RealmIdentity identity = realm.getRealmIdentity(new NamePrincipal("PlainUser")); - assertTrue("Exists", identity.exists()); - - identity = realm.getRealmIdentity(new NamePrincipal("nobody")); - assertFalse("Exists", identity.exists()); - } - - @Test - public void testSimpleToSimpleReload() throws RealmUnavailableException { - SecurityRealm realm = LdapSecurityRealmBuilder.builder() - .setDirContextSupplier(LdapTestSuite.dirContextFactory.create()) - .identityMapping() - .setSearchDn("dc=elytron,dc=wildfly,dc=org") - .setRdnIdentifier("uid") - .build() - .build(); - - RealmIdentity identity = realm.getRealmIdentity(new NamePrincipal("PlainUser")); - assertTrue("Exists", identity.exists()); - - identity = realm.getRealmIdentity(new NamePrincipal("nobody")); - assertFalse("Exists", identity.exists()); - } - @Test public void testDnToDnNoLookup() throws RealmUnavailableException { SecurityRealm realm = LdapSecurityRealmBuilder.builder() From f2c789fdd310f4b0f536cbe1e5a944bd6c12efc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20Andr=C3=A9s=20P=C3=A9rez=20Batanero?= Date: Thu, 26 Oct 2023 19:02:27 +0200 Subject: [PATCH 092/205] [ELY-2669] Upgrade org.jboss.modules:jboss-modules from 1.9.2.Final to 1.12.2.Final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 99b3d90df32..20ca041c0b4 100644 --- a/pom.xml +++ b/pom.xml @@ -73,7 +73,7 @@ 2.1.18.Final 1.1.6.Final 2.2.1.Final - 1.9.2.Final + 1.12.2.Final 1.0.4.GA 2.0.0 5.0.0 From 6057ee849bfbf37703d0bc37040c5b045fd1b27f Mon Sep 17 00:00:00 2001 From: OluchukwuCatherineObi-Njoku <105371136+OluchukwuCatherineObi-Njoku@users.noreply.github.com> Date: Thu, 26 Oct 2023 20:14:21 +0000 Subject: [PATCH 093/205] local_variable_renamed --- .../wildfly/security/audit/FileAuditEndpoint.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java b/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java index ea1605b22de..51ccf762718 100644 --- a/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java +++ b/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java @@ -70,7 +70,7 @@ public class FileAuditEndpoint implements AuditEndpoint { } void setFile(final File file) throws IOException { - boolean ok = false; + boolean isSetUp = false; final FileOutputStream fos = new FileOutputStream(file, true); try { final Writer writer = new OutputStreamWriter(new BufferedOutputStream(fos), this.charset); @@ -78,14 +78,14 @@ void setFile(final File file) throws IOException { this.fileDescriptor = fos.getFD(); this.writer = writer; this.file = file; - ok = true; + isSetUp = true; } finally { - if (! ok) { + if (! isSetUp) { safeClose(writer); } } } finally { - if (! ok) { + if (! isSetUp) { safeClose(fos); } } @@ -108,7 +108,7 @@ private void safeClose(Closeable c) { * This method can be overridden by subclasses to modify data written into file (to encrypt them for example), * or just for counting amount of written bytes for needs of log rotation and similar. * - * This method can be invoked only in synchronization block surrounding one log message processing. + * This method can be invisSetUped only in synchronization block surrounding one log message processing. * * @param toWrite the String to be written into the target local file */ @@ -121,7 +121,7 @@ void write(String toWrite) throws IOException { * This method is NO-OP by default. It is intended to be overridden by subclasses * which need to perform some operation before every writing into the target local file. * - * This method can be invoked only in synchronization block surrounding one log message processing. + * This method can be invisSetUped only in synchronization block surrounding one log message processing. * * @param instant time of the message acceptance */ From 3815d3baf1c68bd69a8b54b9dd9a1e86d8eb9e34 Mon Sep 17 00:00:00 2001 From: petrberan Date: Tue, 17 Jan 2023 19:40:51 +0100 Subject: [PATCH 094/205] [ELY-489] Add JavaDoc for the 'org.wildfly.security.mechanism' package and sub packages --- .../AuthenticationMechanismException.java | 8 ++ .../security/mechanism/MechanismUtil.java | 2 + .../mechanism/ScramServerErrorCode.java | 18 ++++ .../mechanism/ScramServerException.java | 5 ++ .../mechanism/_private/MechanismUtil.java | 2 + .../mechanism/digest/DigestQuote.java | 18 +++- .../security/mechanism/digest/DigestUtil.java | 51 +++++++++-- .../digest/PasswordDigestObtainer.java | 50 ++++++++++- .../gssapi/GSSCredentialSecurityFactory.java | 71 ++++++++++++++- ...ernamePasswordAuthenticationMechanism.java | 32 ++++++- .../mechanism/oauth2/OAuth2Client.java | 24 ++++- .../oauth2/OAuth2InitialClientMessage.java | 29 ++++++ .../mechanism/oauth2/OAuth2Server.java | 37 +++++++- .../security/mechanism/scram/ScramClient.java | 81 +++++++++++++++++ .../scram/ScramFinalClientMessage.java | 57 ++++++++++++ .../scram/ScramFinalServerMessage.java | 28 ++++++ .../scram/ScramInitialClientMessage.java | 90 +++++++++++++++++++ .../scram/ScramInitialServerMessage.java | 56 ++++++++++++ .../scram/ScramInitialServerResult.java | 18 ++++ .../mechanism/scram/ScramMechanism.java | 57 +++++++++++- .../security/mechanism/scram/ScramServer.java | 70 +++++++++++++++ .../security/mechanism/scram/ScramUtil.java | 23 +++++ 22 files changed, 807 insertions(+), 20 deletions(-) diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java index 525fd9fdba3..e5a82cb2d03 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/AuthenticationMechanismException.java @@ -102,6 +102,14 @@ public static AuthenticationMechanismException fromException(final Exception sou return copyContents(source, new AuthenticationMechanismException(source.getMessage(), source.getCause())); } + /** + * Copies the stack trace and suppressed exceptions from a source exception to a specified throwable. + * + * @param source the source exception from which the stack trace and suppressed exceptions should be copied. + * @param throwable the throwable to which the contents should be copied. + * @param the type of throwable to which the contents should be copied. + * @return the throwable that was passed in as a parameter, with the contents copied from the source exception. + */ private static T copyContents(final Exception source, final T throwable) { throwable.setStackTrace(source.getStackTrace()); final Throwable[] suppressed = source.getSuppressed(); diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java index 622a53c1f1b..c845093aeef 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java @@ -57,6 +57,7 @@ private MechanismUtil() {} * @param providers the security providers to use with the {@link PasswordFactory} * @param the password type * @return the password + * @throws AuthenticationMechanismException if there is an error retrieving the password */ @Deprecated public static S getPasswordCredential(String userName, CallbackHandler callbackHandler, Class passwordType, String passwordAlgorithm, AlgorithmParameterSpec matchParameters, AlgorithmParameterSpec generateParameters, Supplier providers) throws AuthenticationMechanismException { @@ -78,6 +79,7 @@ public static S getPasswordCredential(String userName, Call * @param the password type * @param log mechanism specific logger * @return the password + * @throws AuthenticationMechanismException if there is an error retrieving the password */ @Deprecated public static S getPasswordCredential(String userName, CallbackHandler callbackHandler, Class passwordType, String passwordAlgorithm, AlgorithmParameterSpec matchParameters, AlgorithmParameterSpec generateParameters, Supplier providers, ElytronMessages log) throws AuthenticationMechanismException { diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java index f1659f2dcef..111a4c2a340 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerErrorCode.java @@ -45,6 +45,9 @@ public enum ScramServerErrorCode { private final String text; private final byte[] messageBytes; + /** + * Creates an error code instance with a String representation and a byte array for error message. + */ ScramServerErrorCode() { text = name().replace('_', '-').toLowerCase(Locale.US); final int length = text.length(); @@ -54,14 +57,29 @@ public enum ScramServerErrorCode { messageBytes = msg; } + /** + * Returns the String representation of the error code. + * + * @return String representation of the error code. + */ public String getText() { return text; } + /** + * Returns the copy of the byte array representing the error message. + * + * @return copy of the byte array representing the error message. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } + /** + * Returns the byte array representing the error message. + * + * @return the byte array representing the error message. + */ byte[] getRawMessageBytes() { return messageBytes; } diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java index a0594f69c42..7e7057ad1d2 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/ScramServerException.java @@ -83,6 +83,11 @@ public String getMessage() { return super.getMessage() + ": " + error.getText(); } + /** + * Returns the error code of the exception. + * + * @return the error code of the exception. + */ public ScramServerErrorCode getError() { return error; } diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java index 74e7b99e85c..32192d27f85 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/_private/MechanismUtil.java @@ -67,6 +67,7 @@ private MechanismUtil() {} * @param the password type * @param log mechanism specific logger * @return the password + * @throws AuthenticationMechanismException if there is an error retrieving the password */ public static S getPasswordCredential(String userName, CallbackHandler callbackHandler, Class passwordType, String passwordAlgorithm, AlgorithmParameterSpec matchParameters, AlgorithmParameterSpec generateParameters, Supplier providers, ElytronMessages log) throws AuthenticationMechanismException { Assert.checkNotNullParam("userName", userName); @@ -168,6 +169,7 @@ public static void handleCallbacks(ElytronMessages log, CallbackHandler callback * @param scope the HTTP scope to store computed value (must not be {@code null}) * @param key the key to retrieve (must not be {@code null}) * @param mappingFunction the function to apply to acquire the value (must not be {@code null}) + * @param the type of returned value * @return the stored or new value (not {@code null}) */ public static R computeIfAbsent(HttpScope scope, String key, Function mappingFunction) { diff --git a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java index 0f6cc400572..da81adc1fb7 100644 --- a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java +++ b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestQuote.java @@ -21,7 +21,7 @@ import org.wildfly.common.bytes.ByteStringBuilder; /** - * Utility class used to convert string to quoted strings + * Utility class used to convert string to quoted strings. * * @author Peter Skopek * @@ -33,6 +33,12 @@ public class DigestQuote { private DigestQuote() { } + /** + * Checks if a given character needs to be quoted. + * + * @param ch the character to check. + * @return {@code true} if the character needs to be quoted, {@code false} otherwise. + */ private static boolean quoteNeeded(char ch) { return ch == '"' || // escape char @@ -46,8 +52,8 @@ private static boolean quoteNeeded(char ch) { /** * Creates new String quoted by SASL rules. * - * @param inputStr String to be quoted - * @return + * @param inputStr String to be quoted. + * @return new String with quoted characters. */ public static String quote(String inputStr) { int len = inputStr.length(); @@ -64,6 +70,12 @@ public static String quote(String inputStr) { return sb.toString(); } + /** + * Creates new Array quoted by SASL rules. + * + * @param input Byte array to be quoted. + * @return new byte array with quoted bytes. + */ public static byte[] quote(byte[] input) { ByteStringBuilder bsb = new ByteStringBuilder(); for (int i = 0; i < input.length; i++) { diff --git a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java index fc4e4399638..c277abd51d1 100644 --- a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java +++ b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/DigestUtil.java @@ -30,8 +30,6 @@ import java.util.HashMap; import java.util.function.Supplier; -import javax.security.sasl.SaslException; - import org.wildfly.common.bytes.ByteStringBuilder; import org.wildfly.security.mechanism._private.ElytronMessages; import org.wildfly.security.mechanism.AuthenticationMechanismException; @@ -52,9 +50,12 @@ public class DigestUtil { /** * Client side method to parse challenge sent by server. * - * @param challenge - * @return - * @throws AuthenticationMechanismException + * @param challenge the byte array representing the authentication challenge to be parsed. + * @param charset the charset to decide which whitespace separator is used. + * @param multiRealm {@code true} if there are multiple realms in the challenge, {@code false} otherwise + * @param log the logger to use. + * @return A new HashMap representing response for the parsed challenge + * @throws AuthenticationMechanismException if there is an error parsing the challenge */ public static HashMap parseResponse(byte [] challenge, Charset charset, boolean multiRealm, ElytronMessages log) throws AuthenticationMechanismException { @@ -170,6 +171,15 @@ else if (expectSeparator) { return response; } + /** + * Adds a key-value pair to a HashMap representing a parsed challenge. + * + * @param response the HashMap to add the key-value pair to. + * @param keyBuilder the StringBuilder containing the key. + * @param valueBuilder the ByteStringBuilder containing the value. + * @param realmNumber the current number of realms in the parsed challenge. + * @return the updated number of realms in the parsed challenge. + */ private static int addToParsedChallenge(HashMap response, StringBuilder keyBuilder, ByteStringBuilder valueBuilder, int realmNumber) { String k = keyBuilder.toString(); byte[] v = valueBuilder.toArray(); @@ -183,6 +193,13 @@ private static int addToParsedChallenge(HashMap response, String return realmNumber; } + /** + * Finds the next non-whitespace character in a byte array. + * + * @param buffer the byte array to search in. + * @param startPoint the starting point in the buffer to begin the search. + * @return the index of the next non-whitespace character. + */ private static int skipWhiteSpace(byte[] buffer, int startPoint) { int i = startPoint; while (i < buffer.length && isWhiteSpace(buffer[i])) { @@ -191,6 +208,12 @@ private static int skipWhiteSpace(byte[] buffer, int startPoint) { return i; } + /** + * Checks if a given byte is a whitespace character. + * + * @param b the byte to check. + * @return {@code true} if the byte is a whitespace character, {@code false} otherwise. + */ private static boolean isWhiteSpace(byte b) { if (b == 13) // CR return true; @@ -204,6 +227,15 @@ else if (b == 32) // SPACE return false; } + /** + * Digests the concatenated username, realm and password. + * + * @param messageDigest the message digest algorithm to use when computing the digest. + * @param username the username to use when concatenating. + * @param realm the realm to use when concatenating. + * @param password the password in the form of a char array to use when concatenating. + * @return byte array of the digested password. + */ public static byte[] userRealmPasswordDigest(MessageDigest messageDigest, String username, String realm, char[] password) { CharsetEncoder latin1Encoder = StandardCharsets.ISO_8859_1.newEncoder(); latin1Encoder.reset(); @@ -232,10 +264,13 @@ public static byte[] userRealmPasswordDigest(MessageDigest messageDigest, String } /** - * Get array of password chars from TwoWayPassword + * Get array of password chars from TwoWayPassword. * - * @return - * @throws SaslException + * @param password the TwoWayPassword that needs to be processed. + * @param providers the supplier for the providers to be used for processing. + * @param log the logger to use. + * @throws AuthenticationMechanismException if there is an error retrieving the encoded password. + * @return encoded password in the form of a char array. */ public static char[] getTwoWayPasswordChars(TwoWayPassword password, Supplier providers, ElytronMessages log) throws AuthenticationMechanismException { if (password == null) { diff --git a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java index b876af7ad2c..7af037bd6ba 100644 --- a/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java +++ b/mechanism/digest/src/main/java/org/wildfly/security/mechanism/digest/PasswordDigestObtainer.java @@ -45,7 +45,7 @@ import static org.wildfly.security.mechanism.digest.DigestUtil.userRealmPasswordDigest; /** - * Utility class used to obtain username+realm+password using SASL/HTTP mechanism callbacks + * Utility class used to obtain username+realm+password using SASL/HTTP mechanism callbacks. * * @author Jan Kalina */ @@ -67,6 +67,20 @@ public class PasswordDigestObtainer { private RealmCallback realmCallback; private NameCallback nameCallback; + /** + * Constructs a new {@code PasswordDigestObtainer} instance. + * + * @param callbackHandler the callbackHandler to handle the callbacks required to obtain the username and password. + * @param defaultUsername the default username to use if a callback is not provided. + * @param defaultRealm the default realm to use if a callback is not provided. + * @param log the logger to use. + * @param credentialAlgorithm the name of the algorithm for obtaining the credential. + * @param messageDigest the {@link MessageDigest} used for digesting the password. + * @param passwordFactoryProviders the supplier of the providers to use when creating a {@code PasswordFactory} instance. + * @param realms the realms to check for a user and password. + * @param readOnlyRealmUsername {@code true} if the username passed in the callback can be modified, {@code false} otherwise. + * @param skipRealmCallbacks {@code true} if realm callbacks should be skipped, {@code false} otherwise. + */ public PasswordDigestObtainer(CallbackHandler callbackHandler, String defaultUsername, String defaultRealm, ElytronMessages log, String credentialAlgorithm, MessageDigest messageDigest, Supplier passwordFactoryProviders, String[] realms, @@ -83,14 +97,30 @@ public PasswordDigestObtainer(CallbackHandler callbackHandler, String defaultUse this.skipRealmCallbacks = skipRealmCallbacks; } + /** + * Returns the username obtained from callback or the default one. + * + * @return the username obtained from callback or the default one. + */ public String getUsername() { return username; } + /** + * Returns the realm obtained from callback or the default one. + * + * @return the realm obtained from callback or the default one. + */ public String getRealm() { return realm; } + /** + * Handles callbacks for user and password information. + * + * @return the salted password. + * @throws AuthenticationMechanismException if the callback handler does not support credential acquisition. + */ public byte[] handleUserRealmPasswordCallbacks() throws AuthenticationMechanismException { realmChoiceCallBack = skipRealmCallbacks || realms == null || realms.length <= 1 ? null : @@ -115,6 +145,12 @@ public byte[] handleUserRealmPasswordCallbacks() throws AuthenticationMechanismE throw log.mechCallbackHandlerDoesNotSupportCredentialAcquisition(null); } + /** + * Obtains the pre-digested salted password for the {@code username} in the {@code realm}. + * + * @return the pre-digested salted password if obtained, {@code null} otherwise. + * @throws AuthenticationMechanismException if an exception occurs while handling the callbacks. + */ private byte[] getPredigestedSaltedPassword() throws AuthenticationMechanismException { if (realmChoiceCallBack != null) { try { @@ -180,6 +216,12 @@ private byte[] getPredigestedSaltedPassword() throws AuthenticationMechanismExce return null; } + /** + * Obtains the salted password from a two-way callback. + * + * @return the byte array of the salted password if obtained, {@code null} otherwise. + * @throws AuthenticationMechanismException if an error occurs during the process of handling callbacks or obtaining the password. + */ private byte[] getSaltedPasswordFromTwoWay() throws AuthenticationMechanismException { if (realmChoiceCallBack != null) { try { @@ -253,6 +295,12 @@ private byte[] getSaltedPasswordFromTwoWay() throws AuthenticationMechanismExcep return null; } + /** + * Obtains the salted password from a password callback. + * + * @return the byte array of the salted password. + * @throws AuthenticationMechanismException if an error occurs during the process of handling callbacks or obtaining the password. + */ private byte[] getSaltedPasswordFromPasswordCallback() throws AuthenticationMechanismException { PasswordCallback passwordCallback = new PasswordCallback("User password: ", false); diff --git a/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java b/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java index 03566163be3..2322b9ede25 100644 --- a/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java +++ b/mechanism/gssapi/src/main/java/org/wildfly/security/mechanism/gssapi/GSSCredentialSecurityFactory.java @@ -87,12 +87,25 @@ public final class GSSCredentialSecurityFactory implements SecurityFactory credentialOperator; + /** + * Constructs a new {@code GSSCredentialSecurityFactory} instance. + * + * @param minimumRemainingLifetime the minimum remaining lifetime for a {@link GSSCredential} in seconds. + * @param rawSupplier the supplier of raw credentials. + */ GSSCredentialSecurityFactory(final int minimumRemainingLifetime, final ExceptionSupplier rawSupplier) { this.minimumRemainingLifetime = minimumRemainingLifetime; this.rawSupplier = rawSupplier; credentialOperator = this::update; } + /** + * Updates the {@link GSSKerberosCredential}. If the original is not valid, it gets a new {@code GSSKerberosCredential} + * from the {@code rawSupplier}, otherwise returns the original. + * + * @param original the original {@code GSSKerberosCredential} to be updated. + * @return the original if still valid, new {@code GSSKerberosCredential} otherwise. + */ private GSSKerberosCredential update(GSSKerberosCredential original) { GSSKerberosCredential result = null; try { @@ -116,6 +129,13 @@ private GSSKerberosCredential update(GSSKerberosCredential original) { return result; } + /** + * Checks if the GSSCredential is still valid. + * + * @param gssCredential the GSSCredential to check. + * @return {@code true} if the GSSCredential is valid, {@code false} otherwise. + * @throws GeneralSecurityException if an error occurs during the validation. + */ private boolean testIsValid(GSSCredential gssCredential) throws GeneralSecurityException { checkNotNullParam("gssCredential", gssCredential); boolean stillValid; @@ -131,6 +151,12 @@ private boolean testIsValid(GSSCredential gssCredential) throws GeneralSecurityE return stillValid; } + /** + * Checks if the Kerberos ticket is still valid. If not, attempts to refresh it. + * + * @param ticket the Kerberos ticket to be checked. + * @return {@code true} if the ticket is valid, {@code false} otherwise. + */ private boolean testIsValid(KerberosTicket ticket) { if (ticket == null) { log.trace("No cached KerberosTicket"); @@ -231,9 +257,9 @@ public Builder setIsServer(final boolean isServer) { } /** - * Set if the KerberosTicket should also be obtained and associated with the Credential/ + * Set if the KerberosTicket should also be obtained and associated with the Credential. * - * @param obtainKerberosTicket if the KerberosTicket should also be obtained and associated with the Credential/ + * @param obtainKerberosTicket if the KerberosTicket should also be obtained and associated with the Credential. * @return {@code this} to allow chaining. */ public Builder setObtainKerberosTicket(final boolean obtainKerberosTicket) { @@ -297,7 +323,7 @@ public Builder setPrincipal(final String principal) { } /** - * Set if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential} + * Set if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential}. * * @param debug if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential} * @return {@code this} to allow chaining. @@ -336,7 +362,7 @@ public Builder setCheckKeyTab(final boolean value) { } /** - * Set other configuration options for {@code Krb5LoginModule} + * Set other configuration options for {@code Krb5LoginModule}. * * @param options the configuration options which will be appended to options passed into {@code Krb5LoginModule} * @return {@code this} to allow chaining. @@ -380,6 +406,14 @@ public SecurityFactory build() throws IOException { return new GSSCredentialSecurityFactory(minimumRemainingLifetime > 0 ? minimumRemainingLifetime : 0, () -> createGSSCredential(configuration)); } + /** + * Creates an instance of the {@link GSSKerberosCredential} class, which represents a Kerberos credential + * that can be used for authentication using the GSS-API. + * + * @param configuration the configuration used for creating the {@link LoginContext}. + * @return the {@code GSSKerberosCredential} - the GSSCredential object and Kerberos Ticket (if {@code obtainKerberosTicket} is {@code true}. + * @throws GeneralSecurityException if an error occurs during the creation of {@code GSSKerberosCredential}. + */ private GSSKerberosCredential createGSSCredential(Configuration configuration) throws GeneralSecurityException { if (failCache != 0 && System.currentTimeMillis() - lastFailTime < failCache * 1000) { throw log.initialLoginSkipped(failCache); @@ -445,10 +479,24 @@ private GSSKerberosCredential createGSSCredential(Configuration configuration) t } } + /** + * Performs a privileged action. If a security manager is set, the action will be executed via + * {@link AccessController#doPrivileged(PrivilegedAction)}. If no security manager is set, + * the action will be executed directly. + * + * @param action the action do be executed. + * @param the type of the action. + * @return the result of the executed action. + */ private static T doPrivileged(final PrivilegedAction action) { return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run(); } + /** + * Checks if the keytab exists and if it contains any keys for the specified principal. + * + * @throws IOException if the keytab does not exist or if it does not contain any keys for the specified principal. + */ private void checkKeyTab() throws IOException { KeyTab kt = KeyTab.getInstance(keyTab); if (!kt.exists()) { @@ -459,6 +507,12 @@ private void checkKeyTab() throws IOException { } } + /** + * Creates a {@link Configuration} that is used to initiate a {@link LoginContext}. + * + * @return a {@code Configuration} for initiating a {@code LoginContext}. + * @throws IOException if the keyTab does not exist or there are no keys for the principal in the keyTab. + */ private Configuration createConfiguration() throws IOException { Map options = new HashMap<>(); if (debug) { @@ -491,6 +545,9 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name) { }; } + /** + * Asserts that the builder has not yet been built. + */ private void assertNotBuilt() { if (built) { throw log.builderAlreadyBuilt(); @@ -499,6 +556,12 @@ private void assertNotBuilt() { } + /** + * Wraps the given {@link GSSCredential} and prevents it from being disposed. + * + * @param credential the {@code GSSCredential} to be wrapped. + * @return the wrapped {@code GSSCredential}. + */ private static GSSCredential wrapCredential(final GSSCredential credential) { return new GSSCredential() { diff --git a/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java b/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java index 328ef1cd200..413848192c5 100644 --- a/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java +++ b/mechanism/http/src/main/java/org/wildfly/security/mechanism/http/UsernamePasswordAuthenticationMechanism.java @@ -49,13 +49,24 @@ public abstract class UsernamePasswordAuthenticationMechanism implements HttpSer protected final CallbackHandler callbackHandler; /** - * @param callbackHandler + * Constructs a new {@code UsernamePasswordAuthenticationMechanism} instance. + * + * @param callbackHandler the CallbackHandler used for authentication. */ protected UsernamePasswordAuthenticationMechanism(CallbackHandler callbackHandler) { super(); this.callbackHandler = callbackHandler; } + /** + * Authenticates the user for provided realm using their username and password. + * + * @param realmName the realm for which the user is authenticating. + * @param username the username of the authenticating user. + * @param password the password of the authenticating user. + * @return {@code true} if the user is authenticated for the realm, {@code false} otherwise. + * @throws HttpAuthenticationException if there was an IOException caused by the CallbackHandler. + */ protected boolean authenticate(String realmName, String username, char[] password) throws HttpAuthenticationException { RealmCallback realmCallback = realmName != null ? new RealmCallback("User realm", realmName) : null; NameCallback nameCallback = new NameCallback("Remote Authentication Name", username); @@ -94,6 +105,13 @@ protected boolean authenticate(String realmName, String username, char[] passwor } } + /** + * Checks if the user is authorized. + * + * @param username the username to authorize. + * @return {@code true} if the user is authorized, {@code false} otherwise. + * @throws HttpAuthenticationException if there was an IOException caused by the CallbackHandler. + */ protected boolean authorize(String username) throws HttpAuthenticationException { httpUserPass.debugf("Username authorization. Username: [%s].", username); @@ -111,10 +129,22 @@ protected boolean authorize(String username) throws HttpAuthenticationException } } + /** + * Sends the information to the callbackHandler that the authorization succeeded. + * + * @throws IOException if an input or output error occurs. + * @throws UnsupportedCallbackException if the implementation of callbackHandler does not support the specified Callback type. + */ protected void succeed() throws IOException, UnsupportedCallbackException { callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED }); } + /** + * Sends the information to the callbackHandler that the authorization failed. + * + * @throws IOException if an input or output error occurs. + * @throws UnsupportedCallbackException if the implementation of callbackHandler does not support the specified Callback type. + */ protected void fail() throws IOException, UnsupportedCallbackException { callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.FAILED }); } diff --git a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java index 315b9c1ee8e..ec78a73eeaa 100644 --- a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java +++ b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Client.java @@ -33,6 +33,8 @@ import static org.wildfly.common.Assert.assertTrue; /** + * Implementation of the client side of the OAuth2 SASL mechanism. + * * @author Pedro Igor */ public class OAuth2Client { @@ -43,12 +45,26 @@ public class OAuth2Client { private final String authorizationId; private ElytronMessages log; + /** + * Constructs a new {@code OAuth2Client} instance. + * + * @param authorizationId the ID of the user to be authorized. + * @param callbackHandler the callback handler for verifying the Bearer token. + * @param log the logger to use. + */ public OAuth2Client(String authorizationId, CallbackHandler callbackHandler, ElytronMessages log) { this.authorizationId = authorizationId; this.callbackHandler = callbackHandler; this.log = log; } + /** + * Gets the initial response message from the client that will be sent to the server. + * It retrieves the Bearer token from a callback and constructs an encoded message that includes the token. + * + * @return encoded message that includes the Bearer token. + * @throws AuthenticationMechanismException if an error occurs during the callback or the token is {@code null}. + */ public OAuth2InitialClientMessage getInitialResponse() throws AuthenticationMechanismException { final CredentialCallback credentialCallback = new CredentialCallback(BearerTokenCredential.class); @@ -80,13 +96,19 @@ public OAuth2InitialClientMessage getInitialResponse() throws AuthenticationMech return new OAuth2InitialClientMessage(null, null, encoded.toArray()); } + /** + * Handles the server's response to the initial client message. + * + * @param serverMessage the byte array containing the server's response. + * @return {@code null} if the response was successful, aborting the authentication otherwise. + */ public byte[] handleServerResponse(byte[] serverMessage) { // got a successful response if (serverMessage.length == 0) { return null; } - // otherwise, server responded with a error message + // otherwise, server responded with an error message try { String errorMessage = ByteIterator.ofBytes(serverMessage).asUtf8String().base64Decode().asUtf8String().drainToString(); log.debugf("Got error message from server [%s].", errorMessage); diff --git a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java index f5b6d6014a4..c244b043213 100644 --- a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java +++ b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2InitialClientMessage.java @@ -19,6 +19,8 @@ package org.wildfly.security.mechanism.oauth2; /** + * Represents the initial client message for OAuth2 protocol. + * * @author Pedro Igor */ public class OAuth2InitialClientMessage { @@ -27,24 +29,51 @@ public class OAuth2InitialClientMessage { private final byte[] messageBytes; private final String authorizationId; + /** + * Constructs a new {@code OAuth2InitialClientMessage} instance. + * + * @param authorizationId the ID of the user to be authorized. + * @param auth the authorization information in form of a String. + * @param messageBytes the byte array containing the message. + */ public OAuth2InitialClientMessage(String authorizationId, String auth, byte[] messageBytes) { this.authorizationId = authorizationId; this.auth = auth; this.messageBytes = messageBytes; } + /** + * Returns the ID of the user to be authorized. + * + * @return the ID of the user to be authorized. + */ public String getAuthorizationId() { return this.authorizationId; } + /** + * Returns the byte array containing the message. + * + * @return the byte array containing the message. + */ public byte[] getMessage() { return this.messageBytes; } + /** + * Returns the authorization information in form of a String. + * + * @return the authorization information in form of a String. + */ public String getAuth() { return auth; } + /** + * Returns whether the client provides a Bearer token. + * + * @return {@code True} if the authorization information contains "Bearer", {@code false} otherwise. + */ public boolean isBearerToken() { return this.auth.startsWith("Bearer"); } diff --git a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java index c1c3e52324f..306771e6fc8 100644 --- a/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java +++ b/mechanism/oauth2/src/main/java/org/wildfly/security/mechanism/oauth2/OAuth2Server.java @@ -40,7 +40,7 @@ import org.wildfly.security.mechanism.AuthenticationMechanismException; /** - * An OAuth2 Sasl Server based on RFC-7628. + * An OAuth2 Server based on RFC-7628. * * @author Pedro Igor */ @@ -53,12 +53,26 @@ public class OAuth2Server { private final Map serverConfig; private ElytronMessages log; + /** + * Constructs a new {@code OAuth2Server} instance. + * + * @param callbackHandler the callback handler for verifying the Bearer token. + * @param serverConfig the server configuration. + * @param log the logger to use. + */ public OAuth2Server(CallbackHandler callbackHandler, Map serverConfig, ElytronMessages log) { this.callbackHandler = callbackHandler; this.serverConfig = serverConfig; this.log = log; } + /** + * Parses the initial client's message in OAuth2 protocol. + * + * @param fromBytes the initial client's message. + * @return parsed client's message. + * @throws AuthenticationMechanismException if an error occurs during the parsing or the message is invalid. + */ public OAuth2InitialClientMessage parseInitialClientMessage(byte[] fromBytes) throws AuthenticationMechanismException { byte[] messageBytes = fromBytes.clone(); ByteIterator byteIterator = ByteIterator.ofBytes(fromBytes.clone()); @@ -98,6 +112,13 @@ public OAuth2InitialClientMessage parseInitialClientMessage(byte[] fromBytes) th } } + /** + * Returns the value associated with a key from an OAuth2 message. + * + * @param key the key for which the value is extracted. + * @param keyValuesPart the String containing key-value pairs in form of OAuth2 message. + * @return the value of the key-value pair, {@code null} if the key is not found. + */ private String getValue(String key, String keyValuesPart) { for (String current : keyValuesPart.split(KV_DELIMITER)) { String[] keyValue = current.split("="); @@ -110,6 +131,14 @@ private String getValue(String key, String keyValuesPart) { return null; } + /** + * Evaluates the initial response sent by the client and verifies if the Bearer token is valid. + * If so, authorizes the user. + * + * @param initialClientMessage the initial client's message containing the Bearer token. + * @return an empty byte array if the token was authorized, error message otherwise. + * @throws AuthenticationMechanismException if an error occurs during the evaluation or the message doesn't contain the Bearer token. + */ public byte[] evaluateInitialResponse(OAuth2InitialClientMessage initialClientMessage) throws AuthenticationMechanismException { if (initialClientMessage.isBearerToken()) { String auth = initialClientMessage.getAuth(); @@ -153,6 +182,12 @@ public byte[] evaluateInitialResponse(OAuth2InitialClientMessage initialClientMe throw log.mechInvalidClientMessage(); } + /** + * Creates an error message in the format of a json object. + * + * @return The error message containing a "status" field with the value "invalid_token" + * and an optional field "openid-configuration" with {@code CONFIG_OPENID_CONFIGURATION_URL} value. + */ private byte[] createErrorMessage() { JsonObjectBuilder objectBuilder = Json.createObjectBuilder(); diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java index 0531242c362..c6cb67e86b9 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramClient.java @@ -48,6 +48,8 @@ import org.wildfly.security.sasl.util.StringPrep; /** + * A client-side implementation for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramClient { @@ -61,6 +63,19 @@ public final class ScramClient { private final int minimumIterationCount; private final int maximumIterationCount; + /** + * Constructs a new {@code ScramClient} instance. + * + * @param mechanism the SCRAM mechanism used for the authentication. + * @param authorizationId the ID of the user to be authorized. + * @param callbackHandler the callbackHandler used for the authentication. + * @param secureRandom an optional secure RNG to use. + * @param bindingData the binding data for the "PLUS" channel binding option. + * @param bindingType the binding type for the "PLUS" channel binding option. + * @param minimumIterationCount the minimum number of iterations for password hashing. + * @param maximumIterationCount the maximum number of iterations for password hashing. + * @param providers the security providers. + */ ScramClient(final ScramMechanism mechanism, final String authorizationId, final CallbackHandler callbackHandler, final SecureRandom secureRandom, final byte[] bindingData, final String bindingType, final int minimumIterationCount, final int maximumIterationCount, final Supplier providers) { this.mechanism = mechanism; this.authorizationId = authorizationId; @@ -73,26 +88,56 @@ public final class ScramClient { this.providers = providers; } + /** + * Returns the secure RNG used for the authentication. + * + * @return the secure RNG used for the authentication. + */ Random getRandom() { return secureRandom != null ? secureRandom : ThreadLocalRandom.current(); } + /** + * Returns the SCRAM mechanism used for the authentication. + * + * @return the SCRAM mechanism used for the authentication. + */ public ScramMechanism getMechanism() { return mechanism; } + /** + * Returns the ID of the user to be authorized. + * + * @return the ID of the user to be authorized. + */ public String getAuthorizationId() { return authorizationId; } + /** + * Returns the binding type for the "PLUS" channel binding option. + * + * @return the binding type for the "PLUS" channel binding option. + */ public String getBindingType() { return bindingType; } + /** + * Returns the binding data for the "PLUS" channel binding option. + * + * @return the binding data for the "PLUS" channel binding option. + */ byte[] getRawBindingData() { return bindingData; } + /** + * Returns a copy of the binding data for the "PLUS" channel binding option. + * + * @return a copy of the binding data for the "PLUS" channel binding option. + */ public byte[] getBindingData() { final byte[] bindingData = this.bindingData; return bindingData == null ? null : bindingData.clone(); @@ -146,6 +191,15 @@ public ScramInitialClientMessage getInitialResponse() throws AuthenticationMecha return new ScramInitialClientMessage(this, name, binding, nonce, initialPartIndex, encoded.toArray()); } + /** + * Parses the initial server message and creates {@link ScramInitialServerMessage} from parsed information. + * Also checks if the message have all necessary properties. + * + * @param initialResponse the initial client response for the server. + * @param bytes the byte array containing the initial server message to parse. + * @return the initial server message. + * @throws AuthenticationMechanismException if an error occurs during the parsing. + */ public ScramInitialServerMessage parseInitialServerMessage(final ScramInitialClientMessage initialResponse, final byte[] bytes) throws AuthenticationMechanismException { final byte[] challenge = bytes.clone(); final ByteIterator bi = ByteIterator.ofBytes(challenge); @@ -190,6 +244,18 @@ public ScramInitialServerMessage parseInitialServerMessage(final ScramInitialCli return new ScramInitialServerMessage(initialResponse, serverNonce, salt, iterationCount, challenge); } + /** + * Handles the initial challenge from the server and create a response from the client. + * The method uses a password credential obtained from the callback handler to derive a salted password, + * which is then used to generate a client key, stored key, and client proof. + * + * @param initialResponse the initial client message. + * @param initialChallenge the initial server message. + * @return the final client message. + * @throws AuthenticationMechanismException if an error occurs while obtaining the password, + * creating the {@link ScramFinalClientMessage} or the mechanism in the initial response or challenge message + * does not match the mechanism expected by the server + */ public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage initialResponse, ScramInitialServerMessage initialChallenge) throws AuthenticationMechanismException { boolean trace = saslScram.isTraceEnabled(); @@ -288,6 +354,14 @@ public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage } } + /** + * Parses the final server message and creates {@link ScramFinalServerMessage} from parsed information. + * Also checks if the message have all necessary properties. + * + * @param messageBytes the byte array of the final server message. + * @return the final server message. + * @throws AuthenticationMechanismException if an error occurs during the parsing or the server rejected the authentication request. + */ public ScramFinalServerMessage parseFinalServerMessage(final byte[] messageBytes) throws AuthenticationMechanismException { final ByteIterator bi = ByteIterator.ofBytes(messageBytes); final byte[] sig; @@ -312,6 +386,13 @@ public ScramFinalServerMessage parseFinalServerMessage(final byte[] messageBytes return new ScramFinalServerMessage(sig, messageBytes); } + /** + * Verifies the final challenge received from the server. + * + * @param finalResponse the final client message. + * @param finalChallenge the final server message. + * @throws AuthenticationMechanismException if an error occurs during the verification or the server signature is invalid. + */ public void verifyFinalChallenge(final ScramFinalClientMessage finalResponse, final ScramFinalServerMessage finalChallenge) throws AuthenticationMechanismException { boolean trace = saslScram.isTraceEnabled(); diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java index ed77a508121..066f1ff8bde 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalClientMessage.java @@ -21,6 +21,8 @@ import org.wildfly.security.password.interfaces.ScramDigestPassword; /** + * Final client message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramFinalClientMessage { @@ -32,6 +34,16 @@ public final class ScramFinalClientMessage { private final byte[] messageBytes; private final int proofOffset; + /** + * Constructs a new {@code ScramFinalClientMessage} instance. + * + * @param initialResponse the initial client message. + * @param initialChallenge the initial server message. + * @param password the password used for authentication. + * @param clientProof the client proof sent to the server. + * @param messageBytes the byte array of the message. + * @param proofOffset the proof location in the {@code messageBytes}. + */ ScramFinalClientMessage(final ScramInitialClientMessage initialResponse, final ScramInitialServerMessage initialChallenge, final ScramDigestPassword password, final byte[] clientProof, final byte[] messageBytes, final int proofOffset) { this.initialResponse = initialResponse; this.initialChallenge = initialChallenge; @@ -41,38 +53,83 @@ public final class ScramFinalClientMessage { this.proofOffset = proofOffset; } + /** + * Returns the initial client message. + * + * @return the initial client message. + */ public ScramInitialClientMessage getInitialResponse() { return initialResponse; } + /** + * Returns the initial server message. + * + * @return the initial server message. + */ public ScramInitialServerMessage getInitialChallenge() { return initialChallenge; } + /** + * Returns the password used for authentication. + * + * @return the password used for authentication. + */ public ScramDigestPassword getPassword() { return password; } + /** + * Returns the client proof sent to the server. + * + * @return the client proof sent to the server. + */ byte[] getRawClientProof() { return clientProof; } + /** + * Returns the byte array of the message. + * + * @return the byte array of the message. + */ byte[] getRawMessageBytes() { return messageBytes; } + /** + * Returns a copy of the client proof sent to the server. + * + * @return a copy of the client proof sent to the server. + */ public byte[] getClientProof() { return clientProof.clone(); } + /** + * Returns a copy of the byte array of the message. + * + * @return a copy of the byte array of the message. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } + /** + * Returns the SCRAM mechanism in the initial client message. + * + * @return the SCRAM mechanism in the initial client message. + */ public ScramMechanism getMechanism() { return initialResponse.getMechanism(); } + /** + * Returns the proof location in the message. + * + * @return the proof location in the message. + */ int getProofOffset() { return proofOffset; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java index c8b77f2c922..1a4470ac7a7 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramFinalServerMessage.java @@ -19,29 +19,57 @@ package org.wildfly.security.mechanism.scram; /** + * Final server message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramFinalServerMessage { private final byte[] serverSignature; private final byte[] messageBytes; + /** + * Constructs a new {@code ScramFinalServerMessage} instance. + * + * @param serverSignature the server signature sent to the client in form of the byte array. + * @param messageBytes the final server message in form of byte array. + */ ScramFinalServerMessage(final byte[] serverSignature, final byte[] messageBytes) { this.serverSignature = serverSignature; this.messageBytes = messageBytes; } + /** + * Returns the server signature sent to the client in form of the byte array. + * + * @return the server signature sent to the client in form of the byte array. + */ byte[] getRawServerSignature() { return serverSignature; } + /** + * Returns the final server message in form of byte array. + * + * @return the final server message in form of byte array. + */ byte[] getRawMessageBytes() { return messageBytes; } + /** + * Returns a copy of the server signature sent to the client in form of the byte array. + * + * @return a copy of the server signature sent to the client in form of the byte array. + */ public byte[] getServerSignature() { return serverSignature.clone(); } + /** + * Returns a copy of the final server message in form of byte array. + * + * @return a copy of the final server message in form of byte array. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java index 62c6eb212b0..e5e9fa0de15 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialClientMessage.java @@ -21,6 +21,8 @@ import java.util.Arrays; /** + * Initial client message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramInitialClientMessage { @@ -34,6 +36,16 @@ public final class ScramInitialClientMessage { private final int initialPartIndex; private final byte[] messageBytes; + /** + * Constructs a new {@code ScramInitialClientMessage} instance using data from the {@code scramClient}. + * + * @param scramClient the SCRAM client providing binding type and data, SCRAM mechanism and authorization ID. + * @param authenticationName the name of the user that is authenticated. + * @param binding whether the client supports channel binding. + * @param nonce a unique value generated by the client to the server. + * @param initialPartIndex index of the initial part of the message. + * @param messageBytes the byte array of the message. + */ ScramInitialClientMessage(final ScramClient scramClient, final String authenticationName, final boolean binding, final byte[] nonce, final int initialPartIndex, final byte[] messageBytes) { this.binding = binding; this.initialPartIndex = initialPartIndex; @@ -46,6 +58,19 @@ public final class ScramInitialClientMessage { this.messageBytes = messageBytes; } + /** + * Constructs a new {@code ScramInitialClientMessage} instance. + * + * @param mechanism the SCRAM mechanism used for the authentication. + * @param authorizationId the ID of the user to be authorized. + * @param authenticationName the name of the user that is authenticated. + * @param binding whether the client supports channel binding. + * @param bindingType the binding type for the "PLUS" channel binding option. + * @param bindingData the binding data for the "PLUS" channel binding option. + * @param nonce a unique value generated by the client to the server. + * @param initialPartIndex index of the initial part of the message. + * @param messageBytes the byte array of the message. + */ ScramInitialClientMessage(final ScramMechanism mechanism, final String authorizationId, final String authenticationName, final boolean binding, final String bindingType, final byte[] bindingData, final byte[] nonce, final int initialPartIndex, final byte[] messageBytes) { this.mechanism = mechanism; this.authorizationId = authorizationId; @@ -58,54 +83,119 @@ public final class ScramInitialClientMessage { this.messageBytes = messageBytes; } + /** + * Returns the SCRAM mechanism used for the authentication. + * + * @return the SCRAM mechanism used for the authentication. + */ public ScramMechanism getMechanism() { return mechanism; } + /** + * Returns the name of the user that is authenticated. + * + * @return the name of the user that is authenticated. + */ public String getAuthenticationName() { return authenticationName; } + /** + * Returns a copy of a unique value generated by the client to the server. + * + * @return a copy of a unique value generated by the client to the server. + */ public byte[] getNonce() { return nonce.clone(); } + /** + * Returns a unique value generated by the client to the server. + * + * @return a unique value generated by the client to the server. + */ byte[] getRawNonce() { return nonce; } + /** + * Returns the initial part of the message. + * + * @return the initial part of the message up to the length of {@code initialPartIndex}. + */ public byte[] getInitialPart() { return Arrays.copyOfRange(messageBytes, 0, initialPartIndex); } + /** + * Returns a copy of the byte array of the message. + * + * @return a copy of the byte array of the message. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } + /** + * Returns the ID of the user to be authorized. + * + * @return the ID of the user to be authorized. + */ public String getAuthorizationId() { return authorizationId; } + /** + * Returns whether the client supports channel binding. + * + * @return {@code true} if the client supports channel binding, {@code false} otherwise. + */ public boolean isBinding() { return binding; } + /** + * Returns the binding type for the "PLUS" channel binding option. + * + * @return the binding type for the "PLUS" channel binding option. + */ public String getBindingType() { return bindingType; } + /** + * Returns a copy of the binding data for the "PLUS" channel binding option. + * + * @return a copy of the binding data for the "PLUS" channel binding option. + */ public byte[] getBindingData() { return bindingData == null ? null : bindingData.clone(); } + /** + * Returns the binding data for the "PLUS" channel binding option. + * + * @return the binding data for the "PLUS" channel binding option. + */ byte[] getRawBindingData() { return bindingData; } + /** + * Returns index of the initial part of the message. + * + * @return index of the initial part of the message. + */ int getInitialPartIndex() { return initialPartIndex; } + /** + * Returns the byte array of the message. + * + * @return the byte array of the message. + */ byte[] getRawMessageBytes() { return messageBytes; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java index fd0b0d9306b..8e5f24a78bf 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerMessage.java @@ -19,6 +19,8 @@ package org.wildfly.security.mechanism.scram; /** + * Initial server message for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramInitialServerMessage { @@ -28,6 +30,15 @@ public final class ScramInitialServerMessage { private final int iterationCount; private final byte[] messageBytes; + /** + * Constructs a new {@code ScramInitialServerMessage} instance. + * + * @param initialResponse the initial client message that this initial server message is responding to. + * @param serverNonce the server generated nonce. + * @param salt the salt used for generating salted password. + * @param iterationCount the iteration count used for generating salted password. + * @param messageBytes the message in form of byte array. + */ ScramInitialServerMessage(final ScramInitialClientMessage initialResponse, final byte[] serverNonce, final byte[] salt, final int iterationCount, final byte[] messageBytes) { this.initialResponse = initialResponse; this.serverNonce = serverNonce; @@ -36,38 +47,83 @@ public final class ScramInitialServerMessage { this.messageBytes = messageBytes; } + /** + * Returns the SCRAM mechanism in the initial client message. + * + * @return the SCRAM mechanism in the initial client message. + */ public ScramMechanism getMechanism() { return initialResponse.getMechanism(); } + /** + * Returns the initial client message. + * + * @return the initial client message. + */ public ScramInitialClientMessage getInitialResponse() { return initialResponse; } + /** + * Returns a copy of the server nonce. + * + * @return a copy of the server nonce. + */ public byte[] getServerNonce() { return serverNonce.clone(); } + /** + * Returns the server nonce. + * + * @return the server nonce. + */ byte[] getRawServerNonce() { return serverNonce; } + /** + * Returns the iteration count used for generating salted password. + * + * @return the iteration count used for generating salted password. + */ public int getIterationCount() { return iterationCount; } + /** + * Returns the salt used for generating salted password. + * + * @return the salt used for generating salted password. + */ byte[] getRawSalt() { return salt; } + /** + * Returns the initial server message in form of byte array. + * + * @return the initial server message in form of byte array. + */ byte[] getRawMessageBytes() { return messageBytes; } + /** + * Returns a copy of the salt used for generating salted password. + * + * @return a copy of the salt used for generating salted password. + */ public byte[] getSalt() { return salt.clone(); } + /** + * Returns a copy of the message in form of byte array. + * + * @return a copy of the message in form of byte array. + */ public byte[] getMessageBytes() { return messageBytes.clone(); } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java index 0c0df7332c2..07ff6d4f93c 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramInitialServerResult.java @@ -21,21 +21,39 @@ import org.wildfly.security.password.interfaces.ScramDigestPassword; /** + * A class for encapsulation of the initial SCRAM challenge and the digest password. + * * @author David M. Lloyd */ public final class ScramInitialServerResult { private final ScramInitialServerMessage scramInitialChallenge; private final ScramDigestPassword scramDigestPassword; + /** + * Constructs a new {@code ScramInitialServerResult}. + * + * @param scramInitialChallenge the SCRAM challenge message. + * @param scramDigestPassword the digest password for the SCRAM authentication. + */ ScramInitialServerResult(final ScramInitialServerMessage scramInitialChallenge, final ScramDigestPassword scramDigestPassword) { this.scramInitialChallenge = scramInitialChallenge; this.scramDigestPassword = scramDigestPassword; } + /** + * Returns the SCRAM challenge message. + * + * @return ScramInitialServerMessage + */ public ScramInitialServerMessage getScramInitialChallenge() { return scramInitialChallenge; } + /** + * Returns the digest password for the SCRAM authentication. + * + * @return ScramDigestPassword + */ public ScramDigestPassword getScramDigestPassword() { return scramDigestPassword; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java index 7f5ad535398..80ae5e41a93 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramMechanism.java @@ -30,10 +30,12 @@ import org.wildfly.security.sasl.WildFlySasl; /** + * Implementation of the SCRAM authentication mechanism. + * * @author David M. Lloyd */ public final class ScramMechanism { - /** Hash size; may be less than the output size of the MD/MAC */ + // Hash size; may be less than the output size of the MD/MAC private final int hashSize; private final String messageDigestName; private final String hmacName; @@ -41,6 +43,15 @@ public final class ScramMechanism { private final String passwordAlgorithm; private final String toString; + /** + * Constructs a new {@code ScramMechanism}. + * + * @param hashSize the size of the hash of the SCRAM mechanism. + * @param messageDigestName the name of the message digest algorithm. + * @param hmacName the name of the HMAC algorithm. + * @param plus {@code true} to use the PLUS channel binding, {@code false} otherwise. + * @param passwordAlgorithm the name of the password algorithm in {@link ScramDigestPassword}. + */ private ScramMechanism(final int hashSize, final String messageDigestName, final String hmacName, final boolean plus, final String passwordAlgorithm) { this.hashSize = hashSize; this.messageDigestName = messageDigestName; @@ -75,6 +86,7 @@ private ScramMechanism(final int hashSize, final String messageDigestName, final * @param bindingCallback the optional channel binding callback result (may be {@code null}) * @param minimumIterationCount the minimum iteration count to allow * @param maximumIterationCount the maximum iteration count to allow + * @param providers the security providers. * @return the SCRAM client, or {@code null} if the client cannot be created from this mechanism variant * @throws AuthenticationMechanismException if the mechanism fails for some reason * @see WildFlySasl#SCRAM_MIN_ITERATION_COUNT @@ -94,6 +106,18 @@ public ScramClient createClient(final String authorizationId, final CallbackHand return new ScramClient(this, authorizationId, callbackHandler, secureRandom, bindingData, bindingType, minimumIterationCount, maximumIterationCount, providers); } + /** + * Create a SCRAM server for this mechanism. + * + * @param callbackHandler the callback handler (may not be {@code null}). + * @param random an optional secure random implementation to use (may be {@code null}). + * @param bindingCallback the optional channel binding callback result (may be {@code null}). + * @param minimumIterationCount the minimum iteration count to allow. + * @param maximumIterationCount the maximum iteration count to allow. + * @param providers the security providers. + * @return the SCRAM server, or {@code null} if the server cannot be created from this mechanism variant. + * @throws AuthenticationMechanismException if the mechanism fails for some reason. + */ public ScramServer createServer(final CallbackHandler callbackHandler, final SecureRandom random, final ChannelBindingCallback bindingCallback, final int minimumIterationCount, final int maximumIterationCount, final Supplier providers) throws AuthenticationMechanismException { final byte[] bindingData; final String bindingType; @@ -108,26 +132,57 @@ public ScramServer createServer(final CallbackHandler callbackHandler, final Sec return new ScramServer(this, callbackHandler, random, bindingData, bindingType, minimumIterationCount, maximumIterationCount, providers); } + /** + * Returns the size of the hash of the SCRAM mechanism. + * + * @return the size of the hash of the SCRAM mechanism. + */ public int getHashSize() { return hashSize; } + /** + * Returns the name of the message digest algorithm. + * + * @return the name of the message digest algorithm. + */ public String getMessageDigestName() { return messageDigestName; } + /** + * Returns the name of the HMAC algorithm. + * + * @return the name of the HMAC algorithm. + */ public String getHmacName() { return hmacName; } + /** + * Returns whether the SCRAM mechanism uses the PLUS channel binding. + * + * @return {@code true} to use the PLUS channel binding, {@code false} otherwise. + */ public boolean isPlus() { return plus; } + /** + * Returns the name of the password algorithm from {@code ScramDigestPassword}. + * + * @return the name of the password algorithm. + */ public String getPasswordAlgorithm() { return passwordAlgorithm; } + /** + * Returns a String representation of the SCRAM mechanism. + * Contains the Digest name, PLUS channel binding and hash size. + * + * @return a String representation of the SCRAM mechanism. + */ public String toString() { return toString; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java index ab7360b9b50..2189a52bdb8 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramServer.java @@ -55,6 +55,8 @@ import org.wildfly.security.sasl.util.StringPrep; /** + * A server-side implementation for the SCRAM authentication. + * * @author David M. Lloyd */ public final class ScramServer { @@ -67,6 +69,18 @@ public final class ScramServer { private final int minimumIterationCount; private final int maximumIterationCount; + /** + * Constructs a new {@code ScramServer}. + * + * @param mechanism the SCRAM mechanism used for the authentication. + * @param callbackHandler the callback handler for the authentication. + * @param random an optional secure RNG to use. + * @param bindingData the binding data for the "PLUS" channel binding option. + * @param bindingType the binding type for the "PLUS" channel binding option. + * @param minimumIterationCount the minimum number of iterations for password hashing. + * @param maximumIterationCount the maximum number of iterations for password hashing. + * @param providers the security providers. + */ ScramServer(final ScramMechanism mechanism, final CallbackHandler callbackHandler, final SecureRandom random, final byte[] bindingData, final String bindingType, final int minimumIterationCount, final int maximumIterationCount, final Supplier providers) { this.mechanism = mechanism; this.callbackHandler = callbackHandler; @@ -185,6 +199,14 @@ public ScramInitialClientMessage parseInitialClientMessage(ChannelBindingCallbac } } + /** + * Evaluates the initial client response message in SCRAM authentication. + * Generates a server nonce and salted password. + * + * @param clientMessage the initial client response message. + * @return the initial server result, containing the initial server message and the digest password. + * @throws AuthenticationMechanismException if an error occurs during the evaluation. + */ public ScramInitialServerResult evaluateInitialResponse(final ScramInitialClientMessage clientMessage) throws AuthenticationMechanismException { final boolean trace = saslScram.isTraceEnabled(); @@ -240,6 +262,16 @@ public ScramInitialServerResult evaluateInitialResponse(final ScramInitialClient return new ScramInitialServerResult(new ScramInitialServerMessage(clientMessage, serverNonce, salt, iterationCount, messageBytes), password); } + /** + * Parses the final client message and constructs the {@link ScramFinalClientMessage} from this parsed information. + * Also checks if the message has all necessary properties. + * + * @param initialResponse the initial client response message provided by {@link ScramServer#parseInitialClientMessage(ChannelBindingCallback, byte[])}. + * @param initialResult the initial server result provided by {@link ScramServer#evaluateInitialResponse(ScramInitialClientMessage)}. + * @param bytes the byte array representation of the client response. + * @return the final client message. + * @throws AuthenticationMechanismException if an error occurs during the parsing. + */ public ScramFinalClientMessage parseFinalClientMessage(final ScramInitialClientMessage initialResponse, final ScramInitialServerResult initialResult, final byte[] bytes) throws AuthenticationMechanismException { final ScramInitialServerMessage initialChallenge = initialResult.getScramInitialChallenge(); Assert.checkNotNullParam("initialResponse", initialResponse); @@ -352,6 +384,14 @@ public ScramFinalClientMessage parseFinalClientMessage(final ScramInitialClientM } } + /** + * Evaluates a SCRAM final client message and authorizes the user. + * + * @param initialResult the result of the initial server message evaluation provided by {@link ScramServer#evaluateInitialResponse(ScramInitialClientMessage)}. + * @param clientMessage the final client message provided by {@link ScramServer#parseFinalClientMessage(ScramInitialClientMessage, ScramInitialServerResult, byte[])}. + * @return the final server message providing the server signature and response. + * @throws AuthenticationMechanismException if an error occurs during the evaluation. + */ public ScramFinalServerMessage evaluateFinalClientMessage(final ScramInitialServerResult initialResult, final ScramFinalClientMessage clientMessage) throws AuthenticationMechanismException { final boolean trace = saslScram.isTraceEnabled(); @@ -464,26 +504,56 @@ public ScramFinalServerMessage evaluateFinalClientMessage(final ScramInitialServ } } + /** + * Returns the SCRAM mechanism used for the authentication. + * + * @return the SCRAM mechanism used for the authentication. + */ public ScramMechanism getMechanism() { return mechanism; } + /** + * Returns the callback handler for the authentication. + * + * @return the callback handler for the authentication. + */ public CallbackHandler getCallbackHandler() { return callbackHandler; } + /** + * Returns the RNG used for the authentication. + * + * @return the RNG used for the authentication. + */ Random getRandom() { return random != null ? random : ThreadLocalRandom.current(); } + /** + * Returns the copy of the binding data for the "PLUS" channel binding option. + * + * @return the copy of the binding data for the "PLUS" channel binding option. + */ public byte[] getBindingData() { return bindingData == null ? null : bindingData.clone(); } + /** + * Returns the binding data for the "PLUS" channel binding option. + * + * @return the binding data for the "PLUS" channel binding option. + */ byte[] getRawBindingData() { return bindingData; } + /** + * Returns the binding type for the "PLUS" channel binding option. + * + * @return the binding type for the "PLUS" channel binding option. + */ public String getBindingType() { return bindingType; } diff --git a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java index dacdf27579a..6180f70e28f 100644 --- a/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java +++ b/mechanism/scram/src/main/java/org/wildfly/security/mechanism/scram/ScramUtil.java @@ -26,6 +26,8 @@ import org.wildfly.common.iteration.ByteIterator; /** + * Common utility functions used by SCRAM authentication mechanism. + * * @author David M. Lloyd */ class ScramUtil { @@ -47,6 +49,13 @@ class ScramUtil { randomCharDictionary = dict; } + /** + * Generates nonce of specified length. + * + * @param length the length of the nonce. + * @param random the RNG used for creating the nonce. + * @return a byte array containing the nonce. + */ public static byte[] generateNonce(int length, Random random) { final byte[] chars = new byte[length]; for (int i = 0; i < length; i ++) { @@ -55,6 +64,13 @@ public static byte[] generateNonce(int length, Random random) { return chars; } + /** + * Parses positive integer from provided ByteIterator. + * + * @param i the ByteIterator to parse the positive integer from. + * @return the parsed integer. + * @throws NumberFormatException if the ByteIterator doesn't contain number or the number is too big for an integer + */ public static int parsePosInt(final ByteIterator i) { int a, c; if (! i.hasNext()) { @@ -80,6 +96,13 @@ public static int parsePosInt(final ByteIterator i) { return a; } + /** + * Bitwise XOR operation between two byte arrays of the same length. + * XOR operation returns 1 if only one of two corresponding bits is 1. For example: 0101 and 0011 gives 0110. + * + * @param hash the first byte array for the XOR operation. This byte array is modified by the method in place + * @param input the second byte array for the XOR operation. + */ static void xor(final byte[] hash, final byte[] input) { assert hash.length == input.length; for (int i = 0; i < hash.length; i++) { From d4084492185ce95fede71ee614314695b0def0e5 Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Fri, 27 Oct 2023 11:48:32 -0300 Subject: [PATCH 095/205] ELY-2663 Upgrade org.apache.commons:commons-lang3 from 3.8.1 to 3.13.0 @gabrielpadilh4 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 99b3d90df32..e859bdb1bc0 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ ${version.com.fasterxml.jackson} 1.5.0 4.0.1 - 3.8.1 + 3.13.0 2.0.0-M24 1.0.0 2.0.0-M3 From 044f3bf59b6607cb4fa8583f3dbedd4ed4141d86 Mon Sep 17 00:00:00 2001 From: Iscar Sam Date: Thu, 26 Oct 2023 01:25:51 +0700 Subject: [PATCH 096/205] [ELY-2667] Upgrade org.jboss.logging:jboss-logging from 3.4.3.Final to 3.5.3.Final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 99b3d90df32..1f4da901d84 100644 --- a/pom.xml +++ b/pom.xml @@ -69,7 +69,7 @@ 2.10.0 4.5.13 4.4.15 - 3.4.3.Final + 3.5.3.Final 2.1.18.Final 1.1.6.Final 2.2.1.Final From ff95a55255c744259ea95be802c46da7ca3da2a2 Mon Sep 17 00:00:00 2001 From: Iscar Sam Date: Sat, 28 Oct 2023 00:08:27 +0700 Subject: [PATCH 097/205] [ELY-2664] Upgrade org.apache.httpcomponents:httpclient from 4.5.13 to 4.5.14 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 99b3d90df32..9d23e6031ba 100644 --- a/pom.xml +++ b/pom.xml @@ -67,7 +67,7 @@ 1.0.0-M8 1.67 2.10.0 - 4.5.13 + 4.5.14 4.4.15 3.4.3.Final 2.1.18.Final From 2f74e5f3aedef099d5a097d29a62d6702108d470 Mon Sep 17 00:00:00 2001 From: OluchukwuCatherineObi-Njoku <105371136+OluchukwuCatherineObi-Njoku@users.noreply.github.com> Date: Tue, 31 Oct 2023 20:42:00 +0000 Subject: [PATCH 098/205] local variable renamed --- .../wildfly/security/audit/FileAuditEndpoint.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java b/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java index 51ccf762718..c3e2632a621 100644 --- a/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java +++ b/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java @@ -70,7 +70,7 @@ public class FileAuditEndpoint implements AuditEndpoint { } void setFile(final File file) throws IOException { - boolean isSetUp = false; + boolean isFileSet = false; final FileOutputStream fos = new FileOutputStream(file, true); try { final Writer writer = new OutputStreamWriter(new BufferedOutputStream(fos), this.charset); @@ -78,14 +78,14 @@ void setFile(final File file) throws IOException { this.fileDescriptor = fos.getFD(); this.writer = writer; this.file = file; - isSetUp = true; + isFileSet = true; } finally { - if (! isSetUp) { + if (! isFileSet) { safeClose(writer); } } } finally { - if (! isSetUp) { + if (! isFileSet) { safeClose(fos); } } @@ -108,7 +108,7 @@ private void safeClose(Closeable c) { * This method can be overridden by subclasses to modify data written into file (to encrypt them for example), * or just for counting amount of written bytes for needs of log rotation and similar. * - * This method can be invisSetUped only in synchronization block surrounding one log message processing. + * This method can be invoked only in synchronization block surrounding one log message processing. * * @param toWrite the String to be written into the target local file */ @@ -121,7 +121,7 @@ void write(String toWrite) throws IOException { * This method is NO-OP by default. It is intended to be overridden by subclasses * which need to perform some operation before every writing into the target local file. * - * This method can be invisSetUped only in synchronization block surrounding one log message processing. + * This method can be invisFileSeted only in synchronization block surrounding one log message processing. * * @param instant time of the message acceptance */ From 51d7f118baab10fa5f3926dc72eacfe75472c1d1 Mon Sep 17 00:00:00 2001 From: Gabriel Padilha Santos Date: Tue, 24 Oct 2023 20:00:46 -0300 Subject: [PATCH 099/205] ELY-2662 Upgrade jakarta.json:jakarta.json-api from 2.0.0 to 2.1.2 ELY-2662 Upgrade jakarta.json:jakarta.json-api from 2.0.0 to 2.1.2 --- auth/realm/token/pom.xml | 2 +- http/oidc/pom.xml | 2 +- pom.xml | 8 ++++---- tests/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 58b23c0d2e1..76295fdb043 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -85,7 +85,7 @@ - org.glassfish + org.eclipse.parsson jakarta.json test diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index d7c15889085..465873fefcf 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -164,7 +164,7 @@ test - org.glassfish + org.eclipse.parsson jakarta.json test diff --git a/pom.xml b/pom.xml index 9dcf58673c7..fbd4e4c071a 100644 --- a/pom.xml +++ b/pom.xml @@ -75,14 +75,14 @@ 2.2.1.Final 1.9.2.Final 1.0.4.GA - 2.0.0 + 2.1.2 5.0.0 2.4.0.Final 1.7 4.13.1 1.34 2.4.0 - 2.0.0 + 1.1.5 2.4.9 8.2.1 3.8.1 @@ -1156,9 +1156,9 @@ - org.glassfish + org.eclipse.parsson jakarta.json - ${version.org.glassfish.jakarta.json} + ${version.org.eclipse.parsson.jakarta.json} test diff --git a/tests/base/pom.xml b/tests/base/pom.xml index f88e5aae14e..7e67cf4c1e0 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -713,7 +713,7 @@ - org.glassfish + org.eclipse.parsson jakarta.json test diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 1bbb6f8f913..b1dc3c13ac1 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -105,7 +105,7 @@ test - org.glassfish + org.eclipse.parsson jakarta.json test From fa2c42ba182bdb67fe014569f6bcbcdba1ae35a1 Mon Sep 17 00:00:00 2001 From: Iscar Sam Date: Wed, 1 Nov 2023 10:50:10 +0700 Subject: [PATCH 100/205] [ELY-2665] update org apache.httpcomponents.httpcore from 4.4.15 to 4.4.16 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 64ce1026549..fdf805f0c84 100644 --- a/pom.xml +++ b/pom.xml @@ -68,7 +68,7 @@ 1.67 2.10.0 4.5.14 - 4.4.15 + 4.4.16 3.5.3.Final 2.1.18.Final 1.1.6.Final From d26c0f69419d99fd30b1633d022d31f5cc807d51 Mon Sep 17 00:00:00 2001 From: Iscar Sam Date: Wed, 1 Nov 2023 14:16:35 +0700 Subject: [PATCH 101/205] [ELY-2668] Upgrade org.jboss.logmanager:jboss-logmanager from 2.1.18.Final to 2.1.19.Final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 64ce1026549..6f45e90ac5f 100644 --- a/pom.xml +++ b/pom.xml @@ -70,7 +70,7 @@ 4.5.14 4.4.15 3.5.3.Final - 2.1.18.Final + 2.1.19.Final 1.1.6.Final 2.2.1.Final 1.12.2.Final From 03b879bd4727221a098a1472d031256449bbed54 Mon Sep 17 00:00:00 2001 From: xjusko Date: Tue, 10 Oct 2023 09:39:50 +0200 Subject: [PATCH 102/205] [ELY-2631] Add a test to SSLAuthenticationTest that tests the wantClientAuth option --- .../security/ssl/SSLAuthenticationTest.java | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 56ed986bb11..d2365f39217 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -794,6 +794,32 @@ public void testClientSideOcsp() throws Throwable { } } + @Test + public void testWantClientAuthWithCorrectCertificate() throws Throwable { + SSLContext serverContext = new SSLContextBuilder() + .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) + .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setTrustManager(getCATrustManager()) + .setWantClientAuth(true) + .build().create(); + + performConnectionTest(serverContext, "protocol://test-two-way.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", + "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Ladybird", false); + } + + @Test + public void testWantClientAuthWithIncorrectCertificate() throws Throwable { + SSLContext serverContext = new SSLContextBuilder() + .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) + .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setTrustManager(getCATrustManager()) + .setWantClientAuth(true) + .build().create(); + + performConnectionTest(serverContext, "protocol://test-one-way.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", + null, true); + } + private void performConnectionTest(SSLContext serverContext, String clientUri, boolean expectValid, String expectedServerPrincipal, String expectedClientPrincipal, boolean oneWay) throws Throwable { System.setProperty("wildfly.config.url", SSLAuthenticationTest.class.getResource("wildfly-ssl-test-config-v1_7.xml").toExternalForm()); AccessController.doPrivileged((PrivilegedAction) () -> Security.insertProviderAt(WildFlyElytronPasswordProvider.getInstance(), 1)); From 89344fcf478529b71cf0d15c59eb50db5a124590 Mon Sep 17 00:00:00 2001 From: Eric Leung Date: Fri, 20 Oct 2023 13:22:58 -0400 Subject: [PATCH 103/205] [ELY-2683] Refactor OAuth2SaslClientV11Test to use common method --- .../sasl/oauth2/OAuth2SaslClientV11Test.java | 59 +++---------------- 1 file changed, 9 insertions(+), 50 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java b/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java index bed733763b6..7921694da61 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/oauth2/OAuth2SaslClientV11Test.java @@ -414,10 +414,8 @@ public void testWithResourceOwnerCredentialsInCredentialStoreUsingConfiguration( testWithSaslClientAndServer("protocol://test8.org"); } - @Test - public void failedResourceOwnerCredentialsUsingConfiguration() throws Exception { - SaslClient saslClient = createSaslClientFromConfiguration(URI.create("protocol://test9.org")); - + public void testInvalidCredentialsUsingConfiguration(String serverURI) throws Exception { + SaslClient saslClient = createSaslClientFromConfiguration(URI.create(serverURI)); assertNotNull("OAuth2SaslClient is null", saslClient); SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) @@ -442,57 +440,18 @@ public void failedResourceOwnerCredentialsUsingConfiguration() throws Exception } @Test - public void failedResourceOwnerCredentialsFromCredentialStoreUsingConfiguration() throws Exception { - SaslClient saslClient = createSaslClientFromConfiguration(URI.create("protocol://test10.org")); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; + public void failedResourceOwnerCredentialsUsingConfiguration() throws Exception { + testInvalidCredentialsUsingConfiguration("protocol://test9.org"); + } - try { - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - fail("Expected bad response from server"); - } catch (Exception e) { - e.printStackTrace(); - } + @Test + public void failedResourceOwnerCredentialsFromCredentialStoreUsingConfiguration() throws Exception { + testInvalidCredentialsUsingConfiguration("protocol://test10.org"); } @Test public void failedClientCredentialsFromCredentialStoreUsingConfiguration() throws Exception { - SaslClient saslClient = createSaslClientFromConfiguration(URI.create("protocol://test11.org")); - - assertNotNull("OAuth2SaslClient is null", saslClient); - - SaslServer saslServer = new SaslServerBuilder(OAuth2SaslServerFactory.class, SaslMechanismInformation.Names.OAUTHBEARER) - .setServerName("resourceserver.comn") - .setProtocol("imap") - .addRealm("oauth-realm", createSecurityRealmMock()) - .setDefaultRealmName("oauth-realm") - .build(); - - byte[] message = AbstractSaslParticipant.NO_BYTES; - - try { - do { - message = saslClient.evaluateChallenge(message); - if (message == null) break; - message = saslServer.evaluateResponse(message); - } while (message != null); - fail("Expected bad response from server"); - } catch (Exception e) { - e.printStackTrace(); - } + testInvalidCredentialsUsingConfiguration("protocol://test11.org"); } private SecurityRealm createSecurityRealmMock() throws MalformedURLException { From 7a6756d8b46a6a87c24d9d019cb342aeb657e8e1 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Thu, 16 Nov 2023 16:08:37 -0500 Subject: [PATCH 104/205] [ELY-2703] Upgrade Apache Commons CLI from 1.5.0 to 1.6.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 64ce1026549..9e5e657e5d2 100644 --- a/pom.xml +++ b/pom.xml @@ -58,7 +58,7 @@ 11 2.15.3 ${version.com.fasterxml.jackson} - 1.5.0 + 1.6.0 4.0.1 3.13.0 2.0.0-M24 From c493d1fb8d72d79e9d64750eb5dfb6d2b8a89833 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Tue, 5 Dec 2023 09:50:58 -0500 Subject: [PATCH 105/205] [ELY-2706] Upgrade commons-lang3 from 3.13.0 to 3.14.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1cbfc5cbd44..2c0384e2e57 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ ${version.com.fasterxml.jackson} 1.5.0 4.0.1 - 3.13.0 + 3.14.0 2.0.0-M24 1.0.0 2.0.0-M3 From 66a522b9d2d0226a954ea220da66486274d14699 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Fri, 10 Dec 2021 13:49:00 -0500 Subject: [PATCH 106/205] [ELY-2329] Utilize the simple implementation of HttpServerCookie --- .../security/http/oidc/OidcHttpFacade.java | 42 +----------------- .../sfbasic/BasicAuthenticationMechanism.java | 43 +------------------ .../http/impl/AbstractBaseHttpTest.java | 43 +------------------ 3 files changed, 3 insertions(+), 125 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java index a4c1b94bc1d..1c6f03fa7ad 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java @@ -387,47 +387,7 @@ public void setCookie(final String name, final String value, final String path, } private void setCookie(final String name, final String value, final String path, final String domain, final int maxAge, final boolean secure, final boolean httpOnly, HttpServerResponse response) { - response.setResponseCookie(new HttpServerCookie() { - @Override - public String getName() { - return name; - } - - @Override - public String getValue() { - return value; - } - - @Override - public String getDomain() { - return domain; - } - - @Override - public int getMaxAge() { - return maxAge; - } - - @Override - public String getPath() { - return path; - } - - @Override - public boolean isSecure() { - return secure; - } - - @Override - public int getVersion() { - return 0; - } - - @Override - public boolean isHttpOnly() { - return httpOnly; - } - }); + response.setResponseCookie(HttpServerCookie.getInstance(name, value, domain, maxAge, path, secure, 0, httpOnly)); } @Override diff --git a/http/stateful-basic/src/main/java/org/wildfly/security/http/sfbasic/BasicAuthenticationMechanism.java b/http/stateful-basic/src/main/java/org/wildfly/security/http/sfbasic/BasicAuthenticationMechanism.java index 103bddbaedf..eccff5eb0e5 100644 --- a/http/stateful-basic/src/main/java/org/wildfly/security/http/sfbasic/BasicAuthenticationMechanism.java +++ b/http/stateful-basic/src/main/java/org/wildfly/security/http/sfbasic/BasicAuthenticationMechanism.java @@ -329,48 +329,7 @@ public CachedIdentity remove() { } private static HttpServerCookie createCookie(final String name, final String value) { - return new HttpServerCookie() { - - @Override - public boolean isSecure() { - return false; - } - - @Override - public boolean isHttpOnly() { - return false; - } - - @Override - public int getVersion() { - return 0; - } - - @Override - public String getValue() { - return value; - } - - @Override - public String getPath() { - return "/"; - } - - @Override - public String getName() { - return name; - } - - @Override - public int getMaxAge() { - return -1; - } - - @Override - public String getDomain() { - return null; - } - }; + return HttpServerCookie.getInstance(name, value, null, -1, "/", false, 0, false); } } diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java index 079841980d8..8926c8240d0 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java @@ -192,51 +192,10 @@ public TestingHttpServerRequest(String[] authorization, URI requestURI, String c if (cookie != null) { final String cookieName = cookie.substring(0, cookie.indexOf('=')); final String cookieValue = cookie.substring(cookie.indexOf('=') + 1); - cookies.add(new HttpServerCookie() { - @Override - public String getName() { - return cookieName; - } - - @Override - public String getValue() { - return cookieValue; - } - - @Override - public String getDomain() { - return null; - } - - @Override - public int getMaxAge() { - return -1; - } - - @Override - public String getPath() { - return "/"; - } - - @Override - public boolean isSecure() { - return false; - } - - @Override - public int getVersion() { - return 0; - } - - @Override - public boolean isHttpOnly() { - return true; - } - }); + cookies.add(HttpServerCookie.getInstance(cookieName, cookieValue, null, -1, "/", false, 0, true)); } } - public Status getResult() { return result; } From e564ae89ae1b8636ab01428a1b468ff13a683733 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Sun, 30 Jul 2023 15:04:38 -0400 Subject: [PATCH 107/205] [ELY-2581] Update Elytron's SECURITY.md file --- SECURITY.md | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index bd35dec3ce0..5cc4d52786d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,11 +1,23 @@ -# Security Policy - -## Security Contacts and Procedures - -The WildFly Elytron community takes security very seriously, and we aim to take immediate action to address serious security-related problems that involve our products or services. - -Please report any suspected security vulnerability in this project to Red Hat Product Security at secalert@redhat.com. You can use our GPG key to communicate with us securely. - -To report an issue in any Red Hat branded website or online service, please contact Red Hat Information Security at site-security@redhat.com. -https://access.redhat.com/security/team/contact +# Reporting of CVEs and Security Issues +## The WildFly Elytron community and our sponsor, Red Hat, take security bugs very seriously + +We aim to take immediate action to address serious security-related problems that involve our projects. + +Note that we will only fix such issues in the most recent minor release of WildFly Elytron.

+ +## Reporting of Security Issues + +When reporting a security vulnerability it is important to not accidentally broadcast to the world that the issue exists, as this makes it easier for people to exploit it. The software industry uses the term embargo to describe the time a security issue is known internally until it is public knowledge. + +Our preferred way of reporting security issues in WildFly Elytron and its related projects is listed below. + +### Email the mailing list + +The list at security@wildfly.org is the preferred mechanism for outside users to report security issues. A member of the WildFly Elytron team will open the required issues. + +### Other considerations + +If you would like to work with us on a fix for the security vulnerability, please include your GitHub username in the above email, and we will provide you access to a temporary private fork where we can collaborate on a fix without it being disclosed publicly, **including in your own publicly visible git repository**. + +Do not open a public issue, send a pull request, or disclose any information about the suspected vulnerability publicly, **including in your own publicly visible git repository**. If you discover any publicly disclosed security vulnerabilities, please notify us immediately through security@wildfly.org From d87ea9270e850e8fa006cbf19ff36c96bf4bada9 Mon Sep 17 00:00:00 2001 From: Ilia Vassilev Date: Thu, 16 Jun 2022 15:15:05 -0400 Subject: [PATCH 108/205] [ELY-2349] Clean up ElytronXmlParser code. --- .../auth/client/ElytronXmlParser.java | 192 +++++++++++------- 1 file changed, 113 insertions(+), 79 deletions(-) diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java index 2268b276428..090063ebb87 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java @@ -2520,10 +2520,12 @@ static String parseNameType(ConfigurationXMLStreamReader reader, boolean optiona String name = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("name")) { - name = reader.getAttributeValueResolved(i); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "name": { + name = reader.getAttributeValueResolved(i); + break; + } + default: throw reader.unexpectedAttribute(i); } } if (name == null && !optional) { @@ -2556,12 +2558,18 @@ static ExceptionSupplier parseResourceType(Configurati String module = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("name")) { - name = reader.getAttributeValueResolved(i); - } else if (reader.getAttributeLocalName(i).equals("module-name") && xmlVersion.isAtLeast(Version.VERSION_1_1)) { - module = reader.getAttributeValueResolved(i); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "name": { + name = reader.getAttributeValueResolved(i); + break; + } + case "module-name": { + if (xmlVersion.isAtLeast(Version.VERSION_1_1)) { + module = reader.getAttributeValueResolved(i); + break; + } + } + default: throw reader.unexpectedAttribute(i); } } if (name == null) { @@ -2599,18 +2607,20 @@ static int parsePortType(ConfigurationXMLStreamReader reader) throws ConfigXMLPa int number = -1; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("number")) { - String s = reader.getAttributeValueResolved(i); - try { - number = Integer.parseInt(s); - } catch (NumberFormatException ignored) { - throw invalidPortNumber(reader, i); - } - if (number < 1 || number > 65535) { - throw invalidPortNumber(reader, i); + switch (reader.getAttributeLocalName(i)) { + case "number": { + String s = reader.getAttributeValueResolved(i); + try { + number = Integer.parseInt(s); + } catch (NumberFormatException ignored) { + throw invalidPortNumber(reader, i); + } + if (number < 1 || number > 65535) { + throw invalidPortNumber(reader, i); + } + break; } - } else { - throw reader.unexpectedAttribute(i); + default: throw reader.unexpectedAttribute(i); } } if (number == -1) { @@ -2642,12 +2652,16 @@ static NameRewriter parseRegexSubstitutionType(ConfigurationXMLStreamReader read String replacement = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("pattern")) { - pattern = Pattern.compile(reader.getAttributeValueResolved(i)); - } else if (reader.getAttributeLocalName(i).equals("replacement")) { - replacement = reader.getAttributeValueResolved(i); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "pattern": { + pattern = Pattern.compile(reader.getAttributeValueResolved(i)); + break; + } + case "replacement": { + replacement = reader.getAttributeValueResolved(i); + break; + } + default: throw reader.unexpectedAttribute(i); } } if (pattern == null) { @@ -2681,11 +2695,13 @@ static String[] parseNamesType(ConfigurationXMLStreamReader reader) throws Confi String[] names = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("names")) { - String s = reader.getAttributeValueResolved(i); - names = s.trim().split("\\s+"); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "names": { + String s = reader.getAttributeValueResolved(i); + names = s.trim().split("\\s+"); + break; + } + default: throw reader.unexpectedAttribute(i); } } if (names == null) { @@ -2716,10 +2732,12 @@ static URI parseUriType(ConfigurationXMLStreamReader reader) throws ConfigXMLPar URI uri = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("uri")) { - uri = reader.getURIAttributeValueResolved(i); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "uri": { + uri = reader.getURIAttributeValueResolved(i); + break; + } + default: throw reader.unexpectedAttribute(i); } } if (uri == null) { @@ -2743,10 +2761,12 @@ static SaslMechanismSelector parseSaslMechanismSelectorType(ConfigurationXMLStre SaslMechanismSelector selector = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("selector")) { - selector = SaslMechanismSelector.fromString(reader.getAttributeValueResolved(i)); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "selector": { + selector = SaslMechanismSelector.fromString(reader.getAttributeValueResolved(i)); + break; + } + default: throw reader.unexpectedAttribute(i); } } if (selector == null) { @@ -2778,12 +2798,18 @@ static CipherSuiteSelector parseCipherSuiteSelectorType(ConfigurationXMLStreamRe CipherSuiteSelector names = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("selector")) { - selector = CipherSuiteSelector.fromString(reader.getAttributeValueResolved(i)); - } else if (xmlVersion.isAtLeast(Version.VERSION_1_5) && reader.getAttributeLocalName(i).equals("names")) { - names = CipherSuiteSelector.fromNamesString(reader.getAttributeValueResolved(i)); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "selector": { + selector = CipherSuiteSelector.fromString(reader.getAttributeValueResolved(i)); + break; + } + case "names": { + if (xmlVersion.isAtLeast(Version.VERSION_1_5)) { + names = CipherSuiteSelector.fromNamesString(reader.getAttributeValueResolved(i)); + break; + } + } + default: throw reader.unexpectedAttribute(i); } } if (selector == null && ! xmlVersion.isAtLeast(Version.VERSION_1_5)) { @@ -2838,10 +2864,12 @@ static String parseModuleRefType(ConfigurationXMLStreamReader reader) throws Con String moduleName = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("module-name")) { - moduleName = reader.getAttributeValueResolved(i); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "module-name": { + moduleName = reader.getAttributeValueResolved(i); + break; + } + default: throw reader.unexpectedAttribute(i); } } @@ -2871,10 +2899,12 @@ static ExceptionSupplier parseClearPassword(C char[] password = null; for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("password")) { - password = reader.getAttributeValueResolved(i).toCharArray(); - } else { - throw reader.unexpectedAttribute(i); + switch (reader.getAttributeLocalName(i)) { + case "password": { + password = reader.getAttributeValueResolved(i).toCharArray(); + break; + } + default: throw reader.unexpectedAttribute(i); } } if (password == null) { @@ -3297,13 +3327,13 @@ static ExceptionSupplier mechanismOids = new LinkedList<>(); for (int i = 0; i < attributeCount; i ++) { checkAttributeNamespace(reader, i); - if (reader.getAttributeLocalName(i).equals("mechanism-names")) { - for (String name : reader.getListAttributeValueAsArrayResolved(i)) { - String oid = OidsUtil.attributeNameToOid(OidsUtil.Category.GSS, name); - if (oid == null) { - throw xmlLog.xmlInvalidGssMechanismName(reader, name); - } - try { - mechanismOids.add(new Oid(oid)); - } catch (GSSException e) { - throw xmlLog.xmlGssMechanismOidConversionFailed(reader, oid, e); + switch (reader.getAttributeLocalName(i)) { + case "mechanism-names": { + for (String name : reader.getListAttributeValueAsArrayResolved(i)) { + String oid = OidsUtil.attributeNameToOid(OidsUtil.Category.GSS, name); + if (oid == null) { + throw xmlLog.xmlInvalidGssMechanismName(reader, name); + } + try { + mechanismOids.add(new Oid(oid)); + } catch (GSSException e) { + throw xmlLog.xmlGssMechanismOidConversionFailed(reader, oid, e); + } } + break; } - } else if (reader.getAttributeLocalName(i).equals("mechanism-oids")) { - for (String oid : reader.getListAttributeValueAsArrayResolved(i)) { - try { - mechanismOids.add(new Oid(oid)); - } catch (GSSException e) { - throw xmlLog.xmlGssMechanismOidConversionFailed(reader, oid, e); + case "mechanism-oids": { + for (String oid : reader.getListAttributeValueAsArrayResolved(i)) { + try { + mechanismOids.add(new Oid(oid)); + } catch (GSSException e) { + throw xmlLog.xmlGssMechanismOidConversionFailed(reader, oid, e); + } } + break; } - } else { - throw reader.unexpectedAttribute(i); + default: throw reader.unexpectedAttribute(i); } } if (mechanismOids.size() == 0) { From 378e44ec1957504391c97ea4092026d77839bf61 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Tue, 19 Dec 2023 09:29:04 -0500 Subject: [PATCH 109/205] [ELY-2710] Bump org.bitbucket.b_c:jose4j from 0.9.3 to 0.9.4 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bfaba3597d9..e84193a4ea4 100644 --- a/pom.xml +++ b/pom.xml @@ -92,7 +92,7 @@ 2.7 5.4.1 3.0.0 - 0.9.3 + 0.9.4 1.15.3 18.0.2 4.3.3 From c004e80dbdeab827d3e092fb3619f26a0086691f Mon Sep 17 00:00:00 2001 From: Diana Krepinska Date: Tue, 30 Jan 2024 15:01:35 +0100 Subject: [PATCH 110/205] [ELY-2714] Attempting to read address data from an OIDC id token causes ClassCastException --- .../wildfly/security/http/oidc/IDToken.java | 12 +++- .../security/http/oidc/IDTokenTest.java | 56 +++++++++++++++++++ 2 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/IDTokenTest.java diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/IDToken.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/IDToken.java index b6445cc412e..d40be6bfce8 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/IDToken.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/IDToken.java @@ -20,10 +20,12 @@ import static org.wildfly.security.http.oidc.ElytronMessages.log; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import jakarta.json.JsonObject; import jakarta.json.JsonValue; -import java.util.Map; +import java.util.HashMap; import org.jose4j.jwt.JwtClaims; @@ -163,7 +165,13 @@ public AddressClaimSet getAddress() { if (! (addressValueAsJson instanceof JsonObject)) { throw log.invalidTokenClaimValue(); } - return new AddressClaimSet((Map) addressValueAsJson); + HashMap result; + try { + result = new ObjectMapper().readValue(addressValueAsJson.toString(), HashMap.class); + } catch (JsonProcessingException e) { + throw log.invalidTokenClaimValue(); + } + return new AddressClaimSet(result); } /** diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/IDTokenTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/IDTokenTest.java new file mode 100644 index 00000000000..3678d433247 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/IDTokenTest.java @@ -0,0 +1,56 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import jakarta.json.Json; +import jakarta.json.JsonObject; +import org.jose4j.jwt.JwtClaims; +import org.junit.Test; + +import static org.junit.Assert.assertEquals; +import static org.wildfly.common.Assert.assertNotNull; + +/** + * Tests for ID Token. + */ +public class IDTokenTest { + + @Test + public void testIDTokenWithAddressClaim() { + JwtClaims jwtClaims = new JwtClaims(); + JsonObject jsonObject = Json.createObjectBuilder() + .add("address", Json.createObjectBuilder() + .add("region", "US") + .add("country", "New York") + .add("locality", "NY") + .add("postal_code", "10021")) + .build(); + jwtClaims.setClaim("given_name", "Alice"); + jwtClaims.setClaim("family_name", "Smith"); + jwtClaims.setClaim("address", jsonObject.get("address")); + IDToken idToken = new IDToken(jwtClaims); + assertNotNull(idToken); + assertEquals("NY", idToken.getAddress().getLocality()); + assertEquals("10021", idToken.getAddress().getPostalCode()); + assertEquals("US", idToken.getAddress().getRegion()); + assertEquals("New York", idToken.getAddress().getCountry()); + assertEquals("Alice", idToken.getGivenName()); + assertEquals("Smith", idToken.getFamilyName()); + } +} From a7651afa9c23522e6a2d262531dd43078b315d1e Mon Sep 17 00:00:00 2001 From: xjusko Date: Fri, 5 Jan 2024 12:08:33 +0100 Subject: [PATCH 111/205] [ELY-2639] Add a test for MaskCommand.decryptMasked method --- .../org/wildfly/security/tool/MaskCommandTest.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java index 5097b1e2384..36327402573 100644 --- a/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/MaskCommandTest.java @@ -189,4 +189,18 @@ public void testDuplicateOptions() { Assert.assertTrue(output.contains("Option \"secret\" specified more than once. Only the first occurrence will be used.")); Assert.assertFalse(output.contains("Option \"iteration\" specified more than once. Only the first occurrence will be used")); } + + @Test + public void testDecryptMasked() throws Exception { + final String originalSecret = "super_secret"; + final String salt = "ASDF1234"; + final int iterationCount = 123; + final String preGeneratedMaskedPassword = "MASK-088WUKotOwu7VOS8xRj.Rr;ASDF1234;123"; + + char[] decryptedSecret = MaskCommand.decryptMasked(preGeneratedMaskedPassword); + + Assert.assertNotNull("Decrypted secret should not be null", decryptedSecret); + Assert.assertEquals("Decrypted secret should match the original secret", originalSecret, new String(decryptedSecret)); + } + } From 68c456d2eaa119cbf931947039a9878945682f96 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Thu, 8 Feb 2024 17:26:26 +0000 Subject: [PATCH 112/205] [ELY-2716] Upgrade Apache SSHD to version 2.12.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9a544823e92..4c97d6be92a 100644 --- a/pom.xml +++ b/pom.xml @@ -66,7 +66,7 @@ 2.0.0-M3 1.0.0-M8 1.67 - 2.10.0 + 2.12.0 4.5.14 4.4.16 3.5.3.Final From cf5b05555c6f219518e915928c1e93945ecd11de Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 9 Feb 2024 16:07:53 -0500 Subject: [PATCH 113/205] [ELY-2717] Ensure that the credential algorithm for the DIGEST mechanism is set to digest-md5 --- .../digest/DigestAuthenticationMechanism.java | 13 +++++++- .../DigestAuthenticationMechanismTest.java | 32 +++++++++++++++++++ .../http/impl/AbstractBaseHttpTest.java | 6 ++-- 3 files changed, 48 insertions(+), 3 deletions(-) diff --git a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java index 6cc61c1b258..97f2a53a857 100644 --- a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java +++ b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java @@ -23,6 +23,7 @@ import static org.wildfly.security.http.HttpConstants.AUTHORIZATION; import static org.wildfly.security.http.HttpConstants.BAD_REQUEST; import static org.wildfly.security.http.HttpConstants.CNONCE; +import static org.wildfly.security.http.HttpConstants.DIGEST_NAME; import static org.wildfly.security.http.HttpConstants.NC; import static org.wildfly.security.http.HttpConstants.QOP; import static org.wildfly.security.http.HttpConstants.URI; @@ -69,6 +70,7 @@ import org.wildfly.security.mechanism.AuthenticationMechanismException; import org.wildfly.security.mechanism.digest.DigestQuote; import org.wildfly.security.mechanism.digest.PasswordDigestObtainer; +import org.wildfly.security.password.interfaces.DigestPassword; /** * Implementation of the HTTP DIGEST authentication mechanism as defined in RFC 7616. @@ -326,10 +328,19 @@ private byte[] calculateResponseDigest(MessageDigest messageDigest, byte[] hA1, } private byte[] getH_A1(final MessageDigest messageDigest, final String username, final String messageRealm) throws AuthenticationMechanismException { - PasswordDigestObtainer obtainer = new PasswordDigestObtainer(callbackHandler, username, messageRealm, httpDigest, getMechanismName().toLowerCase(Locale.ROOT), messageDigest, providers, null, true, false); + PasswordDigestObtainer obtainer = new PasswordDigestObtainer(callbackHandler, username, messageRealm, httpDigest, getCredentialAlgorithm(getMechanismName()), messageDigest, providers, null, true, false); return obtainer.handleUserRealmPasswordCallbacks(); } + private String getCredentialAlgorithm(String mechanismName) { + switch (mechanismName) { + case DIGEST_NAME: + return DigestPassword.ALGORITHM_DIGEST_MD5; + default: + return mechanismName.toLowerCase(Locale.ROOT); + } + } + private String convertToken(final String name, final byte[] value) throws AuthenticationMechanismException { if (value == null) { throw httpDigest.mechMissingDirective(name); diff --git a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java index 5f8964d460b..a38274fe6a5 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java @@ -259,6 +259,38 @@ public void testSha256WithDigestPassword() throws Exception { Assert.assertEquals(Status.COMPLETE, request2.getResult()); } + @Test + public void testDigestMD5Password() throws Exception { + mockDigestNonce("5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK"); + Map props = new HashMap<>(); + props.put(CONFIG_REALM, "api@example.org"); + props.put("org.wildfly.security.http.validate-digest-uri", "false"); + HttpServerAuthenticationMechanism mechanism = digestFactory.createAuthenticationMechanism(DIGEST_NAME, props, getCallbackHandler("J\u00E4s\u00F8n Doe", "api@example.org", "Secret, or not?", true)); + + TestingHttpServerRequest request1 = new TestingHttpServerRequest(null); + mechanism.evaluateRequest(request1); + Assert.assertEquals(Status.NO_AUTH, request1.getResult()); + TestingHttpServerResponse response = request1.getResponse(); + Assert.assertEquals(UNAUTHORIZED, response.getStatusCode()); + Assert.assertEquals("Digest realm=\"api@example.org\", nonce=\"5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK\", opaque=\"00000000000000000000000000000000\", algorithm=MD5, qop=auth", response.getAuthenticateHeader()); + + TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + "Digest username*=UTF-8''J%C3%A4s%C3%B8n%20Doe,\n" + + " realm=\"api@example.org\",\n" + + " uri=\"/doe.json\",\n" + + " algorithm=MD5,\n" + + " nonce=\"5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK\",\n" + + " nc=00000001,\n" + + " cnonce=\"NTg6RKcb9boFIAS3KrFK9BGeh+iDa/sm6jUMp2wds69v\",\n" + + " qop=auth,\n" + + " response=\"" + computeDigest("/doe.json", "5TsQWLVdgBdmrQ0XsxbDODV+57QdFR34I9HAbC/RVvkK", "NTg6RKcb9boFIAS3KrFK9BGeh+iDa/sm6jUMp2wds69v", "00000001", "J\u00E4s\u00F8n Doe", "Secret, or not?", "MD5", "api@example.org", "auth", "GET") + "\",\n" + + " opaque=\"00000000000000000000000000000000\",\n" + + " userhash=false" + }); + mechanism.evaluateRequest(request2); + Assert.assertEquals(Status.COMPLETE, request2.getResult()); + } + private String computeDigest(String uri, String nonce, String cnonce, String nc, String username, String password, String algorithm, String realm, String qop, String method) throws NoSuchAlgorithmException { String A1, HashA1, A2, HashA2; MessageDigest md = MessageDigest.getInstance(algorithm); diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java index 8926c8240d0..4e7640aca00 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java @@ -430,11 +430,13 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri Assert.assertEquals(username, ((NameCallback) callback).getDefaultName()); } else if (callback instanceof CredentialCallback) { if (useDigestPassword) { - if (! DigestPassword.ALGORITHM_DIGEST_SHA_256.equals(((CredentialCallback) callback).getAlgorithm())) { + String credentialAlgorithm = ((CredentialCallback) callback).getAlgorithm(); + if (! DigestPassword.ALGORITHM_DIGEST_SHA_256.equals(credentialAlgorithm) && + ! DigestPassword.ALGORITHM_DIGEST_MD5.equals(credentialAlgorithm)) { throw new UnsupportedCallbackException(callback); } try { - PasswordFactory factory = PasswordFactory.getInstance(DigestPassword.ALGORITHM_DIGEST_SHA_256, ELYTRON_PASSWORD_PROVIDERS); + PasswordFactory factory = PasswordFactory.getInstance(credentialAlgorithm, ELYTRON_PASSWORD_PROVIDERS); DigestPasswordAlgorithmSpec algorithmSpec = new DigestPasswordAlgorithmSpec(username, realm); EncryptablePasswordSpec encryptableSpec = new EncryptablePasswordSpec(password.toCharArray(), algorithmSpec); DigestPassword digestPassword = (DigestPassword) factory.generatePassword(encryptableSpec); From 1198c33d1d88dee6d2b13a377a0a3fb231c202d7 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 12 Feb 2024 11:27:25 -0500 Subject: [PATCH 114/205] [ELY-2718] Release WildFly Elytron 2.3.0.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index e0d97b040ab..5d3f4a0aaa7 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 492e6e26b52..83e7ef785f4 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 9ac05bf0860..d26044dac86 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 2eeba9df51a..d4214049bfc 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 92633c9b3c5..7e82294e2a1 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index f01f6da2bd2..49e09442af0 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 0d4e570a2ec..58af72f3008 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 58b23c0d2e1..d2bec47bbd2 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 2f7733a6de5..3f2bb313d5f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index c036fdefaab..70675bc5401 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index fe2ff24288f..7490e3f1ec4 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 0e852557154..b15b0fe9ddb 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index bb3e1a73b4a..5200829295b 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index d49656a2649..0af9e24b2be 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index fdd824841e2..0d8fd3f96ac 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 5a9eee5442a..7a3d4809be1 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index f41823ef880..9516f57d8b2 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index a626bfcfb7d..93ce80308ea 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 534b7111a0e..91bfc510c1f 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 47eb3376a87..b4fcddd9070 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index c3e0ef05f67..d41476150ab 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 2de774de9a1..ee63fb3f7d1 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 2be33fb93b6..e0c3894d96b 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 98a9580d632..b58a325a5d6 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 07221384674..cd798e0db4e 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 2b50f2c12ef..504629733f2 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 0df48ec4127..9d7973c63b5 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index c15741682a2..d08816a5014 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index d7c15889085..7f110bc7708 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 48418b186ea..f94ee02002c 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 771c25252a2..9995555a654 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 75337518145..7371c43cebf 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index b41fbe72d00..2c40b50a2db 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 9c8cd05ef08..91be1135561 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 006053cc028..21823e00ce8 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 985c58057a5..4a4d2d8627f 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index dc9d9a7a3e4..a49d41ded70 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 9241c978148..0e40ca6880e 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index bb1e9d5f371..5a34b9ad0a9 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 935ff5a8716..8aeefd36b5b 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 6b0d4ce5cba..bf6f56695fc 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index ab4e80850f8..a6b416b14ee 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index f5082a2b317..2c72214b28d 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index a10c83cb685..8e2fe1f002a 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index e38124ebfa3..9fb5283b352 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index db7d6ad0f56..ad57c036dad 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index c860557f216..ea1253237e6 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 4c97d6be92a..75abaf55068 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index b857e8387fc..f7b2fa6aef2 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 046b91341b4..75946c68e4e 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index be04830974a..edff79c6df0 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 992fb6adf00..650409afc42 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 69b9d203b60..fe53bd43ee1 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 50d2653a88a..368d95c390c 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 13415c61ef3..1727c879b00 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 984cbee305d..63ff68b2e58 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 2836d2fff8c..a62389b970c 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 87b11945b4b..27201834ca0 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 1bb8e031290..4088bb43dae 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 2e741eb6977..93c93cffbcb 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 958d5dcb49b..aa917784483 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index f4060d04183..bcfca7b00a8 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index ba48bc8427c..34658a703c4 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index a394df120e4..4570a32e296 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 1703e92fdc1..9d4d25ab1b6 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index f88e5aae14e..427bc42ea61 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index f1a839d1b67..da83dd0989c 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index c0298e2f5f5..2b352c79a29 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 8e0f7f96717..0e59ca9a4aa 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index ee20eb395dc..ed537fc392e 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index bc865c3acf0..6fde63961d6 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 1bbb6f8f913..aff6a767dbb 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 107d31c287a..b10723afd96 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index ae5c8254204..a5cfc9353a3 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index eb9452cd863..9832f5886b0 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index dd4ba3c5357..10df2fa72b2 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.CR1-SNAPSHOT + 2.3.0.Final ../../pom.xml From 629125af0d356028b67cb167a5d74ec41c21b063 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 12 Feb 2024 11:28:43 -0500 Subject: [PATCH 115/205] Next is 2.3.1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 5d3f4a0aaa7..3004d9bebbd 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 83e7ef785f4..aebe8627060 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index d26044dac86..80ab1002dee 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index d4214049bfc..409ce673515 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 7e82294e2a1..e11baf2884a 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 49e09442af0..cc424d64aab 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 58af72f3008..d0988267c60 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index d2bec47bbd2..6446958737f 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 3f2bb313d5f..0ba5face234 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 70675bc5401..80551b87df6 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 7490e3f1ec4..e165eef3e50 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index b15b0fe9ddb..9705921aed2 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 5200829295b..770013e87be 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 0af9e24b2be..8752ad07e4d 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 0d8fd3f96ac..2ba4e505660 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 7a3d4809be1..61824923ff8 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 9516f57d8b2..d0ef003d9c5 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 93ce80308ea..64cc030f524 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 91bfc510c1f..75bcb879fe1 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index b4fcddd9070..7744a84672a 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index d41476150ab..97de1382e9e 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index ee63fb3f7d1..655e110f63b 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index e0c3894d96b..54e61318c81 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index b58a325a5d6..c0b193fd670 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index cd798e0db4e..550f681d093 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 504629733f2..22aa4a06adb 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 9d7973c63b5..e611de9f121 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index d08816a5014..8b58b79512e 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 7f110bc7708..084956e6d5b 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index f94ee02002c..1e9fc561fac 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 9995555a654..125ba9bd68d 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 7371c43cebf..5504d9e08ad 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 2c40b50a2db..4273e775cc0 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 91be1135561..3ba216f865a 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 21823e00ce8..1ba546bdc4a 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 4a4d2d8627f..318f83b0656 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index a49d41ded70..a1f6c84c906 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 0e40ca6880e..7ac988a7e91 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 5a34b9ad0a9..d06a2402852 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 8aeefd36b5b..3a5efc83eff 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index bf6f56695fc..668a5dc85db 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index a6b416b14ee..0f300307b0b 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 2c72214b28d..cf53086cb47 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 8e2fe1f002a..16eb8d1d675 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 9fb5283b352..0f08ac4798e 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index ad57c036dad..976a4d39bc4 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index ea1253237e6..d652ffb934c 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 75abaf55068..5123a99d215 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index f7b2fa6aef2..edca729509d 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 75946c68e4e..64b4ae4f150 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index edff79c6df0..d3c3ce80c81 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 650409afc42..ca462d60555 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index fe53bd43ee1..483eda3d67b 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 368d95c390c..c6ce27fe027 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 1727c879b00..97ff07b605d 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 63ff68b2e58..f00d05ef49b 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index a62389b970c..96429beb6fa 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 27201834ca0..27e00e0dc27 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 4088bb43dae..03a31ea30cb 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 93c93cffbcb..b0d5bca8e76 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index aa917784483..b6e34244089 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index bcfca7b00a8..1f011c44d80 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 34658a703c4..0f4cf2c76d1 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 4570a32e296..49dbc81e2f8 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 9d4d25ab1b6..74bec703439 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 427bc42ea61..87feb928089 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index da83dd0989c..2c255fb384d 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 2b352c79a29..064b69712a6 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 0e59ca9a4aa..8099fffa903 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index ed537fc392e..f979caa56b9 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 6fde63961d6..60e91ff7ced 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index aff6a767dbb..5599cc0e3c3 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index b10723afd96..eed21ad856b 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index a5cfc9353a3..4b0c43f74ff 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 9832f5886b0..7bf234de2a8 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 10df2fa72b2..bf9fd3cf857 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.0.Final + 2.3.1.CR1-SNAPSHOT ../../pom.xml From 1638f890f77a78277cdd98997d0bf808222eebbf Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 12 Feb 2024 11:45:37 -0500 Subject: [PATCH 116/205] [ELY-2718] Perform API check against 2.3.0.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index f979caa56b9..dd508af38f0 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -553,7 +553,7 @@ org.wildfly.security wildfly-elytron - 2.2.2.Final + 2.3.0.Final jar From 7f1a066652cba73d7daf04dc7da171680f43ed77 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 16 Feb 2024 17:55:51 -0500 Subject: [PATCH 117/205] [ELY-2720] Release WildFly Elytron 2.3.1.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 3004d9bebbd..aa7326ccdf4 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index aebe8627060..1865ba9d655 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 80ab1002dee..8f23f3858a4 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 409ce673515..fd63bd32a96 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index e11baf2884a..00b950d4dd3 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index cc424d64aab..d117f012487 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index d0988267c60..8bd18ab695b 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 6446958737f..6beb71721df 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 0ba5face234..5f754d50e5f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 80551b87df6..c25c202102f 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index e165eef3e50..136b1ad1604 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 9705921aed2..0299b3afbd2 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 770013e87be..f393135ed9a 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 8752ad07e4d..2424663de0a 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 2ba4e505660..62af144d85b 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 61824923ff8..faa2a859598 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index d0ef003d9c5..eca8f4247b9 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 64cc030f524..e0ddc0198d6 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 75bcb879fe1..f6ae6df88f6 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 7744a84672a..b0d5fbd792e 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 97de1382e9e..f9f59da338d 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 655e110f63b..c834cf3caa5 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 54e61318c81..0278abfa3e3 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index c0b193fd670..ed3ff3ea004 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 550f681d093..e570dd19b20 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 22aa4a06adb..faa44874ba6 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index e611de9f121..5f26e3cc923 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 8b58b79512e..69ed46877d8 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 084956e6d5b..30e53a927ed 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 1e9fc561fac..898aab123e7 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 125ba9bd68d..51f0b90ec5e 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 5504d9e08ad..6c846666732 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 4273e775cc0..fe9d8ed0d67 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 3ba216f865a..05d003b0014 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 1ba546bdc4a..7fa6201797f 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 318f83b0656..606621b83a5 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index a1f6c84c906..693d28f2c9e 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 7ac988a7e91..a88298830ac 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index d06a2402852..b328753f633 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 3a5efc83eff..6f833dc29b4 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 668a5dc85db..67d30057b7c 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 0f300307b0b..15290b4b06d 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index cf53086cb47..c3a25cc5b91 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 16eb8d1d675..08bfd897162 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 0f08ac4798e..3cb98e28eb8 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 976a4d39bc4..4f5ccd2e1b9 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index d652ffb934c..5d31f9cf3a2 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 5123a99d215..dbaf857747a 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index edca729509d..0735a90548d 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 64b4ae4f150..1b2ba7f8603 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index d3c3ce80c81..641a3c19c56 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index ca462d60555..4f6914dd358 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 483eda3d67b..63296842a30 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index c6ce27fe027..22788d65cad 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 97ff07b605d..55f98778f2a 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index f00d05ef49b..8be94551d81 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 96429beb6fa..9cfae4fd2d5 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 27e00e0dc27..ee40a9d2859 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 03a31ea30cb..a34bd300818 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index b0d5bca8e76..59bf81d65a0 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index b6e34244089..99578f7808f 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 1f011c44d80..f4afadccfe7 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 0f4cf2c76d1..cbedd1f1ded 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 49dbc81e2f8..dc4e8680fde 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 74bec703439..16b1a808ce2 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 87feb928089..d04a75958b8 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 2c255fb384d..985924af929 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 064b69712a6..d7f708af144 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 8099fffa903..5eb5f02bbca 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index dd508af38f0..7ae1d50516f 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 60e91ff7ced..d193d5d99ae 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 5599cc0e3c3..14a103125e5 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index eed21ad856b..0e08661746a 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 4b0c43f74ff..fa7dc9882ce 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 7bf234de2a8..ac36461b828 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index bf9fd3cf857..435c54bf33d 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.CR1-SNAPSHOT + 2.3.1.Final ../../pom.xml From 12c2cc15fa92c0166f868320d9c274a12a677c86 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 16 Feb 2024 17:56:32 -0500 Subject: [PATCH 118/205] Next is 2.3.2 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 76 files changed, 76 insertions(+), 76 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index aa7326ccdf4..b03d621ba86 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 1865ba9d655..7a0c0881c00 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 8f23f3858a4..22fca96ae13 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index fd63bd32a96..36c5bd6a967 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 00b950d4dd3..1479cdef6de 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index d117f012487..e4eea6fb2fa 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 8bd18ab695b..07c911d170b 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 6beb71721df..9cf0134f94b 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 5f754d50e5f..8389421f59a 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index c25c202102f..08d5c4b2921 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 136b1ad1604..474cb996e61 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 0299b3afbd2..58596847a6d 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index f393135ed9a..fa86bbd5736 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 2424663de0a..bcb38560900 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 62af144d85b..c031149139a 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index faa2a859598..3311d745086 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index eca8f4247b9..e6e890fb41c 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index e0ddc0198d6..e161d3b328c 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index f6ae6df88f6..8be2079ecbf 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index b0d5fbd792e..4f5c9f21aaa 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index f9f59da338d..8242fb1a7f0 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index c834cf3caa5..865667f5c04 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 0278abfa3e3..3c52b2dae9d 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index ed3ff3ea004..90b6b12493c 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index e570dd19b20..612dc941257 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index faa44874ba6..debf65e5f95 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 5f26e3cc923..3ca701cd870 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 69ed46877d8..18f75a5c65c 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 30e53a927ed..b01609b09f0 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 898aab123e7..cafb6086edb 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 51f0b90ec5e..2ffb86ebde8 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 6c846666732..37e43dab2ec 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index fe9d8ed0d67..7eaf5ea8572 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 05d003b0014..40312d1f08c 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 7fa6201797f..a991c718b44 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 606621b83a5..a2279031e22 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 693d28f2c9e..157576826ef 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index a88298830ac..23bb107b0a5 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index b328753f633..9f29bd0d266 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 6f833dc29b4..691933bb6a5 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 67d30057b7c..7c5585a682f 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 15290b4b06d..17c1025f0fc 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index c3a25cc5b91..df00c10ef47 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 08bfd897162..4440c93ae6c 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 3cb98e28eb8..931d40e3494 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 4f5ccd2e1b9..c99f94a51f5 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 5d31f9cf3a2..1fbc737a3e9 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index dbaf857747a..dd4eebaa9d2 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 0735a90548d..410c8412182 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 1b2ba7f8603..416a1054b0e 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 641a3c19c56..da1aaf34974 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 4f6914dd358..301c9899818 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 63296842a30..01ec8349274 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 22788d65cad..d456b4c94d6 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 55f98778f2a..be5665a8767 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 8be94551d81..6cea1bb61f1 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 9cfae4fd2d5..7ff429e8894 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index ee40a9d2859..98a27a9dfa8 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index a34bd300818..d52f6ad60bf 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 59bf81d65a0..ca22af9ed00 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 99578f7808f..81ec85ecd36 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index f4afadccfe7..1e864b8150d 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index cbedd1f1ded..db90f8dc137 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index dc4e8680fde..d2d106ee54e 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 16b1a808ce2..f811ab4ae5b 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index d04a75958b8..d894887c815 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 985924af929..988ed029706 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index d7f708af144..602edf0acfe 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 5eb5f02bbca..a6baceab23d 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 7ae1d50516f..35992e7ddee 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index d193d5d99ae..8c97bf8d289 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 14a103125e5..edff386b6f1 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 0e08661746a..8d61e400b50 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index fa7dc9882ce..460b9b518dc 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index ac36461b828..918b4d4b33e 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 435c54bf33d..277622afdf5 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.1.Final + 2.3.2.CR1-SNAPSHOT ../../pom.xml From 2bbdcfce1907902dcedf59394a654e9df8ff2cf2 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 16 Feb 2024 18:10:29 -0500 Subject: [PATCH 119/205] [ELY-2720] Perform API check against 2.3.1.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 35992e7ddee..1869b3bf5c7 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -553,7 +553,7 @@ org.wildfly.security wildfly-elytron - 2.3.0.Final + 2.3.1.Final jar From 462b0a97fd72713f4e282e1fc09184f94c08a453 Mon Sep 17 00:00:00 2001 From: Daniel Spilker Date: Thu, 15 Feb 2024 07:58:44 +0100 Subject: [PATCH 120/205] [ELY-2715] Change log level for ELY23013 and ELY23012 to DEBUG --- .../java/org/wildfly/security/http/oidc/ElytronMessages.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java index c4ba08c8fb2..3c702319393 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java @@ -18,6 +18,7 @@ package org.wildfly.security.http.oidc; +import static org.jboss.logging.Logger.Level.DEBUG; import static org.jboss.logging.Logger.Level.ERROR; import static org.jboss.logging.Logger.Level.WARN; import static org.jboss.logging.annotations.Message.NONE; @@ -87,11 +88,11 @@ interface ElytronMessages extends BasicLogger { @Message(id = 23011, value = "Refresh token failure") void refreshTokenFailure(@Cause Throwable cause); - @LogMessage(level = ERROR) + @LogMessage(level = DEBUG) @Message(id = 23012, value = "Refresh token failure status: %d %s") void refreshTokenFailureStatus(int status, String error); - @LogMessage(level = ERROR) + @LogMessage(level = DEBUG) @Message(id = 23013, value = "Failed verification of token: %s") void failedVerificationOfToken(String error); From 17322bb7975407d0cf47583795d19ca43d09e8ba Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 7 Dec 2023 14:12:46 -0500 Subject: [PATCH 121/205] [ELY-2708] Update the CONTRIBUTING.md file with information on Elytron's code review process and maintenance branches --- CONTRIBUTING.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 27c26b7ae87..de0a1151c53 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -95,5 +95,17 @@ When submitting a PR, please keep the following guidelines in mind: For an example of a properly formatted PR, take a look at https://github.com/wildfly-security/wildfly-elytron/pull/1532 +## Code Reviews + +All submissions, including submissions by project members, need to be reviewed by at least two WildFly Elytron committers before being merged. + +The [GitHub Pull Request Review Process](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews) is followed for every pull request. + +## Maintenance Branches + +If you are working on a fix that's required for a maintenance branch (e.g., a fix for the 1.15.x or 2.2.x branches), please submit +your PR directly against the relevant maintenance branch. Once a fix for a maintenance branch is approved and merged, we then +merge the maintenance branch to the upstream branch to ensure changes are kept in sync. + ## Community For more information on how to get involved with WildFly Elytron, check out our [community](https://wildfly-security.github.io/wildfly-elytron/community/) page. From 962457d59c87fcc85edd1747e168a76659659736 Mon Sep 17 00:00:00 2001 From: lvydra Date: Tue, 27 Feb 2024 17:02:03 +0100 Subject: [PATCH 122/205] [ELY-1815] Unable to set custom AUTHENTICATION_TIMEOUT value --- .../sasl/SaslAuthenticationFactory.java | 11 ++++++ .../test/SaslAuthenticationTimeoutTest.java | 35 +++++-------------- .../security/sasl/test/SaslServerBuilder.java | 11 +++--- 3 files changed, 24 insertions(+), 33 deletions(-) diff --git a/auth/server/sasl/src/main/java/org/wildfly/security/auth/server/sasl/SaslAuthenticationFactory.java b/auth/server/sasl/src/main/java/org/wildfly/security/auth/server/sasl/SaslAuthenticationFactory.java index 3e15fa92d7b..1b4cfebf6e3 100644 --- a/auth/server/sasl/src/main/java/org/wildfly/security/auth/server/sasl/SaslAuthenticationFactory.java +++ b/auth/server/sasl/src/main/java/org/wildfly/security/auth/server/sasl/SaslAuthenticationFactory.java @@ -41,6 +41,7 @@ import org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory; import org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory; import org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory; +import org.wildfly.security.sasl.util.PropertiesSaslServerFactory; import org.wildfly.security.sasl.util.SaslMechanismInformation; import org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory; import org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory; @@ -121,6 +122,7 @@ public static Builder builder() { public static final class Builder extends AbstractMechanismAuthenticationFactory.Builder { private ScheduledExecutorService scheduledExecutorService; + private Map properties; /** * Construct a new instance. @@ -143,6 +145,11 @@ public Builder setFactory(final SaslServerFactory factory) { return this; } + public Builder setProperties(final Map properties) { + this.properties = properties; + return this; + } + /** * Set the scheduled executor service. * @@ -174,6 +181,10 @@ public SaslAuthenticationFactory build() { } factory = new AuthenticationTimeoutSaslServerFactory(factory, this.scheduledExecutorService); + if (this.properties != null && this.properties.size() > 0) { + factory = new PropertiesSaslServerFactory(factory, properties); + } + return new SaslAuthenticationFactory(getSecurityDomain(), getMechanismConfigurationSelector(), factory); } } diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslAuthenticationTimeoutTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslAuthenticationTimeoutTest.java index cc6dfc01146..aff240baf5c 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslAuthenticationTimeoutTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslAuthenticationTimeoutTest.java @@ -19,6 +19,7 @@ package org.wildfly.security.sasl.test; import static java.security.AccessController.doPrivileged; +import static org.wildfly.security.sasl.WildFlySasl.AUTHENTICATION_TIMEOUT; import java.net.URI; import java.net.URISyntaxException; @@ -26,7 +27,7 @@ import java.security.Provider; import java.security.Security; import java.util.Collections; -import java.util.Map; +import java.util.HashMap; import java.util.concurrent.ScheduledThreadPoolExecutor; import java.util.concurrent.ThreadFactory; @@ -53,12 +54,8 @@ import org.wildfly.security.sasl.SaslMechanismSelector; import org.wildfly.security.sasl.digest.DigestServerFactory; import org.wildfly.security.sasl.digest.WildFlyElytronSaslDigestProvider; -import org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory; import org.wildfly.security.sasl.util.SaslMechanismInformation; -import mockit.Mock; -import mockit.MockUp; - /** * Tests a successful authentication timeout for a custom executor service and the default executor service. * @@ -75,28 +72,8 @@ public class SaslAuthenticationTimeoutTest { WildFlyElytronPasswordProvider.getInstance() }; - /* - * Unable to set custom AUTHENTICATION_TIMEOUT using a property SaslServer factory (see ELY-1815), so using mock - * function to avoid using default timeout of 150 sec - */ - private static void mockGetTimeout() { - Class classToMock; - try { - classToMock = Class.forName("org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory", true, AuthenticationTimeoutSaslServerFactory.class.getClassLoader()); - } catch (ClassNotFoundException e) { - throw new NoClassDefFoundError(e.getMessage()); - } - new MockUp(classToMock) { - @Mock - private long getTimeout(final Map props) { - return 3; - } - }; - } - @BeforeClass public static void registerPasswordProvider() { - mockGetTimeout(); for (Provider provider : providers) { Security.insertProviderAt(provider, 1); } @@ -121,12 +98,14 @@ public void testSuccessfulTimeout() throws Exception { INSTANCE.setExecuteExistingDelayedTasksAfterShutdownPolicy(false); try { - + HashMap properties = new HashMap<>(); + properties.put(AUTHENTICATION_TIMEOUT, "3"); SaslServer server = new SaslServerBuilder(DigestServerFactory.class, DIGEST) .setUserName("George") .setPassword("gpwd".toCharArray()) .setProtocol("TestProtocol") .setServerName("TestServer") + .setProperties(properties) .setScheduledExecutorService(INSTANCE) .addMechanismRealm("TestRealm") .build(); @@ -153,12 +132,14 @@ public void testSuccessfulTimeout() throws Exception { public void testSuccessfulTimeout_DefaultExecuterService() throws Exception { try { - + HashMap properties = new HashMap<>(); + properties.put(AUTHENTICATION_TIMEOUT, "3"); SaslServer server = new SaslServerBuilder(DigestServerFactory.class, DIGEST) .setUserName("George") .setPassword("gpwd".toCharArray()) .setProtocol("TestProtocol") .setServerName("TestServer") + .setProperties(properties) .addMechanismRealm("TestRealm") .build(); diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslServerBuilder.java b/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslServerBuilder.java index edaef80f352..003b4a94328 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslServerBuilder.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/test/SaslServerBuilder.java @@ -77,7 +77,6 @@ import org.wildfly.security.sasl.util.ChannelBindingSaslServerFactory; import org.wildfly.security.sasl.util.CredentialSaslServerFactory; import org.wildfly.security.sasl.util.KeyManagerCredentialSaslServerFactory; -import org.wildfly.security.sasl.util.PropertiesSaslServerFactory; import org.wildfly.security.sasl.util.ProtocolSaslServerFactory; import org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory; import org.wildfly.security.sasl.util.ServerNameSaslServerFactory; @@ -377,11 +376,8 @@ public SaslServer build() throws IOException { if (factory == null && providerSupplier != null) { factory = new SecurityProviderSaslServerFactory(providerSupplier); } - if (properties != null && properties.size() > 0) { - if (properties.containsKey(WildFlySasl.REALM_LIST)) { - factory = new AvailableRealmsSaslServerFactory(factory); - } - factory = new PropertiesSaslServerFactory(factory, properties); + if (properties != null && properties.size() > 0 && properties.containsKey(WildFlySasl.REALM_LIST)) { + factory = new AvailableRealmsSaslServerFactory(factory); } if (bindingTypeAndData != null) { factory = new ChannelBindingSaslServerFactory(factory, bindingTypeAndData.key, bindingTypeAndData.value); @@ -403,6 +399,9 @@ public SaslServer build() throws IOException { } final SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder(); builder.setFactory(factory); + if (properties != null && properties.size() > 0) { + builder.setProperties(properties); + } builder.setSecurityDomain(securityDomain); if (scheduledExecutorService != null) { builder.setScheduledExecutorService(scheduledExecutorService); From 3d2f36b99ad01667c5f5fe83fc766c1da711d87f Mon Sep 17 00:00:00 2001 From: lvydra Date: Tue, 27 Feb 2024 17:06:45 +0100 Subject: [PATCH 123/205] [ELY-2557] Add an afterclass method to do clean-up after the FileSystemEncryptRealmCommandTest testBulkWithoutNames test --- .../tool/FileSystemEncryptRealmCommandTest.java | 16 ++++++++++++++++ ...bulk-encryption-conversion-desc-without-names | 10 +++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java index 6f698df14ff..32ff3c29f2d 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java @@ -23,13 +23,17 @@ import java.io.File; import java.io.FileNotFoundException; +import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.Paths; +import java.util.Comparator; import java.util.HashMap; import java.util.Map; import javax.crypto.SecretKey; import org.apache.commons.cli.MissingArgumentException; +import org.junit.AfterClass; import org.junit.Test; import org.wildfly.security.auth.principal.NamePrincipal; import org.wildfly.security.auth.realm.FileSystemSecurityRealm; @@ -229,6 +233,18 @@ public void testSingleUserAndVerify() throws Exception { existingIdentity.dispose(); } + @AfterClass + public static void cleanup() throws Exception { + //cleanup after testBulkWithoutNames test + Path bulkWithoutNamesFolderPath = Paths.get(RELATIVE_BASE_DIR + "fs-encrypted-realms/bulk-encryption-conversion-desc-without-names"); + if (bulkWithoutNamesFolderPath.toFile().exists()) { + Files.walk(bulkWithoutNamesFolderPath) + .sorted(Comparator.reverseOrder()) + .map(Path::toFile) + .forEach(File::delete); + } + } + private boolean fileExists(String path) { File tempFile = new File(path); return tempFile.exists(); diff --git a/tool/src/test/resources/bulk-encryption-conversion-desc-without-names b/tool/src/test/resources/bulk-encryption-conversion-desc-without-names index d28bded00a9..d51ee5e5b79 100644 --- a/tool/src/test/resources/bulk-encryption-conversion-desc-without-names +++ b/tool/src/test/resources/bulk-encryption-conversion-desc-without-names @@ -1,22 +1,22 @@ input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/multiple-credential-types -output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms +output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms/bulk-encryption-conversion-desc-without-names credential-store:target/test-classes/filesystem-encrypt/mycredstore.cs create:true levels:1 input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/level-4 -output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms +output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms/bulk-encryption-conversion-desc-without-names credential-store:target/test-classes/filesystem-encrypt/mycredstore.cs create:true levels:4 input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/fsRealmCharset -output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms +output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms/bulk-encryption-conversion-desc-without-names credential-store:target/test-classes/filesystem-encrypt/mycredstore.cs create:true input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/hashencoding -output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms +output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms/bulk-encryption-conversion-desc-without-names hash-encoding:hex credential-store:target/test-classes/filesystem-encrypt/mycredstore.cs -create:true +create:true \ No newline at end of file From 3c822ebf2730ea114fa97a34c531d796d068a150 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Fri, 8 Mar 2024 18:22:49 +0000 Subject: [PATCH 124/205] [ELY-2730] Upgrade org.bitbucket.b_c:jose4j from 0.9.4 to 0.9.6 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index dd4eebaa9d2..0d7287ba356 100644 --- a/pom.xml +++ b/pom.xml @@ -92,7 +92,7 @@ 2.7 5.4.1 3.0.0 - 0.9.4 + 0.9.6 1.15.3 18.0.2 4.3.3 From bd328fae5601af2e2b76407f46a98d9758b7d0a9 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Fri, 8 Mar 2024 17:56:45 +0000 Subject: [PATCH 125/205] [ELY-2729] Upgrade Jackson FasterXML to 2.15.4 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index dd4eebaa9d2..fce3d89609b 100644 --- a/pom.xml +++ b/pom.xml @@ -56,7 +56,7 @@ 11 - 2.15.3 + 2.15.4 ${version.com.fasterxml.jackson} 1.6.0 4.0.1 From 6599297e683853e49204127f08ce86d8271081ab Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 14 Mar 2024 09:38:06 -0400 Subject: [PATCH 126/205] [ELY-2727] Update CI to also run with JDK 21 --- .github/workflows/pr-ci.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-ci.yaml b/.github/workflows/pr-ci.yaml index 32ffa815c71..c56d1e36f02 100644 --- a/.github/workflows/pr-ci.yaml +++ b/.github/workflows/pr-ci.yaml @@ -11,16 +11,18 @@ on: jobs: build: + name: ${{ matrix.os }}-jdk${{ matrix.java }} runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest] + java: ['11', '21'] steps: - uses: actions/checkout@v2 - - name: Set up JDK 11 + - name: Set up JDK ${{ matrix.java }} uses: actions/setup-java@v1 with: - java-version: 11 + java-version: ${{ matrix.java }} # ELY-2204 - Temporarily preventing OidcTest from running on macOS since there # are intermittent issues with starting up the Docker container. #- if: matrix.os == 'macos-latest' From 30d9f72801d6b2c3009c89fdea9781da6c6a39ed Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 14 Mar 2024 10:04:50 -0400 Subject: [PATCH 127/205] [ELY-2724] TLS13AuthenticationTest needs to be updated to run with SE 21 --- .../java/org/wildfly/security/ssl/TLS13AuthenticationTest.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 422fbf89712..2b2addb635e 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -49,7 +49,6 @@ import javax.net.ssl.X509TrustManager; import org.junit.AfterClass; -import org.junit.Assume; import org.junit.BeforeClass; import org.junit.Test; import org.wildfly.security.WildFlyElytronProvider; @@ -79,8 +78,6 @@ public class TLS13AuthenticationTest { @BeforeClass public static void setUp() throws Exception{ - Assume.assumeTrue("Skipping TLS13AuthenticationTest suite, tests are not being run on JDK 11.", - System.getProperty("java.specification.version").equals("11")); caGenerationTool = CAGenerationTool.builder() .setBaseDir(CA_JKS_LOCATION) From ed9fe0fd2da17d665fd197fb6dddd8a5e710309d Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 14 Mar 2024 10:25:12 -0400 Subject: [PATCH 128/205] [ELY-2728] Upgrade japicmp-maven-plugin to 0.20.0 so we can build with JDK 21 --- tests/base/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/base/pom.xml b/tests/base/pom.xml index d894887c815..0570237d5af 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -821,7 +821,7 @@ com.github.siom79.japicmp japicmp-maven-plugin - 0.13.0 + 0.20.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1869b3bf5c7..22a334519d9 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -546,7 +546,7 @@ com.github.siom79.japicmp japicmp-maven-plugin - 0.13.0 + 0.20.0 false From 1c127e67f35f46d979843b5ff70c1cbd7b57061b Mon Sep 17 00:00:00 2001 From: Shreya Pramod <102878120+shreya-pramod@users.noreply.github.com> Date: Fri, 27 Oct 2023 04:25:08 +0000 Subject: [PATCH 129/205] [ELY-2689] Update 3 tests in SunUnixMD5Crypt to call a common method in order to remove duplicated code --- .../password/impl/SunUnixMD5CryptTest.java | 50 +++++++------------ 1 file changed, 19 insertions(+), 31 deletions(-) diff --git a/password/impl/src/test/java/org/wildfly/security/password/impl/SunUnixMD5CryptTest.java b/password/impl/src/test/java/org/wildfly/security/password/impl/SunUnixMD5CryptTest.java index 53306441384..b7a306f85e0 100644 --- a/password/impl/src/test/java/org/wildfly/security/password/impl/SunUnixMD5CryptTest.java +++ b/password/impl/src/test/java/org/wildfly/security/password/impl/SunUnixMD5CryptTest.java @@ -24,7 +24,6 @@ import static org.junit.Assert.assertTrue; import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import org.junit.Test; @@ -43,42 +42,31 @@ public class SunUnixMD5CryptTest { @Test - public void testParseCryptStringWithoutRounds() throws NoSuchAlgorithmException, InvalidKeySpecException { - String cryptString = "$md5$zrdhpMlZ$$wBvMOEqbSjU.hu5T2VEP01"; - - // Get the spec by parsing the crypt string - SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString); - assertEquals(0, password.getIterationCount()); - - // Use the spec to build a new crypt string and compare it to the original - assertEquals(cryptString, ModularCrypt.encodeAsString(password)); + public void testParseCryptStringWithoutRounds() throws InvalidKeySpecException { + testParseCryptString("$md5$zrdhpMlZ$$wBvMOEqbSjU.hu5T2VEP01", 0); } @Test - public void testParseCryptStringWithRounds() throws NoSuchAlgorithmException, InvalidKeySpecException { - String cryptString = "$md5,rounds=1000$saltstring$$1wGsmnKgDGdu03LxKu0VI1"; - - // Get the spec by parsing the crypt string - SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString); - assertEquals(1_000, password.getIterationCount()); - - // Use the spec to build a new crypt string and compare it to the original - assertEquals(cryptString, ModularCrypt.encodeAsString(password)); + public void testParseCryptStringWithRounds() throws InvalidKeySpecException { + testParseCryptString("$md5,rounds=1000$saltstring$$1wGsmnKgDGdu03LxKu0VI1", 1_000); } @Test - public void testParseCryptStringWithBareSalt() throws NoSuchAlgorithmException, InvalidKeySpecException { - String cryptString = "$md5,rounds=1500$saltstring$F9DNxgHVXWaeLS9zUaWXd."; + public void testParseCryptStringWithBareSalt() throws InvalidKeySpecException { + testParseCryptString("$md5,rounds=1500$saltstring$F9DNxgHVXWaeLS9zUaWXd.", 1_500); + } - // Get the spec by parsing the crypt string + private static void testParseCryptString(String cryptString, int iterCount) throws InvalidKeySpecException { SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString); - assertEquals(1_500, password.getIterationCount()); + assertEquals(iterCount, password.getIterationCount()); // Use the spec to build a new crypt string and compare it to the original assertEquals(cryptString, ModularCrypt.encodeAsString(password)); + } - private void generateAndVerify(String cryptString, String correctPassword) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + + private static void generateAndVerify(String cryptString, String correctPassword) throws InvalidKeyException, InvalidKeySpecException { final PasswordFactorySpiImpl spi = new PasswordFactorySpiImpl(); SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString); final String algorithm = password.getAlgorithm(); @@ -100,49 +88,49 @@ private void generateAndVerify(String cryptString, String correctPassword) throw } @Test - public void testHashEmptyPassword() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + public void testHashEmptyPassword() throws InvalidKeyException, InvalidKeySpecException { String password = ""; String cryptString = "$md5,rounds=10000$saltstring$$uwcsteApj7mCi4AIwYIT5."; generateAndVerify(cryptString, password); } @Test - public void testHashEmptyPasswordWithBareSalt() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + public void testHashEmptyPasswordWithBareSalt() throws InvalidKeyException, InvalidKeySpecException { String password = ""; String cryptString = "$md5,rounds=10000$saltstring$gWOS3RRZtQ5TiYRg.vBx40"; generateAndVerify(cryptString, password); } @Test - public void testHashShortPassword() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + public void testHashShortPassword() throws InvalidKeyException, InvalidKeySpecException { String password = "Hello world!"; String cryptString = "$md5$saltstringsalt$$MsEJKkfiaflU4ioBHkqWe0"; generateAndVerify(cryptString, password); } @Test - public void testHashShortPasswordWithBareSalt() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + public void testHashShortPasswordWithBareSalt() throws InvalidKeyException, InvalidKeySpecException { String password = "Hello world!"; String cryptString = "$md5$saltstringsalt$uOXM5LLS7ZtN3eYYS54sM/"; generateAndVerify(cryptString, password); } @Test - public void testHashLongPassword() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + public void testHashLongPassword() throws InvalidKeyException, InvalidKeySpecException { String password = "This is a very very very long password! This is the 2nd sentence in THE password. This is a test.@$%"; String cryptString = "$md5,rounds=10000$saltstringsaltstring$$Occfaf7BttKIkRRUARiWU0"; generateAndVerify(cryptString, password); } @Test - public void testHashLongPasswordWithBareSalt() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + public void testHashLongPasswordWithBareSalt() throws InvalidKeyException, InvalidKeySpecException { String password = "This is a very very very long password! This is the 2nd sentence in THE password. This is a test.@$%"; String cryptString = "$md5,rounds=10000$saltstringsaltstring$0xbVBdJfPIual8oRvkU/f."; generateAndVerify(cryptString, password); } @Test - public void testKnownCryptStrings() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException { + public void testKnownCryptStrings() throws InvalidKeyException, InvalidKeySpecException { // Crypt string with bare salt generateAndVerify("$md5$RPgLF6IJ$WTvAlUJ7MqH5xak2FMEwS/", "passwd"); From 4f5e6d4b2e533cd7d7c73dcc71a6a501a30081c0 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Fri, 18 Mar 2022 18:16:48 +0000 Subject: [PATCH 130/205] [ELY-2319] Delete the deprecated GSSCredentialSecurityFactory implementation. --- auth/client/pom.xml | 4 + auth/util/pom.xml | 16 +- .../security/auth/util/ElytronMessages.java | 35 +- .../util/GSSCredentialSecurityFactory.java | 560 ------------------ wildfly-elytron/pom.xml | 2 + 5 files changed, 24 insertions(+), 593 deletions(-) delete mode 100644 auth/util/src/main/java/org/wildfly/security/auth/util/GSSCredentialSecurityFactory.java diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 36c5bd6a967..728484b00b9 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -60,6 +60,10 @@ org.wildfly.security wildfly-elytron-mechanism + + org.wildfly.security + wildfly-elytron-mechanism-gssapi + org.wildfly.security wildfly-elytron-password-impl diff --git a/auth/util/pom.xml b/auth/util/pom.xml index fa86bbd5736..b2c48b4d670 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -40,10 +40,6 @@ org.wildfly.security wildfly-elytron-auth - - org.wildfly.security - wildfly-elytron-base - org.wildfly.security wildfly-elytron-credential @@ -54,13 +50,10 @@ org.wildfly.security - wildfly-elytron-mechanism-gssapi - - - org.wildfly.security - wildfly-elytron-security-manager-action + wildfly-elytron-x500 + org.wildfly.common wildfly-common @@ -90,10 +83,5 @@ junit test - - org.jmockit - jmockit - test - diff --git a/auth/util/src/main/java/org/wildfly/security/auth/util/ElytronMessages.java b/auth/util/src/main/java/org/wildfly/security/auth/util/ElytronMessages.java index 9c374ce17ab..2d187ab0e6c 100644 --- a/auth/util/src/main/java/org/wildfly/security/auth/util/ElytronMessages.java +++ b/auth/util/src/main/java/org/wildfly/security/auth/util/ElytronMessages.java @@ -19,9 +19,6 @@ package org.wildfly.security.auth.util; import java.io.IOException; -import java.security.GeneralSecurityException; - -import javax.security.auth.login.LoginException; import org.jboss.logging.BasicLogger; import org.jboss.logging.Logger; @@ -51,32 +48,32 @@ interface ElytronMessages extends BasicLogger { ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security"); - @Message(id = 3, value = "This builder has already been built") - IllegalStateException builderAlreadyBuilt(); + //@Message(id = 3, value = "This builder has already been built") + //IllegalStateException builderAlreadyBuilt(); @Message(id = 1065, value = "Pattern requires a capture group") IllegalArgumentException patternRequiresCaptureGroup(); - @Message(id = 1121, value = "Unable to perform initial JAAS login.") - GeneralSecurityException unableToPerformInitialLogin(@Cause LoginException cause); + //@Message(id = 1121, value = "Unable to perform initial JAAS login.") + //GeneralSecurityException unableToPerformInitialLogin(@Cause LoginException cause); - @Message(id = 1122, value = "No Kerberos principals found.") - GeneralSecurityException noKerberosPrincipalsFound(); + //@Message(id = 1122, value = "No Kerberos principals found.") + //GeneralSecurityException noKerberosPrincipalsFound(); - @Message(id = 1123, value = "Too many Kerberos principals found.") - GeneralSecurityException tooManyKerberosPrincipalsFound(); + //@Message(id = 1123, value = "Too many Kerberos principals found.") + //GeneralSecurityException tooManyKerberosPrincipalsFound(); - @Message(id = 1160, value = "KeyTab [%s] does not exists.") - IOException keyTabDoesNotExists(String keyTab); + //@Message(id = 1160, value = "KeyTab [%s] does not exists.") + //IOException keyTabDoesNotExists(String keyTab); - @Message(id = 1161, value = "No keys for Kerberos principal [%s] was found in KeyTab [%s].") - IOException noKeysForPrincipalInKeyTab(String principal, String keyTab); + //@Message(id = 1161, value = "No keys for Kerberos principal [%s] was found in KeyTab [%s].") + //IOException noKeysForPrincipalInKeyTab(String principal, String keyTab); - @Message(id = 1165, value = "Initial JAAS login skipped as it has failed in last %d seconds") - GeneralSecurityException initialLoginSkipped(long seconds); + //@Message(id = 1165, value = "Initial JAAS login skipped as it has failed in last %d seconds") + //GeneralSecurityException initialLoginSkipped(long seconds); - @Message(id = 3031, value = "Too many KerberosTicket instances in private credentials") - GeneralSecurityException tooManyKerberosTicketsFound(); + //@Message(id = 3031, value = "Too many KerberosTicket instances in private credentials") + //GeneralSecurityException tooManyKerberosTicketsFound(); @Message(id = 17000, value = "Failed to create credential") IOException xmlFailedToCreateCredential(@Cause Throwable cause); diff --git a/auth/util/src/main/java/org/wildfly/security/auth/util/GSSCredentialSecurityFactory.java b/auth/util/src/main/java/org/wildfly/security/auth/util/GSSCredentialSecurityFactory.java deleted file mode 100644 index 0d751766a44..00000000000 --- a/auth/util/src/main/java/org/wildfly/security/auth/util/GSSCredentialSecurityFactory.java +++ /dev/null @@ -1,560 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.wildfly.security.auth.util; - -import static javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.REQUIRED; -import static org.wildfly.common.Assert.checkNotNullParam; -import static org.wildfly.security.auth.util.ElytronMessages.log; - -import java.io.File; -import java.io.IOException; -import java.security.AccessController; -import java.security.GeneralSecurityException; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; -import java.util.ArrayList; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.atomic.AtomicReference; -import java.util.function.UnaryOperator; - -import javax.security.auth.RefreshFailedException; -import javax.security.auth.Subject; -import javax.security.auth.kerberos.KerberosPrincipal; -import javax.security.auth.kerberos.KerberosTicket; -import javax.security.auth.kerberos.KeyTab; -import javax.security.auth.login.AppConfigurationEntry; -import javax.security.auth.login.Configuration; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; - -import org.ietf.jgss.GSSCredential; -import org.ietf.jgss.GSSException; -import org.ietf.jgss.GSSManager; -import org.ietf.jgss.GSSName; -import org.ietf.jgss.Oid; -import org.wildfly.common.function.ExceptionSupplier; -import org.wildfly.security.SecurityFactory; -import org.wildfly.security.auth.callback.FastUnsupportedCallbackException; -import org.wildfly.security.credential.GSSKerberosCredential; -import org.wildfly.security.manager.action.SetContextClassLoaderAction; - -/** - * A {@link SecurityFactory} implementation for obtaining a {@link GSSCredential}. - * - * @author Darran Lofthouse - * @deprecated Use {@link org.wildfly.security.mechanism.gssapi.GSSCredentialSecurityFactory} instead - */ -@Deprecated -public final class GSSCredentialSecurityFactory implements SecurityFactory { - - private static final String KRB5LoginModule = "com.sun.security.auth.module.Krb5LoginModule"; - private static final long ONE_SECOND = 1000; - - public static final Oid KERBEROS_V5; - public static final Oid SPNEGO; - - static { - try { - KERBEROS_V5 = new Oid("1.2.840.113554.1.2.2"); - SPNEGO = new Oid("1.3.6.1.5.5.2"); - } catch (GSSException e) { - throw new RuntimeException("Unable to initialise Oid", e); - } - } - - private final int minimumRemainingLifetime; - private final ExceptionSupplier rawSupplier; - - private final AtomicReference cachedCredentialReference = new AtomicReference<>(); - private final UnaryOperator credentialOperator; - - - GSSCredentialSecurityFactory(final int minimumRemainingLifetime, final ExceptionSupplier rawSupplier) { - this.minimumRemainingLifetime = minimumRemainingLifetime; - this.rawSupplier = rawSupplier; - credentialOperator = this::update; - } - - private GSSKerberosCredential update(GSSKerberosCredential original) { - GSSKerberosCredential result = null; - try { - if (original != null) { - if (testIsValid(original.getGssCredential()) && testIsValid(original.getKerberosTicket())) { - result = original; - } - } - - if (result == null) { - log.trace("No valid cached credential, obtaining new one..."); - result = rawSupplier.get(); - log.tracef("Obtained GSSCredentialCredential [%s]", result); - } else { - log.tracef("Used cached GSSCredential [%s]", result); - } - } catch (GeneralSecurityException e) { - throw new IllegalStateException(e); - } - - return result; - } - - private boolean testIsValid(GSSCredential gssCredential) throws GeneralSecurityException { - checkNotNullParam("gssCredential", gssCredential); - boolean stillValid; - try { - int remainingLifetime = gssCredential.getRemainingLifetime(); - log.tracef("Remaining GSSCredential Lifetime = %d", remainingLifetime); - stillValid = remainingLifetime >= minimumRemainingLifetime; - } catch (GSSException e) { - throw new GeneralSecurityException(e); - } - - log.tracef("testIsValid(GSSCredential)=%b", stillValid); - return stillValid; - } - - private boolean testIsValid(KerberosTicket ticket) { - if (ticket == null) { - log.trace("No cached KerberosTicket"); - return true; // If there is no ticket it is not "invalid". - } - - Date endTime = ticket.getEndTime(); - log.tracef("KerberosTicket.getEndTime()=%s", endTime); - boolean stillValid = endTime != null && System.currentTimeMillis() < endTime.getTime() - (minimumRemainingLifetime * ONE_SECOND); - - if (!stillValid) { - log.trace("Attempting to refresh existing KerberosTicket."); - try { - ticket.refresh(); - log.tracef("KerberosTicket refreshed until %s", ticket.getEndTime()); - stillValid = true; - } catch (RefreshFailedException e) { - log.tracef("Unable to refresh KerberosTicket.", e); - } - } - - log.tracef("testIsValid(KerberosTicket)=%b", stillValid); - return stillValid; - } - - @Override - public GSSKerberosCredential create() throws GeneralSecurityException { - try { - return cachedCredentialReference.updateAndGet(credentialOperator); - } catch (RuntimeException e) { - if (e.getCause() instanceof GSSException) { - throw new GeneralSecurityException(e.getCause()); - } else if (e.getCause() instanceof GeneralSecurityException) { - throw (GeneralSecurityException) e.getCause(); - } - - throw e; - } - } - - - /** - * Obtain a new {@link Builder} capable of building a {@link GSSCredentialSecurityFactory}. - * - * @return a new {@link Builder} capable of building a {@link GSSCredentialSecurityFactory}. - */ - public static Builder builder() { - return new Builder(); - } - - /** - * A builder for GSS credential security factories. - */ - public static class Builder { - - private boolean built = false; - private List mechanismOids = new ArrayList<>(); - private String principal; - private File keyTab; - private boolean isServer; - private boolean obtainKerberosTicket; - private int minimumRemainingLifetime; - private int requestLifetime; - private boolean debug; - private boolean wrapGssCredential; - private boolean checkKeyTab; - private volatile long lastFailTime = 0; - private long failCache = 0; - private Map options; - - Builder() { - } - - /** - * Set the keytab file to obtain the identity. - * - * @param keyTab the keytab file to obtain the identity. - * @return {@code this} to allow chaining. - */ - public Builder setKeyTab(final File keyTab) { - assertNotBuilt(); - this.keyTab = keyTab; - - return this; - } - - /** - * Set if the credential returned from the factory is representing the server side of the connection. - * - * @param isServer is the credential returned from the factory is representing the server side of the connection. - * @return {@code this} to allow chaining. - */ - public Builder setIsServer(final boolean isServer) { - assertNotBuilt(); - this.isServer = isServer; - - return this; - } - - /** - * Set if the KerberosTicket should also be obtained and associated with the Credential/ - * - * @param obtainKerberosTicket if the KerberosTicket should also be obtained and associated with the Credential/ - * @return {@code this} to allow chaining. - */ - public Builder setObtainKerberosTicket(final boolean obtainKerberosTicket) { - assertNotBuilt(); - this.obtainKerberosTicket = obtainKerberosTicket; - - return this; - } - - /** - * Once the factory has been called once it will cache the resulting {@link GSSCredential}, this setting - * defines how much life it must have left in seconds for it to be re-used. - * - * @param minimumRemainingLifetime the time in seconds of life a {@link GSSCredential} must have to be re-used. - * @return {@code this} to allow chaining. - */ - public Builder setMinimumRemainingLifetime(final int minimumRemainingLifetime) { - assertNotBuilt(); - this.minimumRemainingLifetime = minimumRemainingLifetime; - - return this; - } - - /** - * Set the lifetime to request newly created credentials are valid for. - * - * @param requestLifetime the lifetime to request newly created credentials are valid for. - * @return {@code this} to allow chaining. - */ - public Builder setRequestLifetime(final int requestLifetime) { - assertNotBuilt(); - this.requestLifetime = requestLifetime < 0 ? GSSCredential.INDEFINITE_LIFETIME : requestLifetime; - - return this; - } - - /** - * Add an {@link Oid} for a mechanism the {@link GSSCredential} should be usable with. - * - * @param oid the {@link Oid} for the mechanism the {@link GSSCredential} should be usable with. - * @return {@code this} to allow chaining. - */ - public Builder addMechanismOid(final Oid oid) { - assertNotBuilt(); - mechanismOids.add(checkNotNullParam("oid", oid)); - - return this; - } - - /** - * Set the principal name for the initial authentication from the KeyTab. - * - * @param principal the principal name for the initial authentication from the KeyTab. - * @return {@code this} to allow chaining. - */ - public Builder setPrincipal(final String principal) { - assertNotBuilt(); - this.principal = principal; - - return this; - } - - /** - * Set if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential} - * - * @param debug if debug logging should be enabled for the JAAS authentication portion of obtaining the {@link GSSCredential} - * @return {@code this} to allow chaining. - */ - public Builder setDebug(final boolean debug) { - assertNotBuilt(); - this.debug = debug; - - return this; - } - - /** - * Set if the constructed {@link GSSCredential} should be wrapped to prevent improper credential disposal or not. - * - * @param value {@code true} if the constructed {@link GSSCredential} should be wrapped; {@code false} otherwise. - * @return {@code this} to allow chaining. - */ - public Builder setWrapGssCredential(final boolean value) { - assertNotBuilt(); - this.wrapGssCredential = value; - - return this; - } - - /** - * Set if keytab file existence and principal presence in it should be checked on factory build. - * - * @param value {@code true} if keytab file should be checked; {@code false} otherwise. - * @return {@code this} to allow chaining. - */ - public Builder setCheckKeyTab(final boolean value) { - assertNotBuilt(); - this.checkKeyTab = value; - - return this; - } - - /** - * Set other configuration options for {@code Krb5LoginModule} - * - * @param options the configuration options which will be appended to options passed into {@code Krb5LoginModule} - * @return {@code this} to allow chaining. - */ - public Builder setOptions(final Map options) { - assertNotBuilt(); - this.options = options; - - return this; - } - - /** - * Set amount of seconds before new try to obtain {@link GSSCredential} should be done if it has failed last time. - * Allows to prevent long waiting to unavailable KDC on every authentication. - * - * @param seconds amount of seconds to cache fail state of the credential factory; 0 if the cache should not be used. - * @return {@code this} to allow chaining. - */ - public Builder setFailCache(final long seconds) { - assertNotBuilt(); - this.failCache = seconds; - - return this; - } - - /** - * Construct a new {@link GSSKerberosCredential} security factory instance. - * - * @return the built factory instance - * @throws IOException when unable to use given KeyTab - */ - public SecurityFactory build() throws IOException { - assertNotBuilt(); - if (checkKeyTab) { - checkKeyTab(); - } - - final Configuration configuration = createConfiguration(); - - built = true; - return new GSSCredentialSecurityFactory(minimumRemainingLifetime > 0 ? minimumRemainingLifetime : 0, () -> createGSSCredential(configuration)); - } - - private GSSKerberosCredential createGSSCredential(Configuration configuration) throws GeneralSecurityException { - if (failCache != 0 && System.currentTimeMillis() - lastFailTime < failCache * 1000) { - throw log.initialLoginSkipped(failCache); - } - - final Subject subject = new Subject(); - - try { - final ClassLoader oldCl = doPrivileged(new SetContextClassLoaderAction(Builder.class.getClassLoader())); - final LoginContext lc; - try { - lc = new LoginContext("KDC", subject, (c) -> { - throw new FastUnsupportedCallbackException(c[0]); - }, configuration); - } finally { - doPrivileged(new SetContextClassLoaderAction(oldCl)); - } - log.tracef("Logging in using LoginContext and subject [%s]", subject); - lc.login(); - log.tracef("Logging in using LoginContext and subject [%s] succeed", subject); - - final KerberosTicket kerberosTicket; - if (obtainKerberosTicket) { - Set kerberosTickets = doPrivileged((PrivilegedAction>) () -> subject.getPrivateCredentials(KerberosTicket.class)); - if (kerberosTickets.size() > 1) { - throw log.tooManyKerberosTicketsFound(); - } - kerberosTicket = kerberosTickets.size() == 1 ? kerberosTickets.iterator().next() : null; - } else { - kerberosTicket = null; - } - - final GSSManager manager = GSSManager.getInstance(); - return Subject.doAs(subject, (PrivilegedExceptionAction) () -> { - Set principals = subject.getPrincipals(KerberosPrincipal.class); - if (principals.size() < 1) { - throw log.noKerberosPrincipalsFound(); - } else if (principals.size() > 1) { - throw log.tooManyKerberosPrincipalsFound(); - } - KerberosPrincipal principal = principals.iterator().next(); - log.tracef("Creating GSSName for Principal '%s'", principal); - GSSName name = manager.createName(principal.getName(), GSSName.NT_USER_NAME, KERBEROS_V5); - - if (wrapGssCredential) { - return new GSSKerberosCredential(wrapCredential(manager.createCredential(name, requestLifetime, mechanismOids.toArray(new Oid[mechanismOids.size()]), - isServer ? GSSCredential.ACCEPT_ONLY : GSSCredential.INITIATE_ONLY)), kerberosTicket); - } - return new GSSKerberosCredential(manager.createCredential(name, requestLifetime, mechanismOids.toArray(new Oid[mechanismOids.size()]), - isServer ? GSSCredential.ACCEPT_ONLY : GSSCredential.INITIATE_ONLY), kerberosTicket); - }); - - } catch (LoginException e) { - if (failCache != 0) { - lastFailTime = System.currentTimeMillis(); - } - throw log.unableToPerformInitialLogin(e); - } catch (PrivilegedActionException e) { - if (e.getCause() instanceof GeneralSecurityException) { - throw (GeneralSecurityException) e.getCause(); - } - throw new GeneralSecurityException(e.getCause()); - } - } - - private static T doPrivileged(final PrivilegedAction action) { - return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run(); - } - - private void checkKeyTab() throws IOException { - KeyTab kt = KeyTab.getInstance(keyTab); - if (!kt.exists()) { - throw log.keyTabDoesNotExists(keyTab.getAbsolutePath()); - } - if (kt.getKeys(new KerberosPrincipal(principal)).length == 0) { - throw log.noKeysForPrincipalInKeyTab(principal, keyTab.getAbsolutePath()); - } - } - - private Configuration createConfiguration() throws IOException { - Map options = new HashMap<>(); - if (debug) { - options.put("debug", "true"); - } - options.put("principal", principal); - - options.put("storeKey", "true"); - options.put("useKeyTab", "true"); - if (keyTab != null) options.put("keyTab", keyTab.getAbsolutePath()); - options.put("isInitiator", (isServer && !obtainKerberosTicket) ? "false" : "true"); - - if (this.options != null) { - options.putAll(this.options); - } - - log.tracef("Created LoginContext configuration: %s", options.toString()); - - final AppConfigurationEntry[] aceArray = new AppConfigurationEntry[] { - new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options) - }; - - return new Configuration() { - - @Override - public AppConfigurationEntry[] getAppConfigurationEntry(String name) { - assert "KDC".equals(name); - return aceArray; - } - - }; - } - - private void assertNotBuilt() { - if (built) { - throw log.builderAlreadyBuilt(); - } - } - - } - - private static GSSCredential wrapCredential(final GSSCredential credential) { - return new GSSCredential() { - - @Override - public int getUsage(Oid mech) throws GSSException { - return credential.getUsage(mech); - } - - @Override - public int getUsage() throws GSSException { - return credential.getUsage(); - } - - @Override - public int getRemainingLifetime() throws GSSException { - return credential.getRemainingLifetime(); - } - - @Override - public int getRemainingInitLifetime(Oid mech) throws GSSException { - return credential.getRemainingInitLifetime(mech); - } - - @Override - public int getRemainingAcceptLifetime(Oid mech) throws GSSException { - return credential.getRemainingAcceptLifetime(mech); - } - - @Override - public GSSName getName(Oid mech) throws GSSException { - return credential.getName(mech); - } - - @Override - public GSSName getName() throws GSSException { - return credential.getName(); - } - - @Override - public Oid[] getMechs() throws GSSException { - return credential.getMechs(); - } - - @Override - public void dispose() throws GSSException { - // Prevent disposal of our credential. - } - - @Override - public void add(GSSName name, int initLifetime, int acceptLifetime, Oid mech, int usage) throws GSSException { - credential.add(name, initLifetime, acceptLifetime, mech, usage); - } - - }; - } -} diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1869b3bf5c7..af5c473b626 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -945,6 +945,8 @@ org.wildfly.security.auth.client.ElytronMessages_$logger + org.wildfly.security.auth.util.ElytronMessages_$logger + org.wildfly.security.auth.util.GSSCredentialSecurityFactory true From 70fde8c29cce67e1e7b836c1bf27277bfe82cb40 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 16:26:31 +0000 Subject: [PATCH 131/205] Bump hsqldb from 2.3.1 to 2.7.1 in /tests/base Bumps hsqldb from 2.3.1 to 2.7.1. --- updated-dependencies: - dependency-name: org.hsqldb:hsqldb dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- tests/base/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 19b82ac1e99..d1b23204005 100644 --- a/pom.xml +++ b/pom.xml @@ -81,7 +81,7 @@ 1.11 4.13.1 1.34 - 2.4.0 + 2.7.1 2.0.0 2.4.9 9.31 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 0570237d5af..14601d8e9ab 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -785,7 +785,7 @@ org.hsqldb hsqldb - 2.3.1 + 2.7.1 test From 3dd4b0d654c6f6955a3ebfc9db8e0e0603fd6eef Mon Sep 17 00:00:00 2001 From: Learner045 Date: Mon, 25 Sep 2023 21:49:14 -0400 Subject: [PATCH 132/205] [ELY-2627] Changed array copy logic --- .../org/wildfly/security/x500/util/X500PrincipalUtil.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/x500/base/src/main/java/org/wildfly/security/x500/util/X500PrincipalUtil.java b/x500/base/src/main/java/org/wildfly/security/x500/util/X500PrincipalUtil.java index 391d79a1c81..2ae2012821f 100644 --- a/x500/base/src/main/java/org/wildfly/security/x500/util/X500PrincipalUtil.java +++ b/x500/base/src/main/java/org/wildfly/security/x500/util/X500PrincipalUtil.java @@ -168,9 +168,7 @@ public static String[] getAttributeValues(X500Principal principal, String oid, b } } else { // The attribute values will be in reverse order - for (int i = 0; i < len; i++) { - result[i] = strings[i]; - } + System.arraycopy(strings, 0, result, 0, len); } return result; } From 0f955d7eb6aba47a29d9fd0974e5fc43a51bcc13 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Thu, 14 Mar 2024 17:26:50 +0000 Subject: [PATCH 133/205] [ELY-2379] Fix comment accidentally updated in prior change. --- .../main/java/org/wildfly/security/audit/FileAuditEndpoint.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java b/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java index c3e2632a621..303c52f25ff 100644 --- a/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java +++ b/audit/src/main/java/org/wildfly/security/audit/FileAuditEndpoint.java @@ -121,7 +121,7 @@ void write(String toWrite) throws IOException { * This method is NO-OP by default. It is intended to be overridden by subclasses * which need to perform some operation before every writing into the target local file. * - * This method can be invisFileSeted only in synchronization block surrounding one log message processing. + * This method can be invoked only in synchronization block surrounding one log message processing. * * @param instant time of the message acceptance */ From 3b848c2c4ae03a7bedfb14661487048e4dc5fa31 Mon Sep 17 00:00:00 2001 From: Diana Krepinska Date: Thu, 14 Mar 2024 18:24:54 +0100 Subject: [PATCH 134/205] [ELY-2723] Fix failures in SSLAuthenticationTestCase with SE 21 --- tests/base/pom.xml | 13 ++-- .../security/ssl/TestingOcspServer.java | 71 ++++++++++++------- 2 files changed, 49 insertions(+), 35 deletions(-) diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 0570237d5af..54eea70238f 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -54,6 +54,7 @@ 1.0.2 + 2.4.0-b180830.0438 @@ -770,15 +771,9 @@ test - com.sun.xml.bind - jaxb-core - 2.3.0 - test - - - com.sun.xml.bind - jaxb-impl - 2.3.0 + org.glassfish.jaxb + jaxb-runtime + ${version.org.glassfish.jaxb.jaxb-runtime} test diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TestingOcspServer.java b/tests/base/src/test/java/org/wildfly/security/ssl/TestingOcspServer.java index 81f641e08c5..027df60a885 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TestingOcspServer.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TestingOcspServer.java @@ -18,6 +18,7 @@ package org.wildfly.security.ssl; +import static java.nio.charset.StandardCharsets.UTF_8; import static org.mockserver.model.HttpRequest.request; import static org.mockserver.model.HttpResponse.response; @@ -42,6 +43,7 @@ import org.mockserver.integration.ClientAndServer; import org.mockserver.matchers.Times; import org.mockserver.model.Header; +import org.mockserver.model.HttpRequest; import org.mockserver.model.HttpResponse; import org.mockserver.model.NottableString; import org.wildfly.common.iteration.ByteIterator; @@ -126,32 +128,13 @@ public void start() throws Exception { .withMethod("POST") .withPath("/ocsp"), Times.unlimited()) - .respond(request -> { - ByteBuf buffer = Unpooled.wrappedBuffer(request.getBody().getRawBytes()); - FullHttpRequest nettyRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_0, HttpMethod.POST, request.getPath().getValue(), buffer); - for (Header header : request.getHeaderList()) { - for (NottableString value : header.getValues()) { - nettyRequest.headers().add(header.getName().getValue(), value.getValue()); - } - } - - FullHttpResponse nettyResponse; - try { - nettyResponse = servlet.service(nettyRequest, new ServletURI(request.getPath().getValue()), null, SslReverseProxyMode.NONE); - } catch (Exception e) { - throw new RuntimeException(e); - } - - HttpResponse response = response() - .withStatusCode(nettyResponse.status().code()) - .withBody(nettyResponse.content().array()); - - for (Map.Entry header : nettyResponse.headers()) { - response.withHeader(header.getKey(), header.getValue()); - } - - return response; - }); + .respond(request -> getHttpResponse(request, servlet)); + server.when( + request() + .withMethod("GET") + .withPath("/ocsp/.*"), + Times.unlimited()) + .respond(request -> getHttpResponse(request, servlet)); } public void stop() throws SQLException { @@ -198,4 +181,40 @@ public void revokeCertificate(int id, int reason) throws SQLException { statement.execute(); } + + + public HttpResponse getHttpResponse(HttpRequest request, HttpOcspServlet servlet){ + byte[] body; + HttpMethod method; + if (request.getBody() == null) { + method = HttpMethod.GET; + body = request.getPath().getValue().split("/ocsp/", 2)[1].getBytes(UTF_8); + } else { + method = HttpMethod.POST; + body = request.getBody().getRawBytes(); + } + ByteBuf buffer = Unpooled.wrappedBuffer(body); + FullHttpRequest nettyRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_0, method, request.getPath().getValue(), buffer); + for (Header header : request.getHeaderList()) { + for (NottableString value : header.getValues()) { + nettyRequest.headers().add(header.getName().getValue(), value.getValue()); + } + } + + FullHttpResponse nettyResponse; + try { + nettyResponse = servlet.service(nettyRequest, new ServletURI(request.getPath().getValue()), null, SslReverseProxyMode.NONE); + } catch (Exception e) { + throw new RuntimeException(e); + } + + HttpResponse response = response() + .withStatusCode(nettyResponse.status().code()) + .withBody(nettyResponse.content().array()); + + for (Map.Entry header : nettyResponse.headers()) { + response.withHeader(header.getKey(), header.getValue()); + } + return response; + } } \ No newline at end of file From 36b9fb62bbe191b4b96b5f0362a78036a7a6e416 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 14 Mar 2024 13:32:22 -0400 Subject: [PATCH 135/205] [ELY-2725] Update the modular.jdk.args used by the tests to get GssapiTestSuite passing with JDK 21 --- tests/base/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 0570237d5af..b55a5ea9508 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -799,7 +799,7 @@ - --add-modules java.sql --illegal-access=permit + --add-modules java.sql --illegal-access=permit --add-exports=jdk.security.jgss/com.sun.security.sasl.gsskerb=ALL-UNNAMED -Djdk.attach.allowAttachSelf=true From 4486de0f2a07c8e47983acc0169799da04041922 Mon Sep 17 00:00:00 2001 From: Nidhi Date: Fri, 22 Sep 2023 10:34:23 -0700 Subject: [PATCH 136/205] ELY-2638 : Simplify test assertions in SSLAuthenticationTest --- .../wildfly/security/ssl/SSLAuthenticationTest.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index d2365f39217..8666bf529f6 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -17,12 +17,12 @@ */ package org.wildfly.security.ssl; -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.fail; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertNotEquals; import static org.wildfly.security.ssl.test.util.CAGenerationTool.SIGNATURE_ALGORTHM; import static org.wildfly.security.x500.X500.OID_AD_OCSP; import static org.wildfly.security.x500.X500.OID_KP_OCSP_SIGNING; @@ -889,10 +889,10 @@ private void testCommunication(SSLContext serverContext, SSLContext clientContex } if (oneWay) { - assertFalse(clientSocket.getSession().getProtocol().equals("TLSv1.3")); // since TLS 1.3 is not enabled by default (ELY-1917) + assertNotEquals("TLSv1.3", clientSocket.getSession().getProtocol());// since TLS 1.3 is not enabled by default (ELY-1917) } else { - assertFalse(serverSocket.getSession().getProtocol().equals("TLSv1.3")); // since TLS 1.3 is not enabled by default - assertFalse(clientSocket.getSession().getProtocol().equals("TLSv1.3")); // since TLS 1.3 is not enabled by default + assertNotEquals("TLSv1.3", serverSocket.getSession().getProtocol()); // since TLS 1.3 is not enabled by default + assertNotEquals("TLSv1.3", clientSocket.getSession().getProtocol()); // since TLS 1.3 is not enabled by default } return received; } catch (Exception e) { From 184342ce124e6c24a5be7f6c0b1c6e2b94f89292 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 14 Mar 2024 15:52:59 -0400 Subject: [PATCH 137/205] [ELY-2726] Update AlternateSecurityManagerTest to be able to run with SE 21 --- .../wildfly/security/manager/AlternateSecurityManagerTest.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manager/base/src/test/java/org/wildfly/security/manager/AlternateSecurityManagerTest.java b/manager/base/src/test/java/org/wildfly/security/manager/AlternateSecurityManagerTest.java index c12f0d51329..c873a635f72 100644 --- a/manager/base/src/test/java/org/wildfly/security/manager/AlternateSecurityManagerTest.java +++ b/manager/base/src/test/java/org/wildfly/security/manager/AlternateSecurityManagerTest.java @@ -32,6 +32,7 @@ import java.util.Stack; import org.junit.After; +import org.junit.Assume; import org.junit.Before; import org.junit.Test; import org.wildfly.security.ParametricPrivilegedAction; @@ -84,6 +85,8 @@ public class AlternateSecurityManagerTest { @Before public void before() { + Assume.assumeTrue("Skipping AlternateSecurityManagerTest suite, tests are not being run on JDK 17 or lower.", + Integer.parseInt(System.getProperty("java.specification.version")) <= 17); AccessControlContext current = AccessController.getContext(); ProtectionDomain[] domains = getProtectionDomainStack(current); From 6399be965f7b0849e9aad2f8b137db39ee8cad09 Mon Sep 17 00:00:00 2001 From: Ivo Studensky Date: Thu, 29 Feb 2024 15:57:31 +0100 Subject: [PATCH 138/205] [ELY-2721] upgraded to ApacheDS AM27 and Apache Kerby KDC --- pom.xml | 17 ++--- tests/base/pom.xml | 10 +-- .../security/apacheds/LdapService.java | 1 - .../store/KeystorePasswordStoreTest.java | 2 +- .../security/ldap/DirContextFactoryRule.java | 1 - .../ldap/ModifiabilitySuiteChild.java | 2 +- .../wildfly/security/sasl/gssapi/TestKDC.java | 64 +++++++++---------- 7 files changed, 48 insertions(+), 49 deletions(-) diff --git a/pom.xml b/pom.xml index dd4eebaa9d2..66013304eb8 100644 --- a/pom.xml +++ b/pom.xml @@ -61,8 +61,9 @@ 1.6.0 4.0.1 3.14.0 - 2.0.0-M24 - 1.0.0 + 2.0.0.AM27 + 2.1.6 + 2.0.3 2.0.0-M3 1.0.0-M8 1.67 @@ -1071,12 +1072,6 @@ ${version.org.apache.directory.server} test - - org.apache.directory.server - apacheds-protocol-kerberos - ${version.org.apache.directory.server} - test - org.apache.directory.server apacheds-protocol-ldap @@ -1109,6 +1104,12 @@ + + org.apache.kerby + kerb-simplekdc + ${version.org.apache.kerby} + test + commons-io commons-io diff --git a/tests/base/pom.xml b/tests/base/pom.xml index d894887c815..e20e0391f24 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -642,11 +642,6 @@ apacheds-kerberos-codec test - - org.apache.directory.server - apacheds-protocol-kerberos - test - org.apache.directory.server apacheds-protocol-ldap @@ -658,6 +653,11 @@ + + org.apache.kerby + kerb-simplekdc + test + org.apache.directory.mavibot mavibot diff --git a/tests/base/src/test/java/org/wildfly/security/apacheds/LdapService.java b/tests/base/src/test/java/org/wildfly/security/apacheds/LdapService.java index 66405961cbd..6952fa783d2 100644 --- a/tests/base/src/test/java/org/wildfly/security/apacheds/LdapService.java +++ b/tests/base/src/test/java/org/wildfly/security/apacheds/LdapService.java @@ -143,7 +143,6 @@ public Builder addPartition(final String id, final String partitionName, final i for (String current : indexes) { partitionFactory.addIndex(partition, current, indexSize); } - partition.setCacheService(directoryService.getCacheService()); partition.initialize(); directoryService.addPartition(partition); diff --git a/tests/base/src/test/java/org/wildfly/security/credential/store/KeystorePasswordStoreTest.java b/tests/base/src/test/java/org/wildfly/security/credential/store/KeystorePasswordStoreTest.java index e040f146f1f..b0505bd12ab 100644 --- a/tests/base/src/test/java/org/wildfly/security/credential/store/KeystorePasswordStoreTest.java +++ b/tests/base/src/test/java/org/wildfly/security/credential/store/KeystorePasswordStoreTest.java @@ -34,7 +34,7 @@ import java.util.concurrent.locks.ReadWriteLock; import java.util.function.Supplier; -import org.apache.commons.lang.RandomStringUtils; +import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; diff --git a/tests/base/src/test/java/org/wildfly/security/ldap/DirContextFactoryRule.java b/tests/base/src/test/java/org/wildfly/security/ldap/DirContextFactoryRule.java index 8917941078b..d1dac5e6bca 100644 --- a/tests/base/src/test/java/org/wildfly/security/ldap/DirContextFactoryRule.java +++ b/tests/base/src/test/java/org/wildfly/security/ldap/DirContextFactoryRule.java @@ -94,7 +94,6 @@ private static void createStores(KeyStore localhostKeyStore, KeyStore scarabKeyS .addExtension(false, "BasicConstraints", "CA:true,pathlen:2147483647") .build(); X509Certificate issuerCertificate = issuerSelfSignedX509CertificateAndSigningKey.getSelfSignedCertificate(); - localhostKeyStore.setCertificateEntry("ca", issuerCertificate); trustStore.setCertificateEntry("mykey", issuerCertificate); // Generates certificate and keystore for Localhost diff --git a/tests/base/src/test/java/org/wildfly/security/ldap/ModifiabilitySuiteChild.java b/tests/base/src/test/java/org/wildfly/security/ldap/ModifiabilitySuiteChild.java index a42a8b3074e..0b29b35b41d 100644 --- a/tests/base/src/test/java/org/wildfly/security/ldap/ModifiabilitySuiteChild.java +++ b/tests/base/src/test/java/org/wildfly/security/ldap/ModifiabilitySuiteChild.java @@ -72,7 +72,7 @@ public static void createRealm() throws InvalidNameException { AttributeMapping.fromIdentity().from("sn").to("lastName").build(), AttributeMapping.fromIdentity().from("description").to("description").build(), AttributeMapping.fromIdentity().from("telephoneNumber").to("phones").build(), - AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={0}))").searchDn("ou=Finance,dc=elytron,dc=wildfly,dc=org").extractRdn("OU").to("businessArea").build()) + AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member=uid={0}))").searchDn("ou=Finance,dc=elytron,dc=wildfly,dc=org").extractRdn("OU").to("businessArea").build()) .setNewIdentityParent(new LdapName("dc=elytron,dc=wildfly,dc=org")) .setNewIdentityAttributes(attributes) .setIteratorFilter("(uid=*)") diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/gssapi/TestKDC.java b/tests/base/src/test/java/org/wildfly/security/sasl/gssapi/TestKDC.java index 88789b58e58..23fd54723d0 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/gssapi/TestKDC.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/gssapi/TestKDC.java @@ -26,7 +26,6 @@ import java.util.Map; import org.apache.directory.api.ldap.model.entry.DefaultEntry; -import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException; import org.apache.directory.api.ldap.model.ldif.LdifEntry; import org.apache.directory.api.ldap.model.ldif.LdifReader; import org.apache.directory.api.ldap.model.schema.SchemaManager; @@ -37,21 +36,21 @@ import org.apache.directory.server.core.factory.DirectoryServiceFactory; import org.apache.directory.server.core.factory.PartitionFactory; import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor; -import org.apache.directory.server.kerberos.KerberosConfig; -import org.apache.directory.server.kerberos.kdc.KdcServer; import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory; -import org.apache.directory.server.kerberos.shared.keytab.Keytab; -import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry; import org.apache.directory.server.ldap.LdapServer; import org.apache.directory.server.protocol.shared.transport.TcpTransport; import org.apache.directory.server.protocol.shared.transport.Transport; -import org.apache.directory.server.protocol.shared.transport.UdpTransport; -import org.apache.directory.shared.kerberos.KerberosTime; import org.apache.directory.shared.kerberos.codec.types.EncryptionType; import org.apache.directory.shared.kerberos.components.EncryptionKey; +import org.apache.kerby.kerberos.kerb.KrbException; +import org.apache.kerby.kerberos.kerb.keytab.Keytab; +import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry; +import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer; +import org.apache.kerby.kerberos.kerb.server.impl.DefaultInternalKdcServerImpl; +import org.apache.kerby.kerberos.kerb.type.KerberosTime; +import org.apache.kerby.kerberos.kerb.type.base.PrincipalName; import org.jboss.logging.Logger; -import javax.security.auth.kerberos.KerberosPrincipal; /** * Utility class to wrap starting and stopping of the directory server and the KDC. @@ -63,7 +62,7 @@ public class TestKDC { private static Logger log = Logger.getLogger(TestKDC.class); private File workingDir; private DirectoryService directoryService; - private KdcServer kdcServer; + private SimpleKdcServer kdcServer; private String originalConfig; private boolean exposeLdapServer; private LdapServer ldapServer; @@ -117,7 +116,6 @@ private static void createPartition(final DirectoryServiceFactory dsf, final Sch for (String current : indexAttributes) { pf.addIndex(p, current, 10); } - p.setCacheService(directoryService.getCacheService()); p.initialize(); directoryService.addPartition(p); } @@ -156,27 +154,24 @@ public void startKDC() { File configPath = new File(TestKDC.class.getResource("/krb5.conf").getFile()); originalConfig = System.setProperty("java.security.krb5.conf", configPath.getAbsolutePath()); - KdcServer kdcServer = new KdcServer(); - kdcServer.setServiceName("TestKDCServer"); - kdcServer.setSearchBaseDn("dc=wildfly,dc=org"); - KerberosConfig config = kdcServer.getConfig(); - config.setServicePrincipal("krbtgt/WILDFLY.ORG@WILDFLY.ORG"); - config.setPrimaryRealm("WILDFLY.ORG"); - config.setMaximumTicketLifetime(60000 * 1440); - config.setMaximumRenewableLifetime(60000 * 10080); - - config.setPaEncTimestampRequired(false); + try { + SimpleKdcServer kdcServer = new SimpleKdcServer(); + kdcServer.setKdcRealm("WILDFLY.ORG"); + kdcServer.setKdcHost("localhost"); + kdcServer.setInnerKdcImpl(new DefaultInternalKdcServerImpl(kdcServer.getKdcSetting())); + kdcServer.setAllowUdp(true); + kdcServer.setKdcUdpPort(6088); - UdpTransport udp = new UdpTransport("localhost", 6088); - kdcServer.addTransports(udp); + kdcServer.init(); - kdcServer.setDirectoryService(directoryService); + kdcServer.createPrincipal("sasl/test_server_1@WILDFLY.ORG", "servicepwd"); + kdcServer.createPrincipal("sasl/test_server_2@WILDFLY.ORG", "servicepwd"); + kdcServer.createPrincipal("jduke@WILDFLY.ORG", "theduke"); - // Launch the server - try { + // Launch the server kdcServer.start(); this.kdcServer = kdcServer; - } catch (IOException | LdapInvalidDnException e) { + } catch (KrbException e) { throw new IllegalStateException("Unable to start KDC", e); } } @@ -186,7 +181,11 @@ private void stopKDC() { return; } - kdcServer.stop(); + try { + kdcServer.stop(); + } catch (KrbException e) { + throw new IllegalStateException("Unable to stop KDC", e); + } kdcServer = null; if (originalConfig != null) { @@ -232,7 +231,7 @@ public void stopAll() { public String generateKeyTab(String keyTabFileName, String... credentials) { log.debug("Generating keytab: " + keyTabFileName); List entries = new ArrayList<>(); - KerberosTime ktm = new KerberosTime(); + KerberosTime ktm = KerberosTime.now(); for (int i = 0; i < credentials.length;) { String principal = credentials[i++]; @@ -242,15 +241,16 @@ public String generateKeyTab(String keyTabFileName, String... credentials) { .entrySet()) { EncryptionKey key = keyEntry.getValue(); log.debug("Adding key=" + key + " for principal=" + principal); - entries.add(new KeytabEntry(principal, KerberosPrincipal.KRB_NT_PRINCIPAL, ktm, (byte) key.getKeyVersion(), key)); + entries.add(new KeytabEntry(new PrincipalName(principal), ktm, key.getKeyVersion(), + new org.apache.kerby.kerberos.kerb.type.base.EncryptionKey(key.getKeyType().getValue(), key.getKeyValue(), key.getKeyVersion()))); } } - Keytab keyTab = Keytab.getInstance(); - keyTab.setEntries(entries); + Keytab keyTab = new Keytab(); + keyTab.addKeytabEntries(entries); try { File keyTabFile = new File(workingDir, keyTabFileName); - keyTab.write(keyTabFile); + keyTab.store(keyTabFile); return keyTabFile.getAbsolutePath(); } catch (IOException e) { throw new IllegalStateException("Cannot create keytab: " + keyTabFileName, e); From 448ac169b94af9c68855134478ae0d47bf4545ec Mon Sep 17 00:00:00 2001 From: Hisanobu Okuda Date: Fri, 14 Apr 2023 16:16:55 +0900 Subject: [PATCH 139/205] [ELY-2545] referral-mode="ignore" and filter-base-dn=rootDN cause javax.naming.PartialResultException --- .../auth/realm/ldap/LdapSecurityRealm.java | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/LdapSecurityRealm.java b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/LdapSecurityRealm.java index c5d83f14c1f..a805753057a 100644 --- a/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/LdapSecurityRealm.java +++ b/auth/realm/ldap/src/main/java/org/wildfly/security/auth/realm/ldap/LdapSecurityRealm.java @@ -54,6 +54,7 @@ import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; +import javax.naming.PartialResultException; import javax.naming.ReferralException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; @@ -1083,7 +1084,7 @@ public boolean tryAdvance(Consumer action) { throw referralException; } - if ( ! result.hasMore()) { // end of page + if ( ! hasMore(result)) { // end of page if ( ! (pageSize != 0 && context instanceof LdapContext) ) { log.trace("Identity iterating - pagination not supported - end of list"); finished = true; @@ -1105,7 +1106,7 @@ public boolean tryAdvance(Consumer action) { result.close(); result = searchWithPagination(); - if ( ! result.hasMore()) { + if ( ! hasMore(result)) { log.trace("Identity iterating - even after page loading no results - end of list"); finished = true; return false; // no more elements @@ -1219,6 +1220,22 @@ private SearchControls createSearchControls() { private DirContext getContext() { return context; } + + /* + * wrapper of NamingEnumeration#hasMore() to ignore PartialResultException when referral-mode=ignore + */ + private boolean hasMore(NamingEnumeration result) throws PartialResultException, NamingException { + try { + return result.hasMore(); + } catch (PartialResultException e) { + if (getContext().getEnvironment().get(DirContext.REFERRAL).equals("ignore")) { + log.trace("Ignored PartialResultException with referral-mode=ignore: " + e.toString(false)); + return false; + } else { + throw e; + } + } + } } static class IdentityMapping { From 79e89525f14b22f66731e2a7dfa8c5223805e769 Mon Sep 17 00:00:00 2001 From: dvilkola Date: Mon, 30 Mar 2020 19:06:35 +0200 Subject: [PATCH 140/205] [ELY-1996] [Community] SSLContext to support delegation to alternate instances based on peer information. --- ELY_Messages.txt | 2 +- auth/client/pom.xml | 1 - .../auth/client/AuthenticationContext.java | 4 + ...henticationContextConfigurationClient.java | 38 ++ dynamic-ssl/pom.xml | 76 +++ .../dynamic/ssl/DynamicSSLContext.java | 54 +++ .../ssl/DynamicSSLContextException.java | 42 ++ .../dynamic/ssl/DynamicSSLContextImpl.java | 91 ++++ .../dynamic/ssl/DynamicSSLContextSPI.java | 52 ++ .../dynamic/ssl/DynamicSSLContextSpiImpl.java | 145 ++++++ .../dynamic/ssl/DynamicSSLSocketFactory.java | 160 ++++++ .../security/dynamic/ssl/ElytronMessages.java | 77 +++ .../dynamic/ssl/DynamicSSLContextTest.java | 454 ++++++++++++++++++ .../dynamic/ssl/DynamicSSLTestUtils.java | 214 +++++++++ .../ssl/SSLServerSocketTestInstance.java | 138 ++++++ ...ic-ssl-test-without-default-sslcontext.xml | 92 ++++ .../ssl/wildfly-config-dynamic-ssl-test.xml | 114 +++++ pom.xml | 6 + tests/base/pom.xml | 5 + wildfly-elytron/pom.xml | 9 + 20 files changed, 1772 insertions(+), 2 deletions(-) create mode 100644 dynamic-ssl/pom.xml create mode 100644 dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java create mode 100644 dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextException.java create mode 100644 dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextImpl.java create mode 100644 dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSPI.java create mode 100644 dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSpiImpl.java create mode 100644 dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLSocketFactory.java create mode 100644 dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/ElytronMessages.java create mode 100644 dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java create mode 100644 dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java create mode 100644 dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java create mode 100644 dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml create mode 100644 dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml diff --git a/ELY_Messages.txt b/ELY_Messages.txt index e3ecb9c83ef..00c3b509d31 100644 --- a/ELY_Messages.txt +++ b/ELY_Messages.txt @@ -126,7 +126,7 @@ 24000 - 24999 wildfly-elytron-jose-jwk 25000 - 25999 wildfly-elytron-jose-jws 26000 - 26999 wildfly-elytron-jose-util -27000 - 27999 +27000 - 27999 wildfly-elytron-dynamic-ssl 28000 - 28999 29000 - 29999 30000 - 30999 diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 36c5bd6a967..e073d0d1b22 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -76,7 +76,6 @@ org.wildfly.security wildfly-elytron-ssh-util - org.jboss.logging jboss-logging-annotations diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContext.java b/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContext.java index ba7e75a22bf..aadc6c7b8eb 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContext.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContext.java @@ -361,6 +361,10 @@ public T runAsSupplierEx(ExceptionSupplier action return runExFunction(ExceptionSupplier::get, action); } + RuleNode> getSslRules() { + return this.sslRules; + } + public ContextManager getInstanceContextManager() { return getContextManager(); } diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.java b/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.java index e1519a79179..c0f915766c8 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.java @@ -30,7 +30,9 @@ import java.security.Principal; import java.security.PrivilegedAction; import java.security.Provider; +import java.util.ArrayList; import java.util.Collection; +import java.util.List; import java.util.function.Supplier; import java.util.function.UnaryOperator; @@ -196,6 +198,42 @@ private static AuthenticationConfiguration initializeConfiguration(final URI uri return configuration; } + /** + * Get all SSL contexts configured for this authentication context. + * + * @param authenticationContext the authentication context to examine (must not be {@code null}) + * @return List of all configured SSL contexts belonging to the provided authentication context + */ + public List getConfiguredSSLContexts(AuthenticationContext authenticationContext) throws GeneralSecurityException { + Assert.checkNotNullParam("authenticationContext", authenticationContext); + List sslContexts = new ArrayList<>(); + RuleNode> node = authenticationContext.getSslRules(); + while (node != null) { + sslContexts.add(node.getConfiguration().create()); + node = node.getNext(); + } + return sslContexts; + } + + /** + * Get the default SSL context that should be used when no other rules match, or {@link SSLContext#getDefault()} if there is none configured. + * + * @param authenticationContext the authentication context to examine (must not be {@code null}) + * @return the default SSL context configured if no other rules match + */ + public SSLContext getDefaultSSLContext(AuthenticationContext authenticationContext) throws GeneralSecurityException { + Assert.checkNotNullParam("authenticationContext", authenticationContext); + SSLContext defaultSSLContext = null; + RuleNode> node = authenticationContext.getSslRules(); + while (node != null) { + if (node.getRule().equals(MatchRule.ALL)) { + defaultSSLContext = node.getConfiguration().create(); + } + node = node.getNext(); + } + return defaultSSLContext == null ? SSLContext.getDefault() : defaultSSLContext; + } + /** * Get the configured SSL context which matches ALL rules from provided AuthenticationContext, or {@link SSLContext#getDefault()} if there is none. * diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml new file mode 100644 index 00000000000..69c243af447 --- /dev/null +++ b/dynamic-ssl/pom.xml @@ -0,0 +1,76 @@ + + + + org.wildfly.security + wildfly-elytron-parent + 2.3.2.CR1-SNAPSHOT + + + 4.0.0 + + wildfly-elytron-dynamic-ssl + + WildFly Elytron - Dynamic SSL + WildFly Security Dynamic SSL Implementation + + + org.jboss.logging + jboss-logging-annotations + provided + + + org.jboss.logging + jboss-logging + provided + + + org.jboss.logging + jboss-logging-processor + provided + + + org.jboss.logmanager + jboss-logmanager + provided + + + org.wildfly.security + wildfly-elytron-client + + + org.kohsuke.metainf-services + metainf-services + provided + + + org.wildfly.common + wildfly-common + compile + + + + + junit + junit + test + + + + com.squareup.okhttp3 + mockwebserver + test + + + org.mock-server + mockserver-netty + test + + + org.wildfly.client + wildfly-client-config + test + + + diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java new file mode 100644 index 00000000000..1fcbf93a024 --- /dev/null +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java @@ -0,0 +1,54 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.dynamic.ssl; + +import javax.net.ssl.SSLContext; +import java.security.NoSuchAlgorithmException; + +/** + * SSLContext that resolves which SSLContext to use based on peer's host and port information. + * + * @author Diana Krepinska + */ +public final class DynamicSSLContext extends SSLContext { + + private static SSLContext resolverSSLContext(DynamicSSLContextSPI dynamicSSLContextSPIImpl) throws NoSuchAlgorithmException, DynamicSSLContextException { + return dynamicSSLContextSPIImpl.getConfiguredDefault() == null ? + SSLContext.getDefault() : dynamicSSLContextSPIImpl.getConfiguredDefault(); + } + + /** + * This constructor uses ServiceLoader to find provider of DynamicSSLContextSPI on classpath. + */ + public DynamicSSLContext() throws NoSuchAlgorithmException { + // this does not use provider and protocol from DynamicSSLContextSPI implementation found on classpath + // to avoid this ServiceLoader.load would have to be called 3 times in separate static method + super(new DynamicSSLContextSpiImpl(), SSLContext.getDefault().getProvider(), SSLContext.getDefault().getProtocol()); + } + + /** + * This constructor uses received DynamicSSLContextSPI implementation or finds it on classpath if received is null. + * + * @param dynamicSSLContextSPIImpl DynamicSSLContextSPI implementation to use. If null then ServiceLoader is used to locate it on classpath. + */ + public DynamicSSLContext(DynamicSSLContextSPI dynamicSSLContextSPIImpl) throws NoSuchAlgorithmException, DynamicSSLContextException { + super(new DynamicSSLContextSpiImpl(dynamicSSLContextSPIImpl), + resolverSSLContext(dynamicSSLContextSPIImpl).getProvider(), + resolverSSLContext(dynamicSSLContextSPIImpl).getProtocol()); + } +} diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextException.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextException.java new file mode 100644 index 00000000000..a47dbea76b0 --- /dev/null +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextException.java @@ -0,0 +1,42 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.dynamic.ssl; + +/** + * Exception to indicate a failure related to the DynamicSSLContext. + * + * @author Diana Krepinska + */ +public class DynamicSSLContextException extends Exception { + private static final long serialVersionUID = 894798122053539237L; + + public DynamicSSLContextException() { + } + + public DynamicSSLContextException(String msg) { + super(msg); + } + + public DynamicSSLContextException(String message, Throwable cause) { + super(message, cause); + } + + public DynamicSSLContextException(Throwable cause) { + super(cause); + } +} diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextImpl.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextImpl.java new file mode 100644 index 00000000000..153f59c5a0d --- /dev/null +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextImpl.java @@ -0,0 +1,91 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.dynamic.ssl; + +import org.kohsuke.MetaInfServices; +import org.wildfly.security.auth.client.AuthenticationContext; +import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient; + +import javax.net.ssl.SSLContext; +import java.net.URI; +import java.security.AccessController; +import java.security.GeneralSecurityException; +import java.security.PrivilegedAction; +import java.util.List; + +import static org.wildfly.common.Assert.checkNotNullParam; + +/** + * Elytron client implementation of DynamicSSLContextSPI. It uses configuration from either provided instance of AuthenticationContext + * or from current AuthenticationContext if a configuration was not provided. + * + * @author Diana Krepinska (Vilkolakova) + */ +@MetaInfServices(value = DynamicSSLContextSPI.class) +public class DynamicSSLContextImpl implements DynamicSSLContextSPI { + + private final AuthenticationContextConfigurationClient AUTH_CONTEXT_CLIENT = + AccessController.doPrivileged((PrivilegedAction) AuthenticationContextConfigurationClient::new); + private AuthenticationContext authenticationContext; + private SSLContext configuredDefaultSSLContext; + private List configuredSSLContexts; + + public DynamicSSLContextImpl() throws GeneralSecurityException { + } + + public DynamicSSLContextImpl(AuthenticationContext authenticationContext) throws GeneralSecurityException { + checkNotNullParam("authenticationContext", authenticationContext); + this.authenticationContext = authenticationContext; + this.configuredSSLContexts = AUTH_CONTEXT_CLIENT.getConfiguredSSLContexts(authenticationContext); + this.configuredDefaultSSLContext = AUTH_CONTEXT_CLIENT.getDefaultSSLContext(authenticationContext); + } + + @Override + public SSLContext getConfiguredDefault() throws DynamicSSLContextException { + if (this.configuredDefaultSSLContext != null) { + return this.configuredDefaultSSLContext; + } + try { + return AUTH_CONTEXT_CLIENT.getDefaultSSLContext(AuthenticationContext.captureCurrent()); + } catch (GeneralSecurityException e) { + throw ElytronMessages.log.cannotObtainDefaultSSLContext(e); + } + } + + @Override + public List getConfiguredSSLContexts() throws DynamicSSLContextException { + if (this.configuredSSLContexts != null) { + return this.configuredSSLContexts; + } + try { + return AUTH_CONTEXT_CLIENT.getConfiguredSSLContexts(AuthenticationContext.captureCurrent()); + } catch (GeneralSecurityException e) { + throw ElytronMessages.log.cannotObtainConfiguredSSLContexts(e); + } + } + + @Override + public SSLContext getSSLContext(URI uri) throws DynamicSSLContextException { + try { + return AUTH_CONTEXT_CLIENT.getSSLContext(uri, authenticationContext == null ? AuthenticationContext.captureCurrent() : authenticationContext); + } catch (GeneralSecurityException e) { + throw ElytronMessages.log.cannotObtainSSLContextForGivenURI(e); + } + } +} diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSPI.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSPI.java new file mode 100644 index 00000000000..91985a60fe3 --- /dev/null +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSPI.java @@ -0,0 +1,52 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.dynamic.ssl; + +import javax.net.ssl.SSLContext; +import java.net.URI; +import java.util.List; + +/** + * This interface provides configuration that is used by DynamicSSLContext. + * + * @author Diana Krepinska + */ +public interface DynamicSSLContextSPI { + + /** + * Get SSLContext that will be used as a default, eg. when no URI is provided. + * + * @return configured default SSLContext + */ + SSLContext getConfiguredDefault() throws DynamicSSLContextException; + + /** + * Get list of all configured SSLContexts. This is used to obtain cipher suites supported by all SSLContexts. + * + * @return list of all configured SSLContexts + */ + List getConfiguredSSLContexts() throws DynamicSSLContextException; + + /** + * Get the SSLContext that matches the given URI. + * + * @return SSLContext that matches the given URI + */ + SSLContext getSSLContext(URI uri) throws DynamicSSLContextException; +} diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSpiImpl.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSpiImpl.java new file mode 100644 index 00000000000..d3085b96366 --- /dev/null +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSpiImpl.java @@ -0,0 +1,145 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.dynamic.ssl; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLContextSpi; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSessionContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import java.net.URI; +import java.net.URISyntaxException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.Iterator; +import java.util.ServiceLoader; + +/** + * SSLContextSpi that uses ServiceLoader to find implementations of DynamicSSLContextSPI. + * DynamicSSLContextSPI implementation is being used to obtain authentication configuration for DynamicSSLContext. + * if no provider is found then SSLContext.getDefault() is used. + * + * @author Diana Krepinska + */ +final class DynamicSSLContextSpiImpl extends SSLContextSpi { + + private final DynamicSSLContextSPI dynamicSSLContextImpl; + private volatile SSLSocketFactory sslSocketFactory; + + DynamicSSLContextSpiImpl() { + this(null); + } + + DynamicSSLContextSpiImpl(DynamicSSLContextSPI dynamicSSLContextSPIImpl) { + if (dynamicSSLContextSPIImpl != null) { + dynamicSSLContextImpl = dynamicSSLContextSPIImpl; + } else { + Iterator dynamicSSLContextSPIIterator = ServiceLoader.load(DynamicSSLContextSPI.class).iterator(); + if (dynamicSSLContextSPIIterator.hasNext()) { + dynamicSSLContextImpl = dynamicSSLContextSPIIterator.next(); + } else { + dynamicSSLContextImpl = null; + } + } + } + + private SSLContext getConfiguredDefaultSSLContext() { + try { + if (dynamicSSLContextImpl != null) { + SSLContext configuredDefault = dynamicSSLContextImpl.getConfiguredDefault(); + if (configuredDefault != null) { + return configuredDefault; + } + } + return SSLContext.getDefault(); + } catch (NoSuchAlgorithmException | DynamicSSLContextException e) { + throw ElytronMessages.log.cannotObtainConfiguredDefaultSSLContext(); + } + } + + @Override + protected void engineInit(KeyManager[] keyManagers, TrustManager[] trustManagers, SecureRandom secureRandom) { + // initialization of SSL context is delegated to providers of {@link org.wildfly.security.dynamic.ssl.DynamicSSLContextSPI} + } + + @Override + protected SSLSocketFactory engineGetSocketFactory() { + if (dynamicSSLContextImpl == null) { + return this.getConfiguredDefaultSSLContext().getSocketFactory(); + } + if (sslSocketFactory == null) { + synchronized (this) { + if (sslSocketFactory == null) { + sslSocketFactory = new DynamicSSLSocketFactory(this.getConfiguredDefaultSSLContext().getSocketFactory(), dynamicSSLContextImpl); + } + } + } + return sslSocketFactory; + } + + @Override + protected SSLServerSocketFactory engineGetServerSocketFactory() { + return this.getConfiguredDefaultSSLContext().getServerSocketFactory(); + } + + @Override + protected SSLEngine engineCreateSSLEngine() { + return this.getConfiguredDefaultSSLContext().createSSLEngine(); + } + + @Override + protected SSLEngine engineCreateSSLEngine(String host, int port) throws IllegalStateException { + try { + if (dynamicSSLContextImpl == null) { + return this.getConfiguredDefaultSSLContext().createSSLEngine(host, port); + } + SSLContext sslContext = dynamicSSLContextImpl + .getSSLContext(new URI(null, null, host, port, null, null, null)); + if (sslContext == null) { + throw ElytronMessages.log.receivedSSLContextFromDynamicSSLContextProviderWasNull(); + } + if (sslContext instanceof DynamicSSLContext && sslContext.getSocketFactory().equals(this.engineGetSocketFactory())) { + throw ElytronMessages.log.dynamicSSLContextCreatesLoop(); + } + return sslContext.createSSLEngine(host, port); + } catch (URISyntaxException e) { + throw ElytronMessages.log.couldNotCreateURI(); + } catch (DynamicSSLContextException e) { + throw ElytronMessages.log.couldNotCreateDynamicSSLContextEngine(); + } + } + + @Override + protected SSLSessionContext engineGetServerSessionContext() { + throw new UnsupportedOperationException(ElytronMessages.log.dynamicSSLContextDoesNotSupportSessions()); + } + + @Override + protected SSLSessionContext engineGetClientSessionContext() { + throw new UnsupportedOperationException(ElytronMessages.log.dynamicSSLContextDoesNotSupportSessions()); + } + + @Override + protected SSLParameters engineGetSupportedSSLParameters() { + return this.getConfiguredDefaultSSLContext().getSupportedSSLParameters(); + } +} diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLSocketFactory.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLSocketFactory.java new file mode 100644 index 00000000000..a06badab0ce --- /dev/null +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLSocketFactory.java @@ -0,0 +1,160 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.dynamic.ssl; + +import org.wildfly.common.Assert; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * SSLSocketFactory that is being used by DynamicSSLContext. + * + * @author Diana Krepinska + */ +final class DynamicSSLSocketFactory extends SSLSocketFactory { + + private DynamicSSLContextSPI dynamicSSLContextImpl; + private volatile String[] intersectionCipherSuite; + private SSLSocketFactory configuredDefaultSslSocketFactory; + + DynamicSSLSocketFactory(SSLSocketFactory configuredDefaultSslSocketFactory, DynamicSSLContextSPI dynamicSSLContextImpl) { + super(); + Assert.assertNotNull(configuredDefaultSslSocketFactory); + Assert.assertNotNull(dynamicSSLContextImpl); + this.configuredDefaultSslSocketFactory = configuredDefaultSslSocketFactory; + this.dynamicSSLContextImpl = dynamicSSLContextImpl; + } + + @Override + public Socket createSocket() throws IOException { + return configuredDefaultSslSocketFactory.createSocket(); + } + + @Override + public Socket createSocket(InetAddress address, int port) throws IOException { + return createSocketBasedOnPeerInfo(null, port, address, null, null, null, null); + } + + @Override + public Socket createSocket(String host, int port) throws IOException { + return createSocketBasedOnPeerInfo(host, port, null, null, null, null, null); + } + + @Override + public Socket createSocket(String host, int port, InetAddress localAddress, int localPort) throws IOException { + return createSocketBasedOnPeerInfo(host, port, null, localAddress, localPort, null, null); + } + + @Override + public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { + return createSocketBasedOnPeerInfo(null, port, address, localAddress, localPort, null, null); + } + + @Override + public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException { + return createSocketBasedOnPeerInfo(host, port, null, null, null, socket, autoClose); + } + + @Override + public String[] getDefaultCipherSuites() { + return configuredDefaultSslSocketFactory.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + String[] val = intersectionCipherSuite; + if (val == null) { + synchronized (this) { + val = intersectionCipherSuite; + if (intersectionCipherSuite == null) { + val = intersectionCipherSuite = getIntersection(); + } + } + } + return val; + } + + private Socket createSocketBasedOnPeerInfo(String hostname, Integer port, InetAddress address, InetAddress localAddress, Integer localPort, Socket socket, Boolean autoClose) throws IOException { + try { + SSLContext sslContext = this.dynamicSSLContextImpl.getSSLContext(new URI(null, null, hostname == null ? address.getHostName() : hostname, port, null, null, null)); + if (sslContext == null) { + throw ElytronMessages.log.configuredSSLContextIsNull(); + } + SSLSocketFactory socketFactory = sslContext.getSocketFactory(); + if (socketFactory instanceof DynamicSSLSocketFactory && socketFactory.equals(this)) { + throw ElytronMessages.log.dynamicSSLContextCreatesLoop(); + } + // resolve socket + if (socket != null && autoClose != null) { + return socketFactory.createSocket(socket, hostname, port, autoClose); + } + + // resolves InetAddresses callbacks + if (address != null) { + return localAddress == null ? + socketFactory.createSocket(address, port) : socketFactory.createSocket(address, port, localAddress, localPort); + } + if (localAddress != null && localPort != null) { + return socketFactory.createSocket(hostname, port, localAddress, localPort); + } + return socketFactory.createSocket(hostname, port); + } catch (URISyntaxException e) { + throw new UnknownHostException(e.getMessage()); + } catch (DynamicSSLContextException e) { + throw new IOException(e); + } + } + + private String[] getIntersection() { + List sslContexts; + try { + sslContexts = dynamicSSLContextImpl.getConfiguredSSLContexts(); + } catch (DynamicSSLContextException e) { + throw ElytronMessages.log.unableToGetConfiguredSSLContexts(); + } + if (sslContexts == null) { + throw ElytronMessages.log.configuredSSLContextsAreNull(); + } + Map counts = new HashMap<>(); + List intersection = new ArrayList<>(); + sslContexts.forEach(c -> { + String[] cipherSuites = c.getSocketFactory().getSupportedCipherSuites(); + for (String cipherSuite : cipherSuites) { + counts.merge(cipherSuite, 1, (a, b) -> a + b); + } + }); + List finalSslContexts = sslContexts; + counts.forEach((c, v) -> { + if (finalSslContexts.size() == v) { + intersection.add(c); + } + }); + return intersection.toArray(new String[0]); + } +} diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/ElytronMessages.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/ElytronMessages.java new file mode 100644 index 00000000000..feab5f75ee2 --- /dev/null +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/ElytronMessages.java @@ -0,0 +1,77 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.dynamic.ssl; + +import org.jboss.logging.BasicLogger; +import org.jboss.logging.Logger; +import org.jboss.logging.annotations.Cause; +import org.jboss.logging.annotations.Message; +import org.jboss.logging.annotations.MessageLogger; +import org.jboss.logging.annotations.ValidIdRange; +import org.jboss.logging.annotations.ValidIdRanges; + +/** + * Log messages and exceptions for Elytron. + * + * @author David M. Lloyd + * @author Darran Lofthouse + */ +@MessageLogger(projectCode = "ELY", length = 5) +@ValidIdRanges({ + @ValidIdRange(min = 21000, max = 21999) +}) +interface ElytronMessages extends BasicLogger { + + ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security"); + + @Message(id = 21000, value = "DynamicSSLContext creates loop") + IllegalStateException dynamicSSLContextCreatesLoop(); + + @Message(id = 21001, value = "Received SSLContext from DynamicSSLContextProvider was null") + IllegalStateException receivedSSLContextFromDynamicSSLContextProviderWasNull(); + + @Message(id = 21002, value = "Dynamic SSLContext does not support sessions") + UnsupportedOperationException dynamicSSLContextDoesNotSupportSessions(); + + @Message(id = 21003, value = "Provider for DynamicSSLContextSPI threw an exception when getting configured SSLContexts") + IllegalStateException unableToGetConfiguredSSLContexts(); + + @Message(id = 21004, value = "Provider for DynamicSSLContextSPI returned null configured SSLContexts") + IllegalStateException configuredSSLContextsAreNull(); + + @Message(id = 21005, value = "Cannot obtain default SSLContext from DynamicSSLContext implementation") + IllegalStateException cannotObtainConfiguredDefaultSSLContext(); + + @Message(id = 21006, value = "Could not create URI from host and port") + IllegalStateException couldNotCreateURI(); + + @Message(id = 21007, value = "Could not create dynamic ssl context engine") + IllegalStateException couldNotCreateDynamicSSLContextEngine(); + + @Message(id = 21008, value = "Provider for DynamicSSLContextSPI returned null SSLContext") + IllegalStateException configuredSSLContextIsNull(); + + @Message(id = 21009, value = "Obtaining of the default SSLContext from current authentication context resulted in exception.") + DynamicSSLContextException cannotObtainDefaultSSLContext(@Cause Throwable cause); + + @Message(id = 21010, value = "Obtaining of all configured SSLContexts from current authentication context resulted in exception.") + DynamicSSLContextException cannotObtainConfiguredSSLContexts(@Cause Throwable cause); + + @Message(id = 21011, value = "Obtaining of the SSLContext from current authentication context and provided URI resulted in exception.") + DynamicSSLContextException cannotObtainSSLContextForGivenURI(@Cause Throwable cause); +} diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java new file mode 100644 index 00000000000..cd74cba609f --- /dev/null +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java @@ -0,0 +1,454 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.dynamic.ssl; + +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.wildfly.security.auth.client.AuthenticationContext; +import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient; +import org.wildfly.security.auth.client.ElytronXmlParser; +import org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException; +import org.wildfly.security.auth.client.MatchRule; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.PrintWriter; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.net.SocketException; +import java.net.URL; +import java.security.AccessController; +import java.security.GeneralSecurityException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivilegedAction; +import java.security.cert.CertificateException; + +import static java.security.AccessController.doPrivileged; +import static org.wildfly.security.dynamic.ssl.SSLServerSocketTestInstance.ServerThread.STATUS_OK; + +/** + * Functional tests of DynamicSSLContext. + * + * @author Diana Krepinska (Vilkolakova) + */ +public class DynamicSSLContextTest { + static final String RESOURCES = "./target/keystores/"; + private static org.wildfly.security.dynamic.ssl.SSLServerSocketTestInstance sslServerSocketTestInstancePort10001; + private static org.wildfly.security.dynamic.ssl.SSLServerSocketTestInstance sslServerSocketTestInstancePort10002; + private static org.wildfly.security.dynamic.ssl.SSLServerSocketTestInstance sslServerSocketTestInstancePort10003; + private static org.wildfly.security.dynamic.ssl.SSLServerSocketTestInstance sslServerSocketTestInstancePort10000Default; + + @BeforeClass + public static void before() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { + DynamicSSLTestUtils.createKeystores(); + sslServerSocketTestInstancePort10001 = new SSLServerSocketTestInstance(RESOURCES + "server1.keystore.jks", RESOURCES + "server1.truststore.jks", 10001); + sslServerSocketTestInstancePort10002 = new SSLServerSocketTestInstance(RESOURCES + "server2.keystore.jks", RESOURCES + "server2.truststore.jks", 10002); + sslServerSocketTestInstancePort10003 = new SSLServerSocketTestInstance(RESOURCES + "server3.keystore.jks", RESOURCES + "server3.truststore.jks", 10003); + sslServerSocketTestInstancePort10000Default = new SSLServerSocketTestInstance(RESOURCES + "default-server.keystore.jks", RESOURCES + "default-server.truststore.jks", 10000); + + sslServerSocketTestInstancePort10001.run(); + sslServerSocketTestInstancePort10002.run(); + sslServerSocketTestInstancePort10003.run(); + sslServerSocketTestInstancePort10000Default.run(); + } + + @AfterClass + public static void after() { + sslServerSocketTestInstancePort10001.stop(); + sslServerSocketTestInstancePort10002.stop(); + sslServerSocketTestInstancePort10003.stop(); + sslServerSocketTestInstancePort10000Default.stop(); + org.wildfly.security.dynamic.ssl.DynamicSSLTestUtils.deleteKeystores(); + } + + @Test + public void smokeTestWith4Servers() throws NoSuchAlgorithmException { + SSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml").run(() -> { + try { + SSLSocket clientSslSocket1 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10001); + clientSslSocket1.setUseClientMode(true); + clientSslSocket1.setReuseAddress(true); + checkOutputIsOK(clientSslSocket1); + clientSslSocket1.close(); + + SSLSocket clientSslSocket2 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10002); + clientSslSocket2.setReuseAddress(true); + checkOutputIsOK(clientSslSocket2); + clientSslSocket2.close(); + + SSLSocket clientSslSocket3 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10003); + clientSslSocket3.setReuseAddress(true); + checkOutputIsOK(clientSslSocket3); + clientSslSocket3.close(); + + SSLSocket clientSslSocket4 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10000); + clientSslSocket4.setReuseAddress(true); + checkOutputIsOK(clientSslSocket4); + clientSslSocket4.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test + public void smokeTestAuthenticationContextPassedExplicitly() throws DynamicSSLContextException, GeneralSecurityException { + SSLContext dynamicSSLContext = new DynamicSSLContext(new DynamicSSLContextImpl(getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml"))); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + try { + SSLSocket clientSslSocket1 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10001); + clientSslSocket1.setUseClientMode(true); + clientSslSocket1.setReuseAddress(true); + checkOutputIsOK(clientSslSocket1); + clientSslSocket1.close(); + + SSLSocket clientSslSocket2 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10002); + clientSslSocket2.setReuseAddress(true); + checkOutputIsOK(clientSslSocket2); + clientSslSocket2.close(); + + SSLSocket clientSslSocket3 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10003); + clientSslSocket3.setReuseAddress(true); + checkOutputIsOK(clientSslSocket3); + clientSslSocket3.close(); + + SSLSocket clientSslSocket4 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10000); + clientSslSocket4.setReuseAddress(true); + checkOutputIsOK(clientSslSocket4); + clientSslSocket4.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + } + + @Test(expected = SocketException.class) + public void smokeTestWithoutElytronClientContextWillFail() throws NoSuchAlgorithmException, IOException { + SSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + SSLSocket clientSslSocket1 = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10002); + clientSslSocket1.setUseClientMode(true); + clientSslSocket1.setReuseAddress(true); + checkOutputIsOK(clientSslSocket1); + clientSslSocket1.close(); + } + + @Test + public void testCreateSocketByInetAddressPort() throws NoSuchAlgorithmException { + SSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml").run(() -> { + try { + SSLSocket clientSslSocket = (SSLSocket) dynamicSSLContextSocketFactory.createSocket(InetAddress.getByName("localhost"), 10002); + clientSslSocket.setReuseAddress(true); + checkOutputIsOK(clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test + public void testCreateSocketByHostPortLocalAddressLocalPort() throws NoSuchAlgorithmException { + SSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml").run(() -> { + try { + SSLSocket clientSslSocket = (SSLSocket) dynamicSSLContextSocketFactory.createSocket("localhost", 10001, InetAddress.getByName("localhost"), 0); + clientSslSocket.setReuseAddress(true); + checkOutputIsOK(clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test + public void testCreateSocketByAddressPortLocalAddressLocalPort() throws NoSuchAlgorithmException { + SSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml").run(() -> { + try { + SSLSocket clientSslSocket = (SSLSocket) dynamicSSLContextSocketFactory.createSocket(InetAddress.getByName("localhost"), 10001, InetAddress.getByName("localhost"), 12555); + clientSslSocket.setReuseAddress(true); + checkOutputIsOK(clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test + public void testCreateSocketBySocketHostPortAutoCloseTrue() throws NoSuchAlgorithmException { + SSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml").run(() -> { + try { + Socket plainSocket = new Socket(); + plainSocket.connect(new InetSocketAddress("localhost", 10001)); + SSLSocket clientSslSocket = (SSLSocket) dynamicSSLContextSocketFactory.createSocket(plainSocket, "localhost", 10001, true); + clientSslSocket.setReuseAddress(true); + checkOutputIsOK(clientSslSocket); + clientSslSocket.close(); + plainSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test + public void testCreateSocketsBySocketHostPortAutoCloseFalse() throws NoSuchAlgorithmException { + SSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory dynamicSSLContextSocketFactory = dynamicSSLContext.getSocketFactory(); + getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml").run(() -> { + try { + Socket plainSocket = new Socket(); + plainSocket.connect(new InetSocketAddress("localhost", 10001)); + SSLSocket clientSslSocket = (SSLSocket) dynamicSSLContextSocketFactory.createSocket(plainSocket, "localhost", 10001, false); + clientSslSocket.setReuseAddress(true); + checkOutputIsOK(clientSslSocket); + clientSslSocket.close(); + plainSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test + public void testCreateSocketbyHostAndPortAndConfiguredSSLParams2() throws NoSuchAlgorithmException { + DynamicSSLContext dynamicSSLContext = new DynamicSSLContext(); + AuthenticationContext context = getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml"); + context.run(() -> { + try { + DynamicSSLSocketFactory dynamicSSLContextSocketFactory = (DynamicSSLSocketFactory) dynamicSSLContext.getSocketFactory(); + dynamicSSLContext.getDefaultSSLParameters().setCipherSuites(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"}); + SSLSocket clientSslSocket = (SSLSocket) dynamicSSLContextSocketFactory.createSocket(); + SSLParameters sslParameters = clientSslSocket.getSSLParameters(); + sslParameters.setCipherSuites(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"}); + clientSslSocket.setSSLParameters(sslParameters); + dynamicSSLContext.getDefaultSSLParameters().setCipherSuites(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"}); + clientSslSocket.connect(new InetSocketAddress("localhost", 10000)); + clientSslSocket.startHandshake(); + Assert.assertEquals("TLS_RSA_WITH_AES_128_CBC_SHA256", clientSslSocket.getSession().getCipherSuite()); + checkOutputIsOK(clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test(expected = UnsupportedOperationException.class) + public void checkExceptionThrownClientSessionContext() throws Exception { + SSLContext sslContext = new DynamicSSLContext(); + sslContext.getClientSessionContext(); + } + + @Test(expected = UnsupportedOperationException.class) + public void checkExceptionThrownServerSessionContext() throws Exception { + SSLContext sslContext = new DynamicSSLContext(); + sslContext.getServerSessionContext(); + } + + // thorough testing of sslEngine would need a lot of code with socket implementation that is pretty low level + // it is reasonable to assume that it is being tested anyway since sockets created by SSLSocketFactory seem to always use this SSLEngine + // here I at least test that the SSLEngine was created with correct host and port + @Test + public void smokeTestCorrectSSLEngineIsUsed() throws NoSuchAlgorithmException { + DynamicSSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLEngine sslEngine = dynamicSSLContext.createSSLEngine("localhost", 10000); + Assert.assertEquals("localhost", sslEngine.getPeerHost()); + Assert.assertEquals(10000, sslEngine.getPeerPort()); + + SSLEngine sslEngine2 = dynamicSSLContext.createSSLEngine(); + Assert.assertNull(sslEngine2.getPeerHost()); + Assert.assertEquals(-1, sslEngine2.getPeerPort()); + } + + @Test + public void smokeTestIntersectionOfCipherSuites() throws NoSuchAlgorithmException { + DynamicSSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLServerSocketTestInstance testSSLServerSingleCipherSuite = + new SSLServerSocketTestInstance(RESOURCES + "default-server.keystore.jks", RESOURCES + "default-server.truststore.jks", 10004); + testSSLServerSingleCipherSuite.setConfiguredEnabledCipherSuites(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256"}); + testSSLServerSingleCipherSuite.run(); + AuthenticationContext context = getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml"); + context.run(() -> { + try { + SSLSocket clientSslSocket = (SSLSocket) dynamicSSLContext.getSocketFactory().createSocket(); + SSLParameters sslParameters = clientSslSocket.getSSLParameters(); + sslParameters.setCipherSuites(new String[]{"TLS_RSA_WITH_AES_256_CBC_SHA256"}); + clientSslSocket.setSSLParameters(sslParameters); + clientSslSocket.connect(new InetSocketAddress("localhost", 10000)); + clientSslSocket.startHandshake(); + Assert.assertEquals("TLS_RSA_WITH_AES_256_CBC_SHA256", clientSslSocket.getSession().getCipherSuite()); + checkOutputIsOK(clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test + public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmException { + DynamicSSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory socketFactory = dynamicSSLContext.getSocketFactory(); + + AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10001), () -> DynamicSSLTestUtils + .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> { + try { + Socket clientSslSocket = socketFactory.createSocket("localhost", 10001); + checkOutputIsOK((SSLSocket) clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + + AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10002), () -> DynamicSSLTestUtils + .createSSLContext(RESOURCES + "client2.keystore.jks", RESOURCES + "client2.truststore.jks", "secret")).run(() -> { + try { + Socket clientSslSocket = socketFactory.createSocket("localhost", 10002); + checkOutputIsOK((SSLSocket) clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + + AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10003), () -> DynamicSSLTestUtils + .createSSLContext(RESOURCES + "client3.keystore.jks", RESOURCES + "client3.truststore.jks", "secret")).run(() -> { + try { + Socket clientSslSocket = socketFactory.createSocket("localhost", 10003); + checkOutputIsOK((SSLSocket) clientSslSocket); + clientSslSocket.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + }); + } + + @Test(expected = IllegalStateException.class) + public void testThrowAnExceptionWhenLoop() throws NoSuchAlgorithmException { + + DynamicSSLContext dynamicSSLContext = new DynamicSSLContext(); + SSLSocketFactory socketFactory = dynamicSSLContext.getSocketFactory(); + SSLContext previousDefaultSSLContext = SSLContext.getDefault(); + SSLContext.setDefault(dynamicSSLContext); + AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10000), () -> DynamicSSLTestUtils + .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> { + try { + Socket clientSslSocket = socketFactory.createSocket("localhost", 12345); + checkOutputIsOK((SSLSocket) clientSslSocket); + clientSslSocket.close(); + } catch (IOException e) { + Assert.assertEquals("fine", e.getMessage()); + } finally { + SSLContext.setDefault(previousDefaultSSLContext); + } + }); + } + + + @Test + public void testPreconfiguredDefault() throws NoSuchAlgorithmException { + DynamicSSLContext dynamicSSLContext = new DynamicSSLContext(); + final AuthenticationContextConfigurationClient AUTH_CONTEXT_CLIENT = + AccessController.doPrivileged((PrivilegedAction) AuthenticationContextConfigurationClient::new); + try { + + AuthenticationContext contextWithConfiguredDefault = getAuthenticationContext("wildfly-config-dynamic-ssl-test.xml"); + AuthenticationContext contextWithoutConfiguredDefault = getAuthenticationContext("wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml"); + + SSLContext preconfiguredDefault = AUTH_CONTEXT_CLIENT.getDefaultSSLContext(contextWithConfiguredDefault); + SSLContext jvmDefault = AUTH_CONTEXT_CLIENT.getDefaultSSLContext(contextWithoutConfiguredDefault); + + Assert.assertEquals(jvmDefault, SSLContext.getDefault()); + + // AuthenticationContextConfigurationClient always creates new instances. So we can check that preconfigured SSLContext was received + // correctly by successful connection to the host and port that requires that ssl context. + + // We first test configured default by using createSocket(host, port) with port not specified in any match rules. + // Second we use empty createSocket method that will later connect to the same host and port successfully. + + contextWithConfiguredDefault.run(() -> { + try { + SSLSocket clientSslSocket1 = (SSLSocket) preconfiguredDefault.getSocketFactory().createSocket("localhost", 10000); + clientSslSocket1.setReuseAddress(true); + checkOutputIsOK(clientSslSocket1); + clientSslSocket1.close(); + //preconfigured default will be used to create socket since no host and port was provided + SSLSocket clientSocketWithDynamicDefaultSSLContext = (SSLSocket) dynamicSSLContext.getSocketFactory().createSocket(); + clientSocketWithDynamicDefaultSSLContext.setUseClientMode(true); + // configured default is the one which passes for this host and port + clientSocketWithDynamicDefaultSSLContext.connect(new InetSocketAddress("localhost", 10000)); + checkOutputIsOK(clientSocketWithDynamicDefaultSSLContext); + clientSocketWithDynamicDefaultSSLContext.close(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + } + ); + + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + } + } + + private void checkOutputIsOK(SSLSocket clientSslSocket) throws IOException { + PrintWriter printWriter = new PrintWriter(new OutputStreamWriter(clientSslSocket.getOutputStream())); + printWriter.println("Client Hello"); + printWriter.flush(); + InputStream inputStream = clientSslSocket.getInputStream(); + BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); + String line = bufferedReader.readLine().trim(); + Assert.assertEquals(STATUS_OK, line); + } + + private AuthenticationContext getAuthenticationContext(String path) { + return doPrivileged((PrivilegedAction) () -> { + URL config = getClass().getResource(path); + try { + return ElytronXmlParser.parseAuthenticationClientConfiguration(config.toURI()).create(); + } catch (Exception e) { + Assert.assertEquals("fine", e.getMessage()); + throw new InvalidAuthenticationConfigurationException(e); + } + }); + } +} diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java new file mode 100644 index 00000000000..3f73dec2930 --- /dev/null +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java @@ -0,0 +1,214 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.wildfly.security.dynamic.ssl; + +import org.junit.Assert; +import org.wildfly.security.x500.cert.BasicConstraintsExtension; +import org.wildfly.security.x500.cert.X509CertificateBuilder; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.security.auth.x500.X500Principal; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +/** + * Utility class for DynamicSSLContextTest class. + * + * @author Diana Krepinska (Vilkolakova) + */ +public class DynamicSSLTestUtils { + + private static final String CLIENT_ALIAS = "client"; + private static final String LOCALHOST_ALIAS = "localhost"; + private static final String KEYSTORE_TYPE = "JKS"; + private static final String SHA_1_WITH_RSA = "SHA1withRSA"; + private static final String TLS_PROTOCOL_VERSION = "TLSv1.2"; + public static final String KEY_MANAGER_FACTORY_ALGORITHM = "SunX509"; + private static char[] PASSWORD = "secret".toCharArray(); + private static File KEYSTORES_DIR = new File("./target/keystores"); + + private static String CLIENT1_KEYSTORE_FILENAME = "client1.keystore.jks"; + private static String CLIENT1_TRUSTSTORE_FILENAME ="client1.truststore.jks"; + private static String SERVER1_KEYSTORE_FILENAME = "server1.keystore.jks"; + private static String SERVER1_TRUSTSTORE_FILENAME = "server1.truststore.jks"; + + private static String CLIENT2_KEYSTORE_FILENAME = "client2.keystore.jks"; + private static String CLIENT2_TRUSTSTORE_FILENAME ="client2.truststore.jks"; + private static String SERVER2_KEYSTORE_FILENAME = "server2.keystore.jks"; + private static String SERVER2_TRUSTSTORE_FILENAME = "server2.truststore.jks"; + + private static String CLIENT3_KEYSTORE_FILENAME = "client3.keystore.jks"; + private static String CLIENT3_TRUSTSTORE_FILENAME ="client3.truststore.jks"; + private static String SERVER3_KEYSTORE_FILENAME = "server3.keystore.jks"; + private static String SERVER3_TRUSTSTORE_FILENAME = "server3.truststore.jks"; + + private static String DEFAULT_CLIENT_KEYSTORE_FILENAME = "default-client.keystore.jks"; + private static String DEFAULT_CLIENT_TRUSTSTORE_FILENAME ="default-client.truststore.jks"; + private static String DEFAULT_SERVER_KEYSTORE_FILENAME = "default-server.keystore.jks"; + private static String DEFAULT_SERVER_TRUSTSTORE_FILENAME = "default-server.truststore.jks"; + + static SSLContext createSSLContext(String keystorePath, String truststorePath, String password) { + try { + KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE); + keyStore.load(new FileInputStream(keystorePath), password.toCharArray()); + + // Create key manager + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); + keyManagerFactory.init(keyStore, password.toCharArray()); + KeyManager[] km = keyManagerFactory.getKeyManagers(); + + KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE); + trustStore.load(new FileInputStream(truststorePath), password.toCharArray()); + // Create trust manager + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); + trustManagerFactory.init(trustStore); + TrustManager[] tm = trustManagerFactory.getTrustManagers(); + + // Initialize SSLContext + SSLContext sslContext = SSLContext.getInstance(TLS_PROTOCOL_VERSION); + sslContext.init(km, tm, null); + + return sslContext; + } catch (Exception ex) { + Assert.fail(); + } + return null; + } + + static void createKeystores() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + if (!KEYSTORES_DIR.exists()) { + KEYSTORES_DIR.mkdirs(); + } + generateTwoWaySSLKeystoresAndTruststores(CLIENT1_KEYSTORE_FILENAME, SERVER1_KEYSTORE_FILENAME, CLIENT1_TRUSTSTORE_FILENAME, SERVER1_TRUSTSTORE_FILENAME); + generateTwoWaySSLKeystoresAndTruststores(CLIENT2_KEYSTORE_FILENAME, SERVER2_KEYSTORE_FILENAME, CLIENT2_TRUSTSTORE_FILENAME, SERVER2_TRUSTSTORE_FILENAME); + generateTwoWaySSLKeystoresAndTruststores(CLIENT3_KEYSTORE_FILENAME, SERVER3_KEYSTORE_FILENAME, CLIENT3_TRUSTSTORE_FILENAME, SERVER3_TRUSTSTORE_FILENAME); + generateTwoWaySSLKeystoresAndTruststores(DEFAULT_CLIENT_KEYSTORE_FILENAME, DEFAULT_SERVER_KEYSTORE_FILENAME, DEFAULT_CLIENT_TRUSTSTORE_FILENAME, DEFAULT_SERVER_TRUSTSTORE_FILENAME); + } + + private static void generateTwoWaySSLKeystoresAndTruststores(String clientKeystoreFilename, String serverKeystoreFilename, + String clientTruststoreFilename, String serverTruststoreFilename) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + // Generates client certificate and keystore + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); + KeyStore clientKeyStore = KeyStore.getInstance(KEYSTORE_TYPE); + clientKeyStore.load(null, null); + + KeyPair clientKeyPair = keyPairGenerator.generateKeyPair(); + PrivateKey signingKey = clientKeyPair.getPrivate(); + PublicKey publicKey = clientKeyPair.getPublic(); + + X500Principal testClient10DN = new X500Principal("CN=" + CLIENT_ALIAS); + X509Certificate clientCertificate = new X509CertificateBuilder() + .setIssuerDn(testClient10DN) + .setSubjectDn(new X500Principal("OU=Elytron")) + .setSignatureAlgorithmName(SHA_1_WITH_RSA) + .setSigningKey(signingKey) + .setPublicKey(publicKey) + .setSerialNumber(new BigInteger("3")) + .addExtension(new BasicConstraintsExtension(false, false, -1)) + .build(); + clientKeyStore.setKeyEntry(CLIENT_ALIAS, signingKey, PASSWORD, new X509Certificate[]{clientCertificate}); + + + // Generates server certificate and keystore + KeyStore serverKeyStore = KeyStore.getInstance(KEYSTORE_TYPE); + serverKeyStore.load(null, null); + + KeyPair serverKeyPair = keyPairGenerator.generateKeyPair(); + PrivateKey serverSigningKey = serverKeyPair.getPrivate(); + PublicKey serverPublicKey = serverKeyPair.getPublic(); + + X500Principal testServer10DN = new X500Principal("CN=" + LOCALHOST_ALIAS); + X509Certificate serverCertificate = new X509CertificateBuilder() + .setIssuerDn(testServer10DN) + .setSubjectDn(new X500Principal("OU=Elytron")) + .setSignatureAlgorithmName(SHA_1_WITH_RSA) + .setSigningKey(serverSigningKey) + .setPublicKey(serverPublicKey) + .setSerialNumber(new BigInteger("4")) + .addExtension(new BasicConstraintsExtension(false, false, -1)) + .build(); + serverKeyStore.setKeyEntry(LOCALHOST_ALIAS, serverSigningKey, PASSWORD, new X509Certificate[]{serverCertificate}); + + File clientKeystoreFile = new File(KEYSTORES_DIR, clientKeystoreFilename); + try (FileOutputStream clientStream = new FileOutputStream(clientKeystoreFile)) { + clientKeyStore.store(clientStream, PASSWORD); + } + + File serverKeystoreFile = new File(KEYSTORES_DIR, serverKeystoreFilename); + try (FileOutputStream serverStream = new FileOutputStream(serverKeystoreFile)) { + serverKeyStore.store(serverStream, PASSWORD); + } + + // create truststores + KeyStore clientTrustStore = KeyStore.getInstance(KEYSTORE_TYPE); + clientTrustStore.load(null, null); + + KeyStore serverTrustStore = KeyStore.getInstance(KEYSTORE_TYPE); + serverTrustStore.load(null, null); + clientTrustStore.setCertificateEntry(LOCALHOST_ALIAS, serverKeyStore.getCertificate(LOCALHOST_ALIAS)); + serverTrustStore.setCertificateEntry(CLIENT_ALIAS, clientKeyStore.getCertificate(CLIENT_ALIAS) ); + + File clientTrustFile = new File(KEYSTORES_DIR, clientTruststoreFilename); + try (FileOutputStream clientStream = new FileOutputStream(clientTrustFile)) { + clientTrustStore.store(clientStream, PASSWORD); + } + + File serverTrustFile = new File(KEYSTORES_DIR, serverTruststoreFilename); + try (FileOutputStream serverStream = new FileOutputStream(serverTrustFile)) { + serverTrustStore.store(serverStream, PASSWORD); + } + } + + public static void deleteKeystores() { + new File(KEYSTORES_DIR, CLIENT1_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, CLIENT1_TRUSTSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, CLIENT2_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, CLIENT2_TRUSTSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, CLIENT3_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, CLIENT3_TRUSTSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, DEFAULT_CLIENT_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, DEFAULT_CLIENT_TRUSTSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, SERVER1_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, SERVER1_TRUSTSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, SERVER2_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, SERVER2_TRUSTSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, SERVER3_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, SERVER3_TRUSTSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, DEFAULT_SERVER_KEYSTORE_FILENAME).delete(); + new File(KEYSTORES_DIR, DEFAULT_SERVER_TRUSTSTORE_FILENAME).delete(); + KEYSTORES_DIR.delete(); + } +} diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java new file mode 100644 index 00000000000..e404fd3e622 --- /dev/null +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java @@ -0,0 +1,138 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.dynamic.ssl; + +import okhttp3.TlsVersion; +import org.junit.Assert; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import java.io.BufferedReader; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.PrintWriter; +import java.net.InetSocketAddress; +import java.util.concurrent.atomic.AtomicBoolean; + +/** + * Utility class for running SSLServerSocket instance for testing. + * + * @author Diana Krepinska (Vilkolakova) + */ +public class SSLServerSocketTestInstance { + + private int port; + private String keystorePath; + private String truststorePath; + private String[] configuredEnabledCipherSuites; + private SSLServerSocket sslServerSocket; + private AtomicBoolean running = new AtomicBoolean(false); + private Thread serverThread; + + public SSLServerSocketTestInstance(String pathToKeystore, String pathToTruststore, int port) { + this.keystorePath = pathToKeystore; + this.truststorePath = pathToTruststore; + this.port = port; + } + + void setConfiguredEnabledCipherSuites(String[] configuredEnabledCipherSuite) { + this.configuredEnabledCipherSuites = configuredEnabledCipherSuite; + } + + public void run() { + String password = "secret"; + SSLContext sslContext = DynamicSSLTestUtils.createSSLContext(this.keystorePath, this.truststorePath, password); + try { + SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); + sslServerSocket = (javax.net.ssl.SSLServerSocket) sslServerSocketFactory.createServerSocket(); + sslServerSocket.setNeedClientAuth(true); + sslServerSocket.setUseClientMode(false); + sslServerSocket.setWantClientAuth(true); + sslServerSocket.setEnabledProtocols(new String[]{ + TlsVersion.TLS_1_2.javaName(), + TlsVersion.TLS_1_3.javaName() + }); + if (configuredEnabledCipherSuites != null) { + sslServerSocket.setEnabledCipherSuites(configuredEnabledCipherSuites); + } + sslServerSocket.bind(new InetSocketAddress("localhost", port)); + serverThread = new Thread(() -> { + running.set(true); + while (running.get()) { + SSLSocket sslSocket; + try { + sslSocket = (SSLSocket) sslServerSocket.accept(); + new Thread(new ServerThread(sslSocket)).start(); + } catch (Exception e) { + Assert.fail(); + } + } + }); + serverThread.start(); + } catch (Exception ex) { + Assert.fail(); + } finally { + running.set(false); + } + } + + public void stop() { + running.set(false); + } + + // Thread handling the socket from client + public static class ServerThread implements Runnable { + public static final String STATUS_OK = "HTTP/1.1 200 OK"; + private SSLSocket sslSocket; + AtomicBoolean running = new AtomicBoolean(false); + + ServerThread(SSLSocket sslSocket) { + this.sslSocket = sslSocket; + } + + public void run() { + try { + // wait for client's message first so that the first client message will trigger handshake. + // This way client can set its preferences in SSLParams after creation of bound createSocket(host,port) without server triggering handshake before. + running.set(true); + sslSocket.startHandshake(); + InputStream inputStream = sslSocket.getInputStream(); + BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); + while (running.get()) { + if ((bufferedReader.readLine()).equals("Client Hello")) { + break; + } + } + // if successful return 200 + PrintWriter printWriter = new PrintWriter(new OutputStreamWriter(sslSocket.getOutputStream())); + printWriter.println(STATUS_OK); + printWriter.flush(); + sslSocket.close(); + } catch (Exception ex) { + ex.printStackTrace(); + Assert.fail(); + } finally { + running.set(false); + } + } + } +} diff --git a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml new file mode 100644 index 00000000000..07bfe16b243 --- /dev/null +++ b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml @@ -0,0 +1,92 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml new file mode 100644 index 00000000000..5e01db70445 --- /dev/null +++ b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml @@ -0,0 +1,114 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pom.xml b/pom.xml index dd4eebaa9d2..1a67cc30b66 100644 --- a/pom.xml +++ b/pom.xml @@ -521,6 +521,11 @@ wildfly-elytron-digest ${project.version} + + org.wildfly.security + wildfly-elytron-dynamic-ssl + ${project.version} + org.wildfly.security wildfly-elytron-encryption @@ -1381,6 +1386,7 @@ credential/source/impl digest encryption + dynamic-ssl http/base http/basic http/bearer diff --git a/tests/base/pom.xml b/tests/base/pom.xml index d894887c815..076d2fbd55a 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -788,6 +788,11 @@ 2.3.1 test + + org.wildfly.security + wildfly-elytron-dynamic-ssl + test + diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1869b3bf5c7..b7a4948c4af 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -293,6 +293,10 @@ org.wildfly.security wildfly-elytron-digest + + org.wildfly.security + wildfly-elytron-dynamic-ssl + org.wildfly.security wildfly-elytron-encryption @@ -633,6 +637,11 @@ wildfly-elytron-digest ${project.version} + + org.wildfly.security + wildfly-elytron-dynamic-ssl + ${project.version} + org.wildfly.security wildfly-elytron-http From 0a13c93626a842acc628417ea6e3c81f1248bd43 Mon Sep 17 00:00:00 2001 From: Diana Krepinska Date: Thu, 21 Mar 2024 00:53:15 +0100 Subject: [PATCH 141/205] [ELY-1996] Add new interface indicating active sessions of an SSLContext --- .../auth/client/ActiveSessionsSSLContext.java | 33 +++++++++++++++++++ .../dynamic/ssl/DynamicSSLContext.java | 4 ++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 auth/client/src/main/java/org/wildfly/security/auth/client/ActiveSessionsSSLContext.java diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ActiveSessionsSSLContext.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ActiveSessionsSSLContext.java new file mode 100644 index 00000000000..691066b170e --- /dev/null +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ActiveSessionsSSLContext.java @@ -0,0 +1,33 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.auth.client; + +/** + * An interface indicating active sessions of an SSLContext + */ +public interface ActiveSessionsSSLContext { + /** + * Indicates if the SSLContext has active sessions. + * + * @return true if SSLContext has active sessions. Otherwise, false + */ + default boolean hasActiveSessions() { + return false; + } +} diff --git a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java index 1fcbf93a024..500d03badc2 100644 --- a/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java +++ b/dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java @@ -17,6 +17,8 @@ */ package org.wildfly.security.dynamic.ssl; +import org.wildfly.security.auth.client.ActiveSessionsSSLContext; + import javax.net.ssl.SSLContext; import java.security.NoSuchAlgorithmException; @@ -25,7 +27,7 @@ * * @author Diana Krepinska */ -public final class DynamicSSLContext extends SSLContext { +public final class DynamicSSLContext extends SSLContext implements ActiveSessionsSSLContext { private static SSLContext resolverSSLContext(DynamicSSLContextSPI dynamicSSLContextSPIImpl) throws NoSuchAlgorithmException, DynamicSSLContextException { return dynamicSSLContextSPIImpl.getConfiguredDefault() == null ? From fc56044d30b8eb04eb0dbd7f570294203a9eb6c2 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Wed, 28 Jun 2023 15:14:01 -0400 Subject: [PATCH 142/205] [ELY-2574] Add the ability to configure scopes with elytron-oidc-client --- .../oidc/OidcClientConfigurationBuilder.java | 3 + .../http/oidc/OidcJsonConfiguration.java | 12 ++- .../http/oidc/OidcRequestAuthenticator.java | 28 +++++- .../http/oidc/KeycloakConfiguration.java | 29 +++++-- .../security/http/oidc/OidcBaseTest.java | 35 +++++++- .../wildfly/security/http/oidc/OidcTest.java | 86 +++++++++++++++++-- 6 files changed, 177 insertions(+), 16 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java index 99f9b185a5d..f2d757e493c 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java @@ -100,6 +100,9 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc if (oidcJsonConfiguration.getTokenCookiePath() != null) { oidcClientConfiguration.setOidcStateCookiePath(oidcJsonConfiguration.getTokenCookiePath()); } + if (oidcJsonConfiguration.getScope() != null) { + oidcClientConfiguration.setScope(oidcJsonConfiguration.getScope()); + } if (oidcJsonConfiguration.getPrincipalAttribute() != null) oidcClientConfiguration.setPrincipalAttribute(oidcJsonConfiguration.getPrincipalAttribute()); oidcClientConfiguration.setResourceCredentials(oidcJsonConfiguration.getCredentials()); diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java index 5e65d60fe06..f835cc4fbc2 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java @@ -46,7 +46,7 @@ "register-node-at-startup", "register-node-period", "token-store", "adapter-state-cookie-path", "principal-attribute", "proxy-url", "turn-off-change-session-id-on-login", "token-minimum-time-to-live", "min-time-between-jwks-requests", "public-key-cache-ttl", - "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm" + "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope" }) public class OidcJsonConfiguration { @@ -140,6 +140,9 @@ public class OidcJsonConfiguration { @JsonProperty("token-signature-algorithm") protected String tokenSignatureAlgorithm = DEFAULT_TOKEN_SIGNATURE_ALGORITHM; + @JsonProperty("scope") + protected String scope; + /** * The Proxy url to use for requests to the auth-server, configurable via the adapter config property {@code proxy-url}. */ @@ -511,5 +514,12 @@ public void setTokenSignatureAlgorithm(String tokenSignatureAlgorithm) { this.tokenSignatureAlgorithm = tokenSignatureAlgorithm; } + public String getScope() { + return scope; + } + + public void setScope(String scope) { + this.scope = scope; + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java index 6b51d980d97..dbb3f056874 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java @@ -45,8 +45,10 @@ import java.net.URL; import java.util.ArrayList; import java.util.Arrays; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; import org.apache.http.HttpStatus; import org.apache.http.NameValuePair; @@ -166,10 +168,13 @@ protected String getRedirectUri(String state) { List forwardableQueryParams = Arrays.asList(LOGIN_HINT, DOMAIN_HINT, KC_IDP_HINT, PROMPT, MAX_AGE, UI_LOCALES, SCOPE); List forwardedQueryParams = new ArrayList<>(forwardableQueryParams.size()); + Set allScopes = new HashSet<>(); + addScopes(deployment.getScope(), allScopes); + for (String paramName : forwardableQueryParams) { String paramValue = getQueryParamValue(facade, paramName); if (SCOPE.equals(paramName)) { - paramValue = addOidcScopeIfNeeded(paramValue); + paramValue = combineAndReorderScopes(allScopes, paramValue); } if (paramValue != null && !paramValue.isEmpty()) { forwardedQueryParams.add(new BasicNameValuePair(paramName, paramValue)); @@ -180,6 +185,7 @@ protected String getRedirectUri(String state) { if (deployment.getAuthUrl() == null) { return null; } + URIBuilder redirectUriBuilder = new URIBuilder(deployment.getAuthUrl()) .addParameter(RESPONSE_TYPE, CODE) .addParameter(CLIENT_ID, deployment.getResourceName()) @@ -416,4 +422,24 @@ private static boolean hasScope(String scopeParam, String targetScope) { } return false; } + + private String combineAndReorderScopes(Set allScopes, String paramValue) { + StringBuilder combinedScopes = new StringBuilder(); + addScopes(paramValue, allScopes); + + //some OpenID providers require openid scope to be added in the beginning + combinedScopes.append(OIDC_SCOPE); + for (String scope : allScopes) { + if (!scope.equals(OIDC_SCOPE)) { + combinedScopes.append(" ").append(scope); + } + } + return combinedScopes.toString(); + } + + private void addScopes(String scopes, Set allScopes) { + if (scopes != null && !scopes.isEmpty()) { + allScopes.addAll(Arrays.asList(scopes.split("\\s+"))); + } + } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java index 5dfa052ed28..bbe6e091e5e 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java @@ -33,6 +33,8 @@ import io.restassured.RestAssured; +import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; + /** * Keycloak configuration for testing. * @@ -47,6 +49,7 @@ public class KeycloakConfiguration { private static final String BOB = "bob"; private static final String BOB_PASSWORD = "bob123+"; public static final String ALLOWED_ORIGIN = "http://somehost"; + public static final boolean EMAIL_VERIFIED = false; /** * Configure RealmRepresentation as follows: @@ -60,8 +63,8 @@ public class KeycloakConfiguration { * */ public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, - String clientHostName, int clientPort, String clientApp) { - return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp); + String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) { + return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, configureClientScopes); } public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, @@ -101,15 +104,22 @@ public static String getAccessToken(String authServerUrl, String realmName, Stri .as(AccessTokenResponse.class).getToken(); } + private static RealmRepresentation createRealm(final String realmName, String clientId, String clientSecret, + String clientHostName, int clientPort, String clientApp, + boolean directAccessGrantEnabled, String bearerOnlyClientId, + String corsClientId) { + return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, bearerOnlyClientId, corsClientId, false); + } + private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, - String clientHostName, int clientPort, String clientApp) { - return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, false, null, null); + String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) { + return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, false, null, null, configureClientScopes); } private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, - String corsClientId) { + String corsClientId, boolean configureClientScopes) { RealmRepresentation realm = new RealmRepresentation(); realm.setRealm(name); @@ -127,8 +137,12 @@ private static RealmRepresentation createRealm(String name, String clientId, Str realm.getRoles().getRealm().add(new RoleRepresentation("user", null, false)); realm.getRoles().getRealm().add(new RoleRepresentation("admin", null, false)); - - realm.getClients().add(createWebAppClient(clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled)); + ClientRepresentation webAppClient = createWebAppClient(clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled); + if (configureClientScopes) { + webAppClient.setDefaultClientScopes(Collections.singletonList(OIDC_SCOPE)); + webAppClient.setOptionalClientScopes(Arrays.asList("phone", "email", "profile")); + } + realm.getClients().add(webAppClient); if (bearerOnlyClientId != null) { realm.getClients().add(createBearerOnlyClient(bearerOnlyClientId)); @@ -178,6 +192,7 @@ private static UserRepresentation createUser(String username, String password, L user.setCredentials(new ArrayList<>()); user.setRealmRoles(realmRoles); user.setEmail(username + "@gmail.com"); + user.setEmailVerified(EMAIL_VERIFIED); CredentialRepresentation credential = new CredentialRepresentation(); credential.setType(CredentialRepresentation.PASSWORD); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index b1fb8ea2d2e..65d0da04ba6 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -19,6 +19,7 @@ package org.wildfly.security.http.oidc; import static org.junit.Assert.assertEquals; +import static org.wildfly.common.Assert.assertTrue; import java.io.IOException; import java.net.URI; @@ -29,6 +30,9 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.sasl.AuthorizeCallback; +import org.jose4j.jwt.JwtClaims; +import org.jose4j.jwt.consumer.InvalidJwtException; +import org.jose4j.jwt.consumer.JwtConsumerBuilder; import org.junit.AfterClass; import org.keycloak.representations.idm.RealmRepresentation; import org.testcontainers.DockerClientFactory; @@ -37,6 +41,8 @@ import org.wildfly.security.auth.callback.IdentityCredentialCallback; import org.wildfly.security.auth.callback.SecurityIdentityCallback; import org.wildfly.security.auth.server.SecurityDomain; +import org.wildfly.security.credential.BearerTokenCredential; +import org.wildfly.security.credential.Credential; import org.wildfly.security.evidence.Evidence; import org.wildfly.security.http.HttpServerAuthenticationMechanism; import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; @@ -76,6 +82,7 @@ public class OidcBaseTest extends AbstractBaseHttpTest { public static final String CLIENT_PAGE_TEXT = "Welcome page!"; public static final String CLIENT_HOST_NAME = "localhost"; public static MockWebServer client; // to simulate the application being secured + public static final Boolean CONFIGURE_CLIENT_SCOPES = true; // to simulate the application being secured protected HttpServerAuthenticationMechanismFactory oidcFactory; @@ -117,8 +124,11 @@ protected static boolean isDockerAvailable() { return false; } } - protected CallbackHandler getCallbackHandler() { + return getCallbackHandler(false, null); + } + + protected CallbackHandler getCallbackHandler(boolean checkScope, String expectedScopes) { return callbacks -> { for(Callback callback : callbacks) { if (callback instanceof EvidenceVerifyCallback) { @@ -127,7 +137,13 @@ protected CallbackHandler getCallbackHandler() { } else if (callback instanceof AuthenticationCompleteCallback) { // NO-OP } else if (callback instanceof IdentityCredentialCallback) { - // NO-OP + if (checkScope) { + try { + checkForScopeClaims(callback, expectedScopes); + } catch (InvalidJwtException e) { + throw new RuntimeException(e); + } + } } else if (callback instanceof AuthorizeCallback) { ((AuthorizeCallback) callback).setAuthorized(true); } else if (callback instanceof SecurityIdentityCallback) { @@ -181,6 +197,7 @@ protected HtmlInput loginToKeycloak(String username, String password, URI reques webClient.addCookie(getCookieString(cookie), requestUri.toURL(), null); } } + HtmlPage keycloakLoginPage = webClient.getPage(location); HtmlForm loginForm = keycloakLoginPage.getForms().get(0); loginForm.getInputByName(KEYCLOAK_USERNAME).setValueAttribute(username); @@ -215,4 +232,18 @@ protected String getCookieString(HttpServerCookie cookie) { return header.toString(); } + protected void checkForScopeClaims(Callback callback, String expectedScopes) throws InvalidJwtException { + Credential credential = ((IdentityCredentialCallback)callback).getCredential(); + String token = ((BearerTokenCredential) credential).getToken(); + JwtClaims jwtClaims = new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(token); + + if (expectedScopes != null) { + if (expectedScopes.contains("email")) { + assertTrue(jwtClaims.getClaimValueAsString("email_verified").contains(String.valueOf(KeycloakConfiguration.EMAIL_VERIFIED))); + } + if (expectedScopes.contains("profile")) { + assertTrue(jwtClaims.getClaimValueAsString("preferred_username").contains(KeycloakConfiguration.ALICE)); + } + } + } } \ No newline at end of file diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 9ce5a55c934..bb41ffe97bd 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -22,6 +22,7 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assume.assumeTrue; import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; +import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; import java.io.ByteArrayInputStream; import java.io.InputStream; @@ -30,6 +31,7 @@ import java.util.HashMap; import java.util.Map; +import com.gargoylesoftware.htmlunit.WebClient; import org.apache.http.HttpStatus; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -55,7 +57,7 @@ public static void startTestContainers() throws Exception { assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); KEYCLOAK_CONTAINER = new KeycloakContainer(); KEYCLOAK_CONTAINER.start(); - sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP)); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, CONFIGURE_CLIENT_SCOPES)); client = new MockWebServer(); client.start(CLIENT_PORT); } @@ -161,10 +163,55 @@ public void testTokenSignatureAlgorithm() throws Exception { performAuthentication(getOidcConfigurationInputStreamWithTokenSignatureAlgorithm(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); } + @Test + public void testInvalidScope() throws Exception { + String expectedScope = OIDC_SCOPE + "+INVALID_SCOPE"; + performAuthentication(getOidcConfigurationInputStreamWithScope("INVALID_SCOPE"), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), "error=invalid_scope", expectedScope, true); + } + + @Test + public void testEmptyScope() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithScope(""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, OIDC_SCOPE, false); + } + + @Test + public void testSingleScopeValue() throws Exception { + String expectedScope = OIDC_SCOPE + "+profile"; + performAuthentication(getOidcConfigurationInputStreamWithScope("profile"), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); + } + + @Test + public void testMultipleScopeValue() throws Exception { + String expectedScope = OIDC_SCOPE + "+phone+profile+email"; + performAuthentication(getOidcConfigurationInputStreamWithScope("email phone profile"), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); + } + + @Test + public void testOpenIDScopeValue() throws Exception { + String expectedScope = OIDC_SCOPE; + performAuthentication(getOidcConfigurationInputStreamWithScope(OIDC_SCOPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); + } + + @Test + public void testOpenIDWithMultipleScopeValue() throws Exception { + String expectedScope = OIDC_SCOPE + "+phone+profile+email";//order gets changed when combining with query parameters + performAuthentication(getOidcConfigurationInputStreamWithScope("email phone profile " + OIDC_SCOPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); + } // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); + } + + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -172,7 +219,12 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + HttpServerAuthenticationMechanism mechanism; + if (expectedScope == null) { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + } else { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, expectedScope)); + } URI requestUri = new URI(getClientUrl()); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); @@ -180,12 +232,22 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri TestingHttpServerResponse response = request.getResponse(); assertEquals(loginToKeycloak ? HttpStatus.SC_MOVED_TEMPORARILY : HttpStatus.SC_FORBIDDEN, response.getStatusCode()); assertEquals(Status.NO_AUTH, request.getResult()); + if (expectedScope != null) { + assertTrue(response.getFirstResponseHeaderValue("Location").contains("scope=" + expectedScope)); + } if (loginToKeycloak) { client.setDispatcher(createAppResponse(mechanism, expectedDispatcherStatusCode, expectedLocation, clientPageText)); - TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), - response.getCookies()).click(); - assertTrue(page.getContent().contains(clientPageText)); + + if (checkInvalidScopeError) { + WebClient webClient = getWebClient(); + TextPage keycloakLoginPage = webClient.getPage(response.getLocation()); + assertTrue(keycloakLoginPage.getWebResponse().getWebRequest().toString().contains("error_description=Invalid+scopes")); + } else { + TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), + response.getCookies()).click(); + assertTrue(page.getContent().contains(clientPageText)); + } } } finally { client.setDispatcher(new QueueDispatcher()); @@ -291,4 +353,18 @@ private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } + + private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"scope\" : \"" + scopeValue + "\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } } From a91409881b5cb0614efb8073f75df997ec1b11de Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 22 Mar 2024 16:27:16 -0400 Subject: [PATCH 143/205] [ELY-2740] Release WildFly Elytron 2.4.0.CR1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index b03d621ba86..2a3d14c1011 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 7a0c0881c00..cb170ed8d71 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 22fca96ae13..502d4c9a59c 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 4000135bb43..954edd49593 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 1479cdef6de..af587c28cfc 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index e4eea6fb2fa..d889518e002 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 07c911d170b..ed38b9405e1 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 9cf0134f94b..19e4eba89ab 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 8389421f59a..3fb4b74531f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 08d5c4b2921..a6bb314cbf9 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 474cb996e61..b5819112721 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 58596847a6d..8ef589baec5 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index b2c48b4d670..47dd6ee9794 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index bcb38560900..9d9f0dc98ed 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index c031149139a..e6bc5ee0afe 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 3311d745086..1a6e55344fe 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index e6e890fb41c..6c2d39a98a1 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index e161d3b328c..dd3dc25459c 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 8be2079ecbf..1258647a9bf 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 69c243af447..5cf1dd39e65 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 4f5c9f21aaa..1d9be771591 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 8242fb1a7f0..01da4df56e2 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 865667f5c04..3d5478108dd 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 3c52b2dae9d..b561d1b6506 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 90b6b12493c..98fe5e9f25a 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 612dc941257..c13d1c1a8d2 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index debf65e5f95..582718389b3 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 3ca701cd870..1b58f1368fc 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 18f75a5c65c..232573b860b 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index b01609b09f0..52be0e61e98 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index cafb6086edb..1143d183e5f 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 2ffb86ebde8..8e683788756 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 37e43dab2ec..e9ed31ff4c1 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 7eaf5ea8572..6156037dffd 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 40312d1f08c..5b73ce99926 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index a991c718b44..a20b8882ab1 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index a2279031e22..e832d1555bd 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 157576826ef..a47ab0bc0b6 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 23bb107b0a5..2d4aab071bf 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 9f29bd0d266..4a560a988bd 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 691933bb6a5..3e4e995b4a9 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 7c5585a682f..0a4ea0c4395 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 17c1025f0fc..bb79c790dce 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index df00c10ef47..aeafdc13085 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 4440c93ae6c..d680766be88 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 931d40e3494..7e48e1c67ce 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index c99f94a51f5..c1aeb1dd850 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 1fbc737a3e9..178f618df5b 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/pom.xml b/pom.xml index 2848bc8b076..9e0990f9be1 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 410c8412182..209963413d4 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 416a1054b0e..fd3f10f030f 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index da1aaf34974..9886e5f63b4 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 301c9899818..7612bee934d 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 01ec8349274..5ecde89830d 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index d456b4c94d6..57b5021f790 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index be5665a8767..63425115681 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 6cea1bb61f1..af9f5f22479 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 7ff429e8894..ec84330755a 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 98a27a9dfa8..3982c56b81d 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index d52f6ad60bf..acc477413fa 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index ca22af9ed00..6cd05504944 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 81ec85ecd36..1205f6a7286 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 1e864b8150d..2e756ce9593 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index db90f8dc137..ae7b606dfc0 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index d2d106ee54e..bb236a7d3e7 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index f811ab4ae5b..2d6979fd4e5 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 0966e15ee37..80b80599e1d 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 988ed029706..e225cdc2f16 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 602edf0acfe..22f83510851 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index a6baceab23d..5bd2a0fdfae 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 87cf010d2f3..9bccaa73d30 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 8c97bf8d289..d512b98371b 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index edff386b6f1..6b6f21817f3 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 8d61e400b50..d33d6193b32 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 460b9b518dc..72490a89a89 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 918b4d4b33e..b5ff8ade82e 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 277622afdf5..ac601b81953 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.3.2.CR1-SNAPSHOT + 2.4.0.CR1 ../../pom.xml From eee9b1ed8ec1d14bf6fac578d2e841cbf4878eb4 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 22 Mar 2024 16:29:30 -0400 Subject: [PATCH 144/205] Next is 2.4.0.CR2 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 2a3d14c1011..2e7b5090fbb 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index cb170ed8d71..8198d3a07f5 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 502d4c9a59c..c7fbf53190c 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 954edd49593..ee05da6e750 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index af587c28cfc..75e7f679014 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index d889518e002..85f2fa27cb7 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index ed38b9405e1..76460b58c01 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 19e4eba89ab..18c9cfc5e25 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 3fb4b74531f..855a57e509e 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index a6bb314cbf9..652f0a79282 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index b5819112721..508ff16a30d 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 8ef589baec5..cd70982c7df 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 47dd6ee9794..81edbfdb830 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 9d9f0dc98ed..63bf240159d 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index e6bc5ee0afe..0849376e5ef 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 1a6e55344fe..f4de168cac6 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 6c2d39a98a1..0b81e7e01d6 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index dd3dc25459c..09866d110ca 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 1258647a9bf..2eddd718f16 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 5cf1dd39e65..b5ccf25d9a5 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 1d9be771591..c0c18c3cced 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 01da4df56e2..dd699614fc9 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 3d5478108dd..9882b1429ed 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index b561d1b6506..e97b2f1e266 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 98fe5e9f25a..2c01ec9062b 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index c13d1c1a8d2..b70952556e3 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 582718389b3..a0bebda5360 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 1b58f1368fc..4b750d5b618 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 232573b860b..a678666197b 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 52be0e61e98..594e2a18e5e 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 1143d183e5f..91435e7f55c 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 8e683788756..226cdcc9a79 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index e9ed31ff4c1..2f879fa860e 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 6156037dffd..925a3c34b9b 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 5b73ce99926..5a14bec89d0 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index a20b8882ab1..f6a56dc3129 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index e832d1555bd..897d30ff2eb 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index a47ab0bc0b6..ae23c051ef9 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 2d4aab071bf..5aa99a08edd 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 4a560a988bd..71ef01f9faa 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 3e4e995b4a9..67554905302 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 0a4ea0c4395..be336718ce3 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index bb79c790dce..1a3d78891f0 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index aeafdc13085..6b9236c65e2 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index d680766be88..203a6d37ca8 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 7e48e1c67ce..ff6b188e4a4 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index c1aeb1dd850..12602ac66bd 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 178f618df5b..9f592fa8e91 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 9e0990f9be1..8b498077168 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 209963413d4..cbf5c21012d 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index fd3f10f030f..2a6bcaa9014 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 9886e5f63b4..f580ae996be 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 7612bee934d..c32dded3d9e 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 5ecde89830d..4554a8b1d86 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 57b5021f790..e8a69f53220 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 63425115681..2a012d29b27 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index af9f5f22479..b71e0f0fb4b 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index ec84330755a..7243b918d40 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 3982c56b81d..ee8bac2334b 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index acc477413fa..9382be910ab 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 6cd05504944..04ac68bc97e 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 1205f6a7286..3def74fe802 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 2e756ce9593..8b152d5ac4d 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index ae7b606dfc0..532a45a3a8d 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index bb236a7d3e7..85f840cbd39 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 2d6979fd4e5..609bf8de9c3 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 80b80599e1d..5244a968dc9 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index e225cdc2f16..3fa90f00d1a 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 22f83510851..acfe8413a99 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 5bd2a0fdfae..52357c61878 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 9bccaa73d30..de3245909e9 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index d512b98371b..e145999ec29 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 6b6f21817f3..1fa8e04ab63 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index d33d6193b32..e4b94a27eae 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 72490a89a89..90136525a4f 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index b5ff8ade82e..c8d99c614ae 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index ac601b81953..e27e77fb401 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR1 + 2.4.0.CR2-SNAPSHOT ../../pom.xml From 2e9d6e3f0f5f74898ce4bf93b2e8d9480290e2af Mon Sep 17 00:00:00 2001 From: Dimitris Kafetzis Date: Tue, 19 Sep 2023 15:34:10 +0300 Subject: [PATCH 145/205] [ELY 2173] Add test for the CLIENT_CERT mechanism --- http/cert/pom.xml | 14 +- ...ertAuthenticationMechanismFactoryTest.java | 124 ++++++++++++++++++ tests/base/pom.xml | 5 +- ...ClientCertAuthenticationMechanismTest.java | 85 ++++++++++++ .../http/impl/AbstractBaseHttpTest.java | 99 +++++++++----- 5 files changed, 293 insertions(+), 34 deletions(-) create mode 100644 http/cert/src/test/java/org.wildfly.security.http.cert/ClientCertAuthenticationMechanismFactoryTest.java create mode 100644 tests/base/src/test/java/org/wildfly/security/http/cert/ClientCertAuthenticationMechanismTest.java diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 2c01ec9062b..d5474916620 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -71,7 +71,19 @@ org.wildfly.common wildfly-common - + + + + + org.jmockit + jmockit + test + + + junit + junit + test + diff --git a/http/cert/src/test/java/org.wildfly.security.http.cert/ClientCertAuthenticationMechanismFactoryTest.java b/http/cert/src/test/java/org.wildfly.security.http.cert/ClientCertAuthenticationMechanismFactoryTest.java new file mode 100644 index 00000000000..041ac99e7a5 --- /dev/null +++ b/http/cert/src/test/java/org.wildfly.security.http.cert/ClientCertAuthenticationMechanismFactoryTest.java @@ -0,0 +1,124 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.cert; + +import org.wildfly.security.http.HttpAuthenticationException; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; +import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import org.junit.Assert; +import org.junit.Test; + +public class ClientCertAuthenticationMechanismFactoryTest { + private HttpServerAuthenticationMechanismFactory clientCertMechanismFactory = new ClientCertMechanismFactory(); + + CallbackHandler dummyCallbackHandler = new CallbackHandler() { + @Override + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + } + }; + + /** + * Tests that {@link ServerMechanismFactoryImpl#getMechanismNames(Map)} correctly + * handles null or empty properties parameter as possible value. + */ + @Test + public void testGetMechanismNamesPropertiesNull() { + clientCertMechanismFactory.getMechanismNames(null); + clientCertMechanismFactory.getMechanismNames(new HashMap()); + } + + /** + * Tests that {@link ServerMechanismFactoryImpl#getMechanismNames(Map)} does not return null. + */ + @Test + public void testGetMechanismNamesReturnNotNull() { + String[] mechanismNames = clientCertMechanismFactory.getMechanismNames(null); + Assert.assertNotNull("Array of mechanism names is not null.", mechanismNames); + } + + /** + * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} + * does handle null mechanism name parameter correctly - does not allow. + * @throws HttpAuthenticationException + */ + @Test + public void testCreateAuthenticationMechanismMechanismNameNull() throws HttpAuthenticationException { + try { + clientCertMechanismFactory.createAuthenticationMechanism(null, new HashMap(), dummyCallbackHandler); + Assert.fail("Mechanism name could not be null"); + } catch (IllegalArgumentException e) { + // OK - expected exception state + } + } + + /** + * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} + * does handle null properties parameter correctly - does not allow. + */ + @Test + public void testCreateAuthenticationMechanismPropertiesNull() throws HttpAuthenticationException { + try { + clientCertMechanismFactory.createAuthenticationMechanism("CLIENT_CERT", null, dummyCallbackHandler); + Assert.fail("Properties could not be null"); + } catch (IllegalArgumentException e) { + // OK - expected exception state + } + } + + /** + * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} + * does handle wrong mechanism ("BASIC") - returns null. + */ + @Test + public void testCreateAuthenticationMechanismBasicMechanismName() throws HttpAuthenticationException{ + HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = clientCertMechanismFactory.createAuthenticationMechanism("BASIC",new HashMap(),dummyCallbackHandler); + Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); + } + + /** + * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} + * does handle null properties parameter correctly - does not allow. + */ + @Test + public void testCreateAuthenticationMechanismCallbackHandlerNull() throws HttpAuthenticationException { + try { + clientCertMechanismFactory.createAuthenticationMechanism("CLIENT_CERT", new HashMap(), null); + Assert.fail("CallbackHandler could not be null"); + } catch (IllegalArgumentException e) { + // OK - expected exception state + } + } + + /** + * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} + * does handle wrong mechanism name correctly - returns null. + */ + @Test + public void testCreateAuthenticationMechanismWrongMechanismName() throws HttpAuthenticationException { + HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = clientCertMechanismFactory.createAuthenticationMechanism("MECHANISM_NAME_DOES_NOT_EXISTS", new HashMap(), dummyCallbackHandler); + Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); + } +} diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 5244a968dc9..cfd502bcfe5 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -385,7 +385,10 @@ org.wildfly.security wildfly-elytron-digest - + + org.wildfly.security + wildfly-elytron-http-cert + org.wildfly.security wildfly-elytron-http diff --git a/tests/base/src/test/java/org/wildfly/security/http/cert/ClientCertAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/cert/ClientCertAuthenticationMechanismTest.java new file mode 100644 index 00000000000..6180ab1ed44 --- /dev/null +++ b/tests/base/src/test/java/org/wildfly/security/http/cert/ClientCertAuthenticationMechanismTest.java @@ -0,0 +1,85 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.cert; + +import mockit.Tested; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm; +import org.wildfly.security.auth.server.SecurityDomain; +import org.wildfly.security.cache.IdentityCache; +import org.wildfly.security.http.HttpAuthenticationException; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; +import org.wildfly.security.http.impl.AbstractBaseHttpTest; + +import javax.security.auth.x500.X500Principal; +import java.security.Provider; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; +import static org.wildfly.security.http.HttpConstants.*; + +public class ClientCertAuthenticationMechanismTest extends AbstractBaseHttpTest { + private static final Provider provider = WildFlyElytronHttpClientCertProvider.getInstance(); + + @Tested + private IdentityCache identityCache; + + @BeforeClass + public static void registerCertProvider() { + Security.insertProviderAt(provider, 1); + SecurityDomain securityDomain = SecurityDomain.builder().addRealm("Simple", new SimpleMapBackedSecurityRealm()).build().setDefaultRealmName("Simple").build(); + } + + @AfterClass + public static void removeCertProvider() { + Security.removeProvider(provider.getName()); + } + + private HttpServerAuthenticationMechanism createMechanism() throws HttpAuthenticationException { + Map props = new HashMap<>(); + return certFactory.createAuthenticationMechanism(CLIENT_CERT_NAME, props, getCallbackHandler("Duk3")); + } + + //Test request with no certs + @Test + public void testNoCert() throws Exception { + TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{}); + createMechanism().evaluateRequest(request); + Assert.assertEquals(Status.NO_AUTH, request.getResult()); + } + + //Test request with invalid/unknown cert + @Test + public void testUnknownCert() throws Exception { + TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{"Cert random"}, new X500Principal("CN=Duke, OU=Test, O=Wonderland, C=US")); + createMechanism().evaluateRequest(request); + Assert.assertEquals(Status.FAILED, request.getResult()); + } + + //Test request with known cert + @Test + public void testKnownCert() throws Exception { + TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{"Cert test"}, new X500Principal("CN=Duk3, OU=T3st, O=W0nd3rl4nd, C=US")); + createMechanism().evaluateRequest(request); + Assert.assertEquals(Status.COMPLETE, request.getResult()); + } +} diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java index 4e7640aca00..fc65b959925 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java @@ -31,6 +31,7 @@ import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.Certificate; +import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.util.ArrayList; import java.util.Arrays; @@ -42,25 +43,24 @@ import java.util.Map; import java.util.Objects; import java.util.Set; - import javax.net.ssl.SSLSession; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.x500.X500Principal; import javax.security.sasl.AuthorizeCallback; import javax.security.sasl.RealmCallback; - import org.hamcrest.CoreMatchers; import org.hamcrest.MatcherAssert; import org.junit.Assert; - import org.wildfly.security.auth.callback.AuthenticationCompleteCallback; import org.wildfly.security.auth.callback.AvailableRealmsCallback; import org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback; import org.wildfly.security.auth.callback.CredentialCallback; import org.wildfly.security.auth.callback.EvidenceVerifyCallback; import org.wildfly.security.auth.callback.IdentityCredentialCallback; +import org.wildfly.security.auth.callback.PrincipalAuthorizeCallback; import org.wildfly.security.auth.server.SecurityIdentity; import org.wildfly.security.authz.Roles; import org.wildfly.security.credential.BearerTokenCredential; @@ -68,6 +68,7 @@ import org.wildfly.security.credential.PasswordCredential; import org.wildfly.security.evidence.BearerTokenEvidence; import org.wildfly.security.evidence.PasswordGuessEvidence; +import org.wildfly.security.evidence.X509PeerCertificateChainEvidence; import org.wildfly.security.http.HttpAuthenticationException; import org.wildfly.security.http.HttpExchangeSpi; import org.wildfly.security.http.HttpScope; @@ -79,6 +80,7 @@ import org.wildfly.security.http.Scope; import org.wildfly.security.http.basic.BasicMechanismFactory; import org.wildfly.security.http.bearer.BearerMechanismFactory; +import org.wildfly.security.http.cert.ClientCertMechanismFactory; import org.wildfly.security.http.digest.DigestMechanismFactory; import org.wildfly.security.http.digest.NonceManager; import org.wildfly.security.http.external.ExternalMechanismFactory; @@ -89,17 +91,19 @@ import org.wildfly.security.password.spec.ClearPasswordSpec; import org.wildfly.security.password.spec.DigestPasswordAlgorithmSpec; import org.wildfly.security.password.spec.EncryptablePasswordSpec; +import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey; import mockit.Mock; import mockit.MockUp; -// has dependency on wildfly-elytron-sasl, wildfly-elytron-http-basic and wildfly-elytron-digest +// has dependency on wildfly-elytron-sasl, wildfly-elytron-http-cert, wildfly-elytron-http-basic and wildfly-elytron-digest public class AbstractBaseHttpTest { protected HttpServerAuthenticationMechanismFactory basicFactory = new BasicMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); protected HttpServerAuthenticationMechanismFactory digestFactory = new DigestMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); protected final HttpServerAuthenticationMechanismFactory externalFactory = new ExternalMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); protected final HttpServerAuthenticationMechanismFactory bearerFactory = new BearerMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); + protected HttpServerAuthenticationMechanismFactory certFactory = new ClientCertMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()[0]); protected HttpServerAuthenticationMechanismFactory statefulBasicFactory = new org.wildfly.security.http.sfbasic.BasicMechanismFactory(ELYTRON_PASSWORD_PROVIDERS.get()); protected void mockDigestNonce(final String nonce) { @@ -147,6 +151,7 @@ protected static class TestingHttpServerRequest implements HttpServerRequest { private List cookies; private String requestMethod = "GET"; private Map> requestHeaders = new HashMap<>(); + private X500Principal testPrincipal = null; public TestingHttpServerRequest(String[] authorization) { if (authorization != null) { @@ -156,6 +161,15 @@ public TestingHttpServerRequest(String[] authorization) { this.cookies = new ArrayList<>(); } + public TestingHttpServerRequest(String[] authorization, X500Principal principal) { + if (authorization != null) { + requestHeaders.put(AUTHORIZATION, Arrays.asList(authorization)); + } + this.remoteUser = null; + this.cookies = new ArrayList<>(); + this.testPrincipal = principal; + } + public TestingHttpServerRequest(String[] authorization, URI requestURI) { if (authorization != null) { requestHeaders.put(AUTHORIZATION, Arrays.asList(authorization)); @@ -215,12 +229,18 @@ public String getFirstRequestHeaderValue(String headerName) { return headerValues != null ? headerValues.get(0) : null; } + public SSLSession getSSLSession() { - throw new IllegalStateException(); + return null; } public Certificate[] getPeerCertificates() { - throw new IllegalStateException(); + if (testPrincipal != null) { + X509Certificate cert1 = SelfSignedX509CertificateAndSigningKey.builder().setDn(testPrincipal).build().getSelfSignedCertificate(); + return new Certificate[]{ cert1 }; + } + + return null; } public void noAuthenticationInProgress(HttpServerMechanismsResponder responder) { @@ -301,39 +321,43 @@ public boolean resumeRequest() { } public HttpScope getScope(Scope scope) { - return new HttpScope() { + if (scope.equals(Scope.SSL_SESSION)) { + return null; + } else { + return new HttpScope() { - @Override - public boolean exists() { - return true; - } + @Override + public boolean exists() { + return true; + } - @Override - public boolean create() { - return false; - } + @Override + public boolean create() { + return false; + } - @Override - public boolean supportsAttachments() { - return true; - } + @Override + public boolean supportsAttachments() { + return true; + } - @Override - public boolean supportsInvalidation() { - return false; - } + @Override + public boolean supportsInvalidation() { + return false; + } - @Override - public void setAttachment(String key, Object value) { - // no-op - } + @Override + public void setAttachment(String key, Object value) { + // no-op + } - @Override - public Object getAttachment(String key) { - return null; - } + @Override + public Object getAttachment(String key) { + return null; + } - }; + }; + } } public Collection getScopeIds(Scope scope) { @@ -407,6 +431,10 @@ public boolean forward(String path) { } } + protected CallbackHandler getCallbackHandler(String realm) { + return getCallbackHandler(null, realm, null); + }; + protected CallbackHandler getCallbackHandler(String username, String realm, String password) { return getCallbackHandler(username, realm, password, null, false); } @@ -464,6 +492,10 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri } else if (((EvidenceVerifyCallback) callback).getEvidence() instanceof BearerTokenEvidence) { BearerTokenEvidence evidence = (BearerTokenEvidence) ((EvidenceVerifyCallback) callback).getEvidence(); ((EvidenceVerifyCallback) callback).setVerified(Objects.equals(token, evidence.getToken())); + } else if (((EvidenceVerifyCallback) callback).getEvidence() instanceof X509PeerCertificateChainEvidence) { + X509PeerCertificateChainEvidence evidence = (X509PeerCertificateChainEvidence) ((EvidenceVerifyCallback) callback).getEvidence(); + evidence.setDecodedPrincipal(evidence.getFirstCertificate().getIssuerX500Principal()); + ((EvidenceVerifyCallback) callback).setVerified("CN=Duk3,OU=T3st,O=W0nd3rl4nd,C=US".equals(evidence.getFirstCertificate().getIssuerX500Principal().getName())); } } else if (callback instanceof AuthenticationCompleteCallback) { // NO-OP @@ -501,6 +533,9 @@ protected CallbackHandler getCallbackHandler(String username, String realm, Stri } else { ciac.setAuthorized(null); } + } else if (callback instanceof PrincipalAuthorizeCallback){ + PrincipalAuthorizeCallback pac = (PrincipalAuthorizeCallback) callback; + pac.setAuthorized(true); } else { throw new UnsupportedCallbackException(callback); } From f0a8fe20dc2b787e2f6e36b1cf4773a3f0cf29fa Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 10 Apr 2024 14:50:36 -0400 Subject: [PATCH 146/205] [ELY-2742] Release WildFly Elytron 2.4.0.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 2e7b5090fbb..a83c6eaae11 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 8198d3a07f5..6d9b499c2ba 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index c7fbf53190c..9f03782fcf1 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index ee05da6e750..4b9875beaa5 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 75e7f679014..024b1cd3004 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 85f2fa27cb7..a202e53513e 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 76460b58c01..eb92e5d992c 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 18c9cfc5e25..ffb4bafc5ea 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 855a57e509e..45dd0da2aa2 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 652f0a79282..9076289fa92 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 508ff16a30d..6645a445c99 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index cd70982c7df..5207f365231 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 81edbfdb830..ed5828b2e28 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 63bf240159d..a957ae0823b 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 0849376e5ef..cfc92862065 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index f4de168cac6..65fd7f14309 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 0b81e7e01d6..1187f405f66 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 09866d110ca..05167a28040 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 2eddd718f16..f8a99574022 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b5ccf25d9a5..d6b3198855a 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index c0c18c3cced..703b7f3f20a 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index dd699614fc9..8d777b23fa4 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 9882b1429ed..57e2550b966 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index e97b2f1e266..59cb4d4b6e7 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index d5474916620..84ea0d3380f 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index b70952556e3..2aa031dd46c 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index a0bebda5360..e24bc917d51 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 4b750d5b618..dd9bf10c3c1 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index a678666197b..137b97dfa78 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 594e2a18e5e..956b1702370 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 91435e7f55c..b4b872e96af 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 226cdcc9a79..1cccba1099d 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 2f879fa860e..902d33b0bc9 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 925a3c34b9b..1144ecb657f 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 5a14bec89d0..d6aeaa805fc 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index f6a56dc3129..eb7d620438f 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 897d30ff2eb..5e4a2a95cdd 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index ae23c051ef9..ff3da136b84 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 5aa99a08edd..1f613e38774 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 71ef01f9faa..82366bc9207 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 67554905302..68befd6f742 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index be336718ce3..1a1a6ce3226 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 1a3d78891f0..f68a4dd64d5 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 6b9236c65e2..c362ff4a23e 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 203a6d37ca8..8a03cee5630 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index ff6b188e4a4..12a88b08491 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 12602ac66bd..0971f2bbf79 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 9f592fa8e91..02a2968fbea 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 8b498077168..e421a2b8b93 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index cbf5c21012d..52c8c5b6405 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 2a6bcaa9014..01638c79e37 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index f580ae996be..0143c52084e 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index c32dded3d9e..4201c165d8e 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 4554a8b1d86..c6adeed16ba 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index e8a69f53220..0ea746dcfcc 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 2a012d29b27..a833ddd0f93 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index b71e0f0fb4b..70214e992cd 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 7243b918d40..e544766d9d7 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index ee8bac2334b..3b5b010d6ac 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 9382be910ab..09d3caf32da 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 04ac68bc97e..c421b07fe00 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 3def74fe802..78ab00b28e2 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 8b152d5ac4d..1c550aa4b42 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 532a45a3a8d..62aa592faeb 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 85f840cbd39..12e145d2b51 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 609bf8de9c3..5eef0d3c20c 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index cfd502bcfe5..175c90f16ae 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index eb10d1ab665..f2ca6175fec 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index acfe8413a99..76085855eb9 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 52357c61878..f18f0ff5836 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index de3245909e9..09b388e06e9 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index e145999ec29..314c1600230 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 1fa8e04ab63..518dd837a15 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index e4b94a27eae..24d8f274012 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 90136525a4f..bb507835f46 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index c8d99c614ae..c0d9959b742 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index e27e77fb401..8d8fd263e4d 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.CR2-SNAPSHOT + 2.4.0.Final ../../pom.xml From 12796fcf4a0108840ca35ad1ab367112f56a2d45 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 10 Apr 2024 14:52:13 -0400 Subject: [PATCH 147/205] Next is 2.4.1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index a83c6eaae11..498ed73df9d 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 6d9b499c2ba..80555f9b704 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 9f03782fcf1..fb35f1a40a2 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 4b9875beaa5..7a75b7f3e24 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 024b1cd3004..16b1ff38b97 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index a202e53513e..2c5356443b7 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index eb92e5d992c..768041dd849 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index ffb4bafc5ea..ff36d59d6b8 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 45dd0da2aa2..79215e83871 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 9076289fa92..3b3a3e8cdea 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 6645a445c99..467b3915f1b 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 5207f365231..dce6476f385 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index ed5828b2e28..6ecb7223350 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index a957ae0823b..ecc48fec1e6 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index cfc92862065..fbc13de59af 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 65fd7f14309..38b5891c490 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 1187f405f66..94a6af7fc0a 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 05167a28040..1696e672d66 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index f8a99574022..69819486e1d 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index d6b3198855a..1a8dd88d5de 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 703b7f3f20a..39878fd607e 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 8d777b23fa4..1c2d1962c3f 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 57e2550b966..ad77264d047 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 59cb4d4b6e7..1439d03d499 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 84ea0d3380f..fbf07ef8a57 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 2aa031dd46c..b1fb8e4a0c5 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index e24bc917d51..b57faa8ae27 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index dd9bf10c3c1..780f6a3cc6b 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 137b97dfa78..7a940b5a72b 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 956b1702370..4e2df560bd4 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index b4b872e96af..8b6f545bdf2 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 1cccba1099d..56e1e8a122d 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 902d33b0bc9..755e49af998 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 1144ecb657f..cdaecfcdaae 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index d6aeaa805fc..59b24e44497 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index eb7d620438f..ec4cf037295 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 5e4a2a95cdd..1676c6d94ca 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index ff3da136b84..ef9bb6da250 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 1f613e38774..55db50e2384 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 82366bc9207..59875fd9254 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 68befd6f742..4e00fa32b41 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 1a1a6ce3226..2e4b2bd7095 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index f68a4dd64d5..9aad6efa4ee 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index c362ff4a23e..6066c404283 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 8a03cee5630..a775bbaa651 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 12a88b08491..e0cbde7b751 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 0971f2bbf79..1d856c1bafe 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 02a2968fbea..02688f0a010 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index e421a2b8b93..5817d46b462 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 52c8c5b6405..98701cd51dd 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 01638c79e37..c3d93658908 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 0143c52084e..cc617140886 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 4201c165d8e..f3aeaf05528 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index c6adeed16ba..800394df457 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 0ea746dcfcc..2c7b3dc59ef 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index a833ddd0f93..4aec1dc0b3f 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 70214e992cd..7190b9e7075 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index e544766d9d7..11f551b101c 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 3b5b010d6ac..2f7a90045e6 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 09d3caf32da..b48fc9e5a94 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index c421b07fe00..28c8a1571f8 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 78ab00b28e2..ae2762b687b 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 1c550aa4b42..fce6702d899 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 62aa592faeb..8c84ef95966 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 12e145d2b51..ffec8184ab8 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 5eef0d3c20c..3885ad52414 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 175c90f16ae..2cbbf004a26 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index f2ca6175fec..0fe9ec25f40 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 76085855eb9..919723adea0 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index f18f0ff5836..a840988a5f5 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 09b388e06e9..07aed3ffea6 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 314c1600230..4921e22a06b 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 518dd837a15..a22220a4e9e 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 24d8f274012..7574dc41ec9 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index bb507835f46..23910c850b7 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index c0d9959b742..47663bfac07 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 8d8fd263e4d..e86e646fa24 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.0.Final + 2.4.1.CR1-SNAPSHOT ../../pom.xml From 1f762b4770959254ab950908133759e1e892e689 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 10 Apr 2024 16:22:37 -0400 Subject: [PATCH 148/205] [ELY-2742] Perform API check against 2.4.0.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 07aed3ffea6..6f1075dd465 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.3.1.Final + 2.4.0.Final jar From f70634c9a6fdddbd9873aae8186c6bdc32c9b888 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Tue, 28 Nov 2023 16:45:08 -0500 Subject: [PATCH 149/205] [ELY-2705] Update SecurityDomain#createAdHocIdentity so that it also calls SecurityDomain#transform to ensure that the security domain's security identity transformer gets used if configured --- .../security/auth/server/SecurityDomain.java | 2 +- .../auth/server/SecurityIdentity.java | 4 +- .../auth/server/AdHocIdentityTest.java | 151 ++++++++++++++++++ 3 files changed, 154 insertions(+), 3 deletions(-) create mode 100644 tests/base/src/test/java/org/wildfly/security/auth/server/AdHocIdentityTest.java diff --git a/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityDomain.java b/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityDomain.java index 389def4f891..e9313def179 100644 --- a/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityDomain.java +++ b/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityDomain.java @@ -675,7 +675,7 @@ public SecurityIdentity createAdHocIdentity(Principal principal) { if (sm != null) { sm.checkPermission(CREATE_AD_HOC_IDENTITY); } - return new SecurityIdentity(this, principal, EMPTY_REALM_INFO, AuthorizationIdentity.EMPTY, emptyMap(), IdentityCredentials.NONE, IdentityCredentials.NONE); + return this.transform(new SecurityIdentity(this, principal, EMPTY_REALM_INFO, AuthorizationIdentity.EMPTY, emptyMap(), IdentityCredentials.NONE, IdentityCredentials.NONE)); } Supplier getAndSetCurrentSecurityIdentity(Supplier newIdentity) { diff --git a/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityIdentity.java b/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityIdentity.java index 5a0857eed68..c7632469eda 100644 --- a/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityIdentity.java +++ b/auth/server/base/src/main/java/org/wildfly/security/auth/server/SecurityIdentity.java @@ -203,7 +203,7 @@ public final class SecurityIdentity implements PermissionVerifier, PermissionMap this.verifier = old.verifier; this.publicCredentials = old.publicCredentials; this.privateCredentials = old.privateCredentials; - this.withSuppliedIdentities = null; + this.withSuppliedIdentities = old.withSuppliedIdentities; this.withIdentities = old.withIdentities; } @@ -218,7 +218,7 @@ public final class SecurityIdentity implements PermissionVerifier, PermissionMap this.verifier = old.verifier; this.publicCredentials = old.publicCredentials; this.privateCredentials = old.privateCredentials; - this.withSuppliedIdentities = null; + this.withSuppliedIdentities = old.withSuppliedIdentities; this.withIdentities = old.withIdentities; } diff --git a/tests/base/src/test/java/org/wildfly/security/auth/server/AdHocIdentityTest.java b/tests/base/src/test/java/org/wildfly/security/auth/server/AdHocIdentityTest.java new file mode 100644 index 00000000000..22a21b50c7a --- /dev/null +++ b/tests/base/src/test/java/org/wildfly/security/auth/server/AdHocIdentityTest.java @@ -0,0 +1,151 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2023 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.auth.server; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.function.Supplier; +import java.util.function.UnaryOperator; + +import org.junit.Assert; +import org.junit.Test; +import org.wildfly.security.auth.permission.LoginPermission; +import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm; +import org.wildfly.security.auth.realm.SimpleRealmEntry; +import org.wildfly.security.authz.MapAttributes; +import org.wildfly.security.authz.RoleDecoder; +import org.wildfly.security.authz.RoleMapper; +import org.wildfly.security.authz.Roles; + +/** + * Tests for creating ad hoc identities. + * + * @author Farah Juma + */ +public class AdHocIdentityTest { + + @Test + public void testAdHocIdentityWithoutSecurityIdentityTransformer() { + SecurityDomain domain = getSecurityDomain(null); + SecurityIdentity identity = domain.createAdHocIdentity("alice"); + assertNotNull(identity); + assertEquals("alice", identity.getPrincipal().getName()); + assertTrue(identity.getRoles().isEmpty()); + } + + @Test + public void testAdHocIdentityWithSecurityIdentityTransformer() { + SecurityDomain domain = getSecurityDomain(securityIdentity -> securityIdentity.withDefaultRoleMapper(RoleMapper.constant(Roles.of("constantRole")))); + SecurityIdentity identity = domain.createAdHocIdentity("alice"); + assertNotNull(identity); + assertEquals("alice", identity.getPrincipal().getName()); + assertTrue(identity.getRoles().contains("constantRole")); + } + + @Test + public void testAdHocIdentityWithComplexSecurityIdentityTransformer() { + SecurityDomain outflowDomain = getSecurityDomain(getRealm(), null); + SecurityDomain domain = getSecurityDomain(securityIdentity -> outflow(securityIdentity, outflowDomain)); + + SecurityIdentity identity = domain.createAdHocIdentity("joe"); + assertNotNull(identity); + assertEquals("joe", identity.getPrincipal().getName()); + assertEquals(domain, identity.getSecurityDomain()); + + assertEquals(outflowDomain.getAnonymousSecurityIdentity(), outflowDomain.getCurrentSecurityIdentity()); + SecurityIdentity outflowDomainIdentity = identity.runAsSupplierEx(() -> outflowDomain.getCurrentSecurityIdentity()); + assertEquals("joe", outflowDomainIdentity.getPrincipal().getName()); + assertTrue(outflowDomainIdentity.getRoles().contains("User")); + } + + @Test + public void testAdHocIdentityWithComplexSecurityIdentityTransformerAndDefaultRoleMapper() { + SecurityDomain outflowDomain = getSecurityDomain(getRealm(), null); + + SecurityDomain domain = getSecurityDomain(securityIdentity -> outflow(securityIdentity, outflowDomain)); + SecurityIdentity identity = domain.createAdHocIdentity("joe"); + assertNotNull(identity); + assertEquals("joe", identity.getPrincipal().getName()); + assertEquals(domain, identity.getSecurityDomain()); + + identity = identity.withDefaultRoleMapper(RoleMapper.constant(Roles.of("constantRole"))); + assertTrue(identity.getRoles().contains("constantRole")); + assertEquals(outflowDomain.getAnonymousSecurityIdentity(), outflowDomain.getCurrentSecurityIdentity()); + SecurityIdentity outflowDomainIdentity = identity.runAsSupplierEx(() -> outflowDomain.getCurrentSecurityIdentity()); + assertEquals("joe", outflowDomainIdentity.getPrincipal().getName()); + assertTrue(outflowDomainIdentity.getRoles().contains("User")); + assertFalse(outflowDomainIdentity.getRoles().contains("constantRole")); + } + + private static void addUser(Map securityRealm, String userName, String roles) { + MapAttributes attributes = new MapAttributes(); + attributes.addAll(RoleDecoder.KEY_ROLES, Collections.singletonList(roles)); + securityRealm.put(userName, new SimpleRealmEntry(Collections.emptyList(), attributes)); + } + + private static SecurityDomain getSecurityDomain(UnaryOperator securityIdentityTransformer) { + return getSecurityDomain(null, securityIdentityTransformer); + } + + private static SecurityDomain getSecurityDomain(SecurityRealm realm, UnaryOperator securityIdentityTransformer) { + SecurityDomain.Builder securityDomainBuilder = SecurityDomain.builder(); + if (realm != null) { + securityDomainBuilder.addRealm("default", realm).build(); + securityDomainBuilder.setDefaultRealmName("default"); + securityDomainBuilder.setTrustedSecurityDomainPredicate(securityDomain -> true); // trusts all other domains + } + securityDomainBuilder.setPermissionMapper((permissionMappable, roles) -> LoginPermission.getInstance()); + if (securityIdentityTransformer != null) { + securityDomainBuilder.setSecurityIdentityTransformer(securityIdentityTransformer); + } + return securityDomainBuilder.build(); + } + + private static SecurityRealm getRealm() { + SimpleMapBackedSecurityRealm realm = new SimpleMapBackedSecurityRealm(); + Map users = new HashMap<>(); + addUser(users, "joe", "User"); + addUser(users, "bob", "User"); + realm.setIdentityMap(users); + return realm; + } + + private SecurityIdentity outflow(SecurityIdentity securityIdentity, SecurityDomain outflowDomain) { + return securityIdentity.withSecurityIdentitySupplier(performOutflow(securityIdentity, outflowDomain)); + } + + private static Supplier performOutflow(SecurityIdentity securityIdentity, SecurityDomain securityDomain) { + return () -> { + ServerAuthenticationContext context = securityDomain.createNewAuthenticationContext(); + try { + Assert.assertTrue(context.importIdentity(securityIdentity)); + } catch (RealmUnavailableException e) { + Assert.fail("Unable to import identity"); + } + SecurityIdentity outflowedIdentity = context.getAuthorizedIdentity(); + return new SecurityIdentity[] { outflowedIdentity }; + }; + } +} From 356bc447e8fc95a13275b8092ed7cf7ac5f79530 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 19 Apr 2024 10:28:12 -0400 Subject: [PATCH 150/205] [ELY-2749] Release WildFly Elytron 2.4.1.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 498ed73df9d..11704675a9a 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 80555f9b704..eca08deb2f2 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index fb35f1a40a2..6ca543ff229 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 7a75b7f3e24..7777836aeca 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 16b1ff38b97..be901ca8b57 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 2c5356443b7..09b0bf9ff01 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 768041dd849..00ae354335c 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index ff36d59d6b8..8618352bbd9 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 79215e83871..c93d5e1e501 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 3b3a3e8cdea..b5058a1fec5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 467b3915f1b..7c255991527 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index dce6476f385..baba6686e99 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 6ecb7223350..96808006fbb 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index ecc48fec1e6..c92f273f77c 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index fbc13de59af..a6002db0ea4 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 38b5891c490..1539dbab957 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 94a6af7fc0a..7542679663d 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 1696e672d66..0a1ec3d0273 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 69819486e1d..443a3b47a94 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 1a8dd88d5de..8b1cb6d6751 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 39878fd607e..bab565d49d2 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 1c2d1962c3f..d32397ce9fb 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index ad77264d047..938940c479a 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 1439d03d499..80a1eecca65 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index fbf07ef8a57..dbd16840dec 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index b1fb8e4a0c5..4ac96b8a8a7 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index b57faa8ae27..b3dadf416d6 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 780f6a3cc6b..ccf31626167 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 7a940b5a72b..d4d5e3e1ca7 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 4e2df560bd4..82fa4999b27 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 8b6f545bdf2..41c10299ef1 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 56e1e8a122d..98183698a6a 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 755e49af998..3eefef140af 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index cdaecfcdaae..09a1bae24da 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 59b24e44497..054acc203d7 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index ec4cf037295..1dce5ce1124 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 1676c6d94ca..7f6573ce391 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index ef9bb6da250..ff6f7f24f4c 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 55db50e2384..da63bdd6f9f 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 59875fd9254..6752f641088 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 4e00fa32b41..b935cf9e4ca 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 2e4b2bd7095..eb0190a4677 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 9aad6efa4ee..5a39239d4e2 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 6066c404283..aaf1476fd38 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index a775bbaa651..890418f5f61 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index e0cbde7b751..bff945bd820 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 1d856c1bafe..20e233d915f 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 02688f0a010..4b5167841d7 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 5817d46b462..95ac244f13c 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 98701cd51dd..512b96aa870 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index c3d93658908..68fa882cd27 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index cc617140886..f46fee4859b 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index f3aeaf05528..b1f0541a73e 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 800394df457..7a0d2ccca59 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 2c7b3dc59ef..18160d210dd 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 4aec1dc0b3f..4b7312b7a3f 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 7190b9e7075..da69ce80028 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 11f551b101c..ef9602c470d 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 2f7a90045e6..326bfff8605 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index b48fc9e5a94..b6fe6dcbc99 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 28c8a1571f8..4e3eaebaa29 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index ae2762b687b..4cb1cfbfa0f 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index fce6702d899..7b03d37e2eb 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 8c84ef95966..8ba86c7560b 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index ffec8184ab8..ba488473f6b 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 3885ad52414..736a36b6781 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 2cbbf004a26..b49c1beadff 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 0fe9ec25f40..612c11c84f4 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 919723adea0..d946b5316e3 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index a840988a5f5..05c1f5e079e 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 6f1075dd465..28f08d6f425 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 4921e22a06b..6b029d0d199 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index a22220a4e9e..a155a921309 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 7574dc41ec9..ecac57e7014 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 23910c850b7..ba380c485db 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 47663bfac07..f976683f918 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index e86e646fa24..620a04d6f5f 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.CR1-SNAPSHOT + 2.4.1.Final ../../pom.xml From edb8a3d51b6c8f161c9a0dabfabc901390a771ea Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 19 Apr 2024 10:29:39 -0400 Subject: [PATCH 151/205] Next is 2.4.2 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 11704675a9a..7f2a6d4e472 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index eca08deb2f2..b12dc503468 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 6ca543ff229..03f10fbe0d0 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 7777836aeca..62006ed1d06 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index be901ca8b57..22e7acf91e2 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 09b0bf9ff01..1c143b80ae9 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 00ae354335c..591784c440d 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 8618352bbd9..bc700a2f833 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index c93d5e1e501..54e046f0779 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index b5058a1fec5..09b64fc6c6c 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 7c255991527..8626fc570dc 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index baba6686e99..12d87121d82 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 96808006fbb..c6478cfedf1 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index c92f273f77c..5dcaac4f8c1 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index a6002db0ea4..67b6b780871 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 1539dbab957..a7001fbb8e9 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 7542679663d..b8baf3002c1 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 0a1ec3d0273..fad7524e610 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 443a3b47a94..9e51bece424 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 8b1cb6d6751..219601ff845 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index bab565d49d2..57f18e35e70 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index d32397ce9fb..bf0aaadc65e 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 938940c479a..d5457a8f2ed 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 80a1eecca65..ac4a963abab 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index dbd16840dec..f9b256e3994 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 4ac96b8a8a7..01738f6353d 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index b3dadf416d6..5a6a6ded3ad 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index ccf31626167..54cc2faf3d8 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index d4d5e3e1ca7..783701cca8f 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 82fa4999b27..5a484be6218 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 41c10299ef1..3c227618b75 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 98183698a6a..d77c29efff0 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 3eefef140af..0fef2bde022 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 09a1bae24da..c4579a0bed6 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 054acc203d7..88ee221d55d 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 1dce5ce1124..fd81e45cbfe 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 7f6573ce391..851713e8a4a 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index ff6f7f24f4c..0d526f33210 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index da63bdd6f9f..f59e7f7818f 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 6752f641088..b9726a60604 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index b935cf9e4ca..8dd5a8d35ed 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index eb0190a4677..fc5ecce6899 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 5a39239d4e2..edf63dfa5f8 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index aaf1476fd38..c35615338df 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 890418f5f61..cc68a6988b2 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index bff945bd820..fcebe148dc3 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 20e233d915f..5864bb1ac2d 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 4b5167841d7..424584a1bf1 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 95ac244f13c..b0dd3ac28bf 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 512b96aa870..28ca1e86683 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 68fa882cd27..bcf5fb32f87 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index f46fee4859b..0755215fcbe 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index b1f0541a73e..f2e2b070826 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 7a0d2ccca59..6750e50a786 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 18160d210dd..89be00ca310 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 4b7312b7a3f..54a13627c9b 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index da69ce80028..b72eb18ba70 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index ef9602c470d..1aa479ade4b 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 326bfff8605..885620b7cb8 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index b6fe6dcbc99..aac1f0fc6c0 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 4e3eaebaa29..a06e3f5239f 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 4cb1cfbfa0f..fa67a7bb16e 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 7b03d37e2eb..5b5ac2d4b29 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 8ba86c7560b..18f34c35c45 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index ba488473f6b..a3a17e97927 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 736a36b6781..9152e137e70 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index b49c1beadff..be45bc71c47 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 612c11c84f4..ea7ca5dde62 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index d946b5316e3..29f7a9b71e8 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 05c1f5e079e..288671f4070 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 28f08d6f425..7cc38dea7e9 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 6b029d0d199..119100fd2f7 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index a155a921309..3e9d8adc705 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index ecac57e7014..23209778905 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index ba380c485db..1239f4e8310 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index f976683f918..aab26321cbc 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 620a04d6f5f..86f1d821ea7 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.1.Final + 2.4.2.CR1-SNAPSHOT ../../pom.xml From e205b93ed6a9355d83dfa2382fbf9d786219a8bf Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 19 Apr 2024 10:47:43 -0400 Subject: [PATCH 152/205] [ELY-2749] Perform API check against 2.4.1.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 7cc38dea7e9..a550c9c4283 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.4.0.Final + 2.4.1.Final jar From 6a2e4d106c532e0aad386937f31b39466b2a4a88 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Tue, 30 Apr 2024 11:09:21 -0400 Subject: [PATCH 153/205] ELY-2755 Upgrade fasterxml to 2.17.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b0dd3ac28bf..12fb76eb189 100644 --- a/pom.xml +++ b/pom.xml @@ -56,7 +56,7 @@ 11 - 2.15.4 + 2.17.0 ${version.com.fasterxml.jackson} 1.6.0 4.0.1 From e4fd8267adbd74afded90471eb025e517dee22f4 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 6 May 2024 10:55:30 -0400 Subject: [PATCH 154/205] [ELY-2727] Update CI to also run with JDK 21 --- .github/workflows/pr-ci.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/pr-ci.yaml b/.github/workflows/pr-ci.yaml index c56d1e36f02..eb720698df9 100644 --- a/.github/workflows/pr-ci.yaml +++ b/.github/workflows/pr-ci.yaml @@ -11,12 +11,11 @@ on: jobs: build: - name: ${{ matrix.os }}-jdk${{ matrix.java }} runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest] - java: ['11', '21'] + java: ['11', '17', '21'] steps: - uses: actions/checkout@v2 - name: Set up JDK ${{ matrix.java }} From e7f29bdcb7d99ce65cd46da029d59fa55eba7d43 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 9 May 2024 13:17:23 -0400 Subject: [PATCH 155/205] [ELY-2756] Add tests to the elytron test suite to test to test OCSP with revoked and unknown certificates --- .../security/ssl/SSLAuthenticationTest.java | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 8666bf529f6..95a4358f384 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -729,6 +729,40 @@ public void testOcspGood() throws Throwable { "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedGood", false); } + @Test + public void testOcspRevoked() throws Throwable { + SSLContext serverContext = new SSLContextBuilder() + .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) + .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setTrustManager(X509RevocationTrustManager.builder() + .setTrustManagerFactory(getTrustManagerFactory()) + .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setOcspResponderCert(ocspResponderCertificate) + .build()) + .setNeedClientAuth(true) + .build().create(); + + performConnectionTest(serverContext, "protocol://test-two-way-ocsp-revoked.org", false, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", + "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedRevoked", false); + } + + @Test + public void testOcspUnknown() throws Throwable { + SSLContext serverContext = new SSLContextBuilder() + .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) + .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setTrustManager(X509RevocationTrustManager.builder() + .setTrustManagerFactory(getTrustManagerFactory()) + .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setOcspResponderCert(ocspResponderCertificate) + .build()) + .setNeedClientAuth(true) + .build().create(); + + performConnectionTest(serverContext, "protocol://test-two-way-ocsp-unknown.org", false, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", + "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedUnknown", false); + } + @Test public void testOcspMaxCertPathNeg1() throws Throwable { ocspMaxCertPathCommon(-1, false); From ac72762fb91a7064f22a732a358ab902e98d8351 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 24 Apr 2024 17:17:29 -0400 Subject: [PATCH 156/205] [ELY-2752] Ensure it's possible to make use of a custom principal-attribute value for OIDC --- .../security/http/oidc/ElytronMessages.java | 4 + .../security/http/oidc/JsonWebToken.java | 9 ++- .../security/http/oidc/OidcBaseTest.java | 14 +++- .../wildfly/security/http/oidc/OidcTest.java | 77 ++++++++++++++++--- 4 files changed, 90 insertions(+), 14 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java index 3c702319393..ac5e2861fc3 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java @@ -234,5 +234,9 @@ interface ElytronMessages extends BasicLogger { @Message(id = 23056, value = "No message entity") IOException noMessageEntity(); + @LogMessage(level = DEBUG) + @Message(id = 23057, value = "principal-attribute '%s' claim does not exist, falling back to 'sub'") + void principalAttributeClaimDoesNotExist(String principalAttributeClaim); + } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java index 1b27f19a031..b806a0e7122 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JsonWebToken.java @@ -297,7 +297,14 @@ public String getPrincipalName(OidcClientConfiguration deployment) { case NICKNAME: return getNickName(); default: - return getSubject(); + String claimValue = getClaimValueAsString(attr); + if (claimValue != null) { + return claimValue; + } else { + // fall back to sub claim + log.principalAttributeClaimDoesNotExist(attr); + return getSubject(); + } } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index 68d4712547c..587945a523d 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -77,6 +77,7 @@ public class OidcBaseTest extends AbstractBaseHttpTest { public static final String CLIENT_SECRET = "secret"; public static KeycloakContainer KEYCLOAK_CONTAINER; public static final String TEST_REALM = "WildFly"; + public static final String TEST_REALM_WITH_SCOPES = "WildFlyScopes"; public static final String TENANT1_REALM = "tenant1"; public static final String TENANT2_REALM = "tenant2"; public static final String KEYCLOAK_USERNAME = "username"; @@ -131,15 +132,26 @@ protected static boolean isDockerAvailable() { } } protected CallbackHandler getCallbackHandler() { - return getCallbackHandler(false, null); + return getCallbackHandler(false, null, null); + } + + protected CallbackHandler getCallbackHandler(String expectedPrincipal) { + return getCallbackHandler(false, null, expectedPrincipal); } protected CallbackHandler getCallbackHandler(boolean checkScope, String expectedScopes) { + return getCallbackHandler(checkScope, expectedScopes, null); + } + + protected CallbackHandler getCallbackHandler(boolean checkScope, String expectedScopes, String expectedPrincipal) { return callbacks -> { for(Callback callback : callbacks) { if (callback instanceof EvidenceVerifyCallback) { Evidence evidence = ((EvidenceVerifyCallback) callback).getEvidence(); ((EvidenceVerifyCallback) callback).setVerified(evidence.getDecodedPrincipal() != null); + if (expectedPrincipal != null) { + assertEquals(expectedPrincipal, evidence.getDecodedPrincipal().getName()); + } } else if (callback instanceof AuthenticationCompleteCallback) { // NO-OP } else if (callback instanceof IdentityCredentialCallback) { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 3e6057a77ce..1556424ac12 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -40,6 +40,8 @@ import java.util.HashMap; import java.util.Map; +import javax.security.auth.callback.CallbackHandler; + import org.apache.http.HttpStatus; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -70,7 +72,8 @@ public static void startTestContainers() throws Exception { assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); KEYCLOAK_CONTAINER = new KeycloakContainer(); KEYCLOAK_CONTAINER.start(); - sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, CONFIGURE_CLIENT_SCOPES)); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, false)); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM_WITH_SCOPES, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, CONFIGURE_CLIENT_SCOPES)); sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TENANT1_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, ACCESS_TOKEN_LIFESPAN, SESSION_MAX_LIFESPAN, false, true)); sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TENANT2_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, ACCESS_TOKEN_LIFESPAN, SESSION_MAX_LIFESPAN, false, true)); client = new MockWebServer(); @@ -85,6 +88,11 @@ public static void generalCleanup() throws Exception { .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) .when() .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); + RestAssured + .given() + .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) + .when() + .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM_WITH_SCOPES).then().statusCode(204); RestAssured .given() .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) @@ -235,6 +243,31 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); } + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + CallbackHandler callbackHandler) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, + clientPageText, null, false, callbackHandler); + } + + @Test + public void testPrincipalAttribute() throws Exception { + // custom principal-attribute + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("aud"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler( "test-webapp")); + + // standard principal-attribute + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("given_name"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler("Alice")); + + // invalid principal-attribute, logging in should still succeed + performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("invalid_claim"), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, + getCallbackHandler()); + } + /***************************************************************************************************************************************** * Tests for multi-tenancy. * @@ -411,7 +444,8 @@ private void testNonExistingUser(String username, String password, String tenant } private void loginToAppMultiTenancy(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + CallbackHandler callbackHandler) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -419,8 +453,8 @@ private void loginToAppMultiTenancy(InputStream oidcConfig, String username, Str OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism; - mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, callbackHandler); URI requestUri = new URI(getClientUrl()); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); @@ -494,7 +528,17 @@ private void performTenantRequest(String username, String password, String tenan } private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + String expectedScope, boolean checkInvalidScopeError) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, + clientPageText, expectedScope, checkInvalidScopeError, getCallbackHandler(checkInvalidScopeError, + expectedScope, null)); + } + + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, + String expectedScope, boolean checkInvalidScopeError, + CallbackHandler callbackHandler) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -502,12 +546,7 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism; - if (expectedScope == null) { - mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); - } else { - mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, expectedScope)); - } + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, callbackHandler); URI requestUri = new URI(getClientUrl()); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); @@ -640,7 +679,7 @@ private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ String oidcConfig = "{\n" + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + " \"public-client\" : \"false\",\n" + " \"scope\" : \"" + scopeValue + "\",\n" + " \"ssl-required\" : \"EXTERNAL\",\n" + @@ -651,6 +690,20 @@ private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } + private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { + String oidcConfig = "{\n" + + " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + + " \"resource\" : \"" + CLIENT_ID + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + static InputStream getTenantConfigWithAuthServerUrl(String tenant) { String oidcConfig = "{\n" + " \"realm\" : \"" + tenant + "\",\n" + From 23ef82b96cb44d6707c7ac882e1e73775a19af15 Mon Sep 17 00:00:00 2001 From: ChristinaDsl Date: Tue, 14 May 2024 13:32:43 +0300 Subject: [PATCH 157/205] [ELY-2741] Enhance TRACE logging for the EXTERNAL HTTP mechanism --- .../http/external/ExternalAuthenticationMechanism.java | 7 +++++++ x500/cert/util/pom.xml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java b/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java index 8dc6da9b21a..bd6021da8cc 100644 --- a/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java +++ b/http/external/src/main/java/org/wildfly/security/http/external/ExternalAuthenticationMechanism.java @@ -59,19 +59,24 @@ public void evaluateRequest(HttpServerRequest request) throws HttpAuthentication String remoteUser = request.getRemoteUser(); if (remoteUser == null) { + httpExternal.trace("The remote-user was not obtained from the request"); request.noAuthenticationInProgress(); return; } if (authorize(remoteUser)) { + httpExternal.tracef("Authorization of user [%s] succeed", remoteUser); succeed(request); } else { + httpExternal.tracef("Authorization of user [%s] failed", remoteUser); fail(request); } } private boolean authorize(String username) throws HttpAuthenticationException { + httpExternal.tracef("Authorizing username: [%s]",username); + AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username); try { MechanismUtil.handleCallbacks(httpExternal, callbackHandler, authorizeCallback); @@ -88,6 +93,7 @@ private void succeed(HttpServerRequest request) throws HttpAuthenticationExcepti MechanismUtil.handleCallbacks(httpExternal, callbackHandler, AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); } catch (AuthenticationMechanismException e) { + httpExternal.trace("Failed to complete successful authentication", e); throw e.toHttpAuthenticationException(); } catch (UnsupportedCallbackException e) { throw httpExternal.mechCallbackHandlerFailedForUnknownReason(e).toHttpAuthenticationException(); @@ -99,6 +105,7 @@ private void fail(HttpServerRequest request) throws HttpAuthenticationException MechanismUtil.handleCallbacks(httpExternal, callbackHandler, AuthenticationCompleteCallback.FAILED); request.authenticationFailed(httpExternal.authenticationFailed(), response -> response.setStatusCode(FORBIDDEN)); } catch (AuthenticationMechanismException e) { + httpExternal.trace("Failed authentication not completed", e); throw e.toHttpAuthenticationException(); } catch (UnsupportedCallbackException e) { throw httpExternal.mechCallbackHandlerFailedForUnknownReason(e).toHttpAuthenticationException(); diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 1239f4e8310..32256fd5d95 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -55,7 +55,7 @@ org.jboss.logging jboss-logging-processor provided - + From 7b8abd83d72f4b24257ad3f0c4c5802e04332a73 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 1 May 2024 11:20:04 -0400 Subject: [PATCH 158/205] [ELY-2340] Move some test methods to OidcBaseTest --- .../security/http/oidc/BearerTest.java | 2 +- .../security/http/oidc/OidcBaseTest.java | 70 ++++++++++++++ .../wildfly/security/http/oidc/OidcTest.java | 93 ------------------- 3 files changed, 71 insertions(+), 94 deletions(-) diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java index 1aacbe3239d..18c4b2f087d 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java @@ -488,7 +488,7 @@ private InputStream getOidcConfigurationInputStream(String authServerUrl) { return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithProviderUrl() { + protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { String oidcConfig = "{\n" + " \"client-id\" : \"" + BEARER_ONLY_CLIENT_ID + "\",\n" + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index 587945a523d..2891eb90cdf 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -21,9 +21,14 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; +import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.InputStream; import java.net.URI; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -54,6 +59,7 @@ import org.wildfly.security.jose.util.JsonSerialization; import com.gargoylesoftware.htmlunit.SilentCssErrorHandler; +import com.gargoylesoftware.htmlunit.TextPage; import com.gargoylesoftware.htmlunit.WebClient; import com.gargoylesoftware.htmlunit.html.HtmlForm; import com.gargoylesoftware.htmlunit.html.HtmlInput; @@ -64,6 +70,7 @@ import okhttp3.mockwebserver.Dispatcher; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; +import okhttp3.mockwebserver.QueueDispatcher; import okhttp3.mockwebserver.RecordedRequest; /** @@ -332,4 +339,67 @@ protected void checkForScopeClaims(Callback callback, String expectedScopes) thr } } } + + // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); + } + + private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + try { + Map props = new HashMap<>(); + OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); + assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); + + OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); + oidcFactory = new OidcMechanismFactory(oidcClientContext); + HttpServerAuthenticationMechanism mechanism; + if (expectedScope == null) { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + } else { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, expectedScope)); + } + + URI requestUri = new URI(getClientUrl()); + TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); + mechanism.evaluateRequest(request); + TestingHttpServerResponse response = request.getResponse(); + assertEquals(loginToKeycloak ? HttpStatus.SC_MOVED_TEMPORARILY : HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + assertEquals(Status.NO_AUTH, request.getResult()); + if (expectedScope != null) { + assertTrue(response.getFirstResponseHeaderValue("Location").contains("scope=" + expectedScope)); + } + + if (loginToKeycloak) { + client.setDispatcher(createAppResponse(mechanism, expectedDispatcherStatusCode, expectedLocation, clientPageText)); + + if (checkInvalidScopeError) { + WebClient webClient = getWebClient(); + TextPage keycloakLoginPage = webClient.getPage(response.getLocation()); + assertTrue(keycloakLoginPage.getWebResponse().getWebRequest().toString().contains("error_description=Invalid+scopes")); + } else { + TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), + response.getCookies()).click(); + assertTrue(page.getContent().contains(clientPageText)); + } + } + } finally { + client.setDispatcher(new QueueDispatcher()); + } + } + + protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { + String oidcConfig = "{\n" + + " \"resource\" : \"" + CLIENT_ID + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index 1556424ac12..b7e1ce6ec6a 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -237,37 +237,6 @@ public void testOpenIDWithMultipleScopeValue() throws Exception { true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); } - // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); - } - - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, - CallbackHandler callbackHandler) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, - clientPageText, null, false, callbackHandler); - } - - @Test - public void testPrincipalAttribute() throws Exception { - // custom principal-attribute - performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("aud"), KeycloakConfiguration.ALICE, - KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, - getCallbackHandler( "test-webapp")); - - // standard principal-attribute - performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("given_name"), KeycloakConfiguration.ALICE, - KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, - getCallbackHandler("Alice")); - - // invalid principal-attribute, logging in should still succeed - performAuthentication(getOidcConfigurationInputStreamWithPrincipalAttribute("invalid_claim"), KeycloakConfiguration.ALICE, - KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, - getCallbackHandler()); - } - /***************************************************************************************************************************************** * Tests for multi-tenancy. * @@ -527,55 +496,6 @@ private void performTenantRequest(String username, String password, String tenan } } - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, - String expectedScope, boolean checkInvalidScopeError) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, - clientPageText, expectedScope, checkInvalidScopeError, getCallbackHandler(checkInvalidScopeError, - expectedScope, null)); - } - - private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, - String expectedScope, boolean checkInvalidScopeError, - CallbackHandler callbackHandler) throws Exception { - try { - Map props = new HashMap<>(); - OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); - assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); - - OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); - oidcFactory = new OidcMechanismFactory(oidcClientContext); - HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, callbackHandler); - - URI requestUri = new URI(getClientUrl()); - TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); - mechanism.evaluateRequest(request); - TestingHttpServerResponse response = request.getResponse(); - assertEquals(loginToKeycloak ? HttpStatus.SC_MOVED_TEMPORARILY : HttpStatus.SC_FORBIDDEN, response.getStatusCode()); - assertEquals(Status.NO_AUTH, request.getResult()); - if (expectedScope != null) { - assertTrue(response.getFirstResponseHeaderValue("Location").contains("scope=" + expectedScope)); - } - - if (loginToKeycloak) { - client.setDispatcher(createAppResponse(mechanism, expectedDispatcherStatusCode, expectedLocation, clientPageText)); - - if (checkInvalidScopeError) { - WebClient webClient = getWebClient(); - TextPage keycloakLoginPage = webClient.getPage(response.getLocation()); - assertTrue(keycloakLoginPage.getWebResponse().getWebRequest().toString().contains("error_description=Invalid+scopes")); - } else { - TextPage page = loginToKeycloak(username, password, requestUri, response.getLocation(), - response.getCookies()).click(); - assertTrue(page.getContent().contains(clientPageText)); - } - } - } finally { - client.setDispatcher(new QueueDispatcher()); - } - } - private InputStream getOidcConfigurationInputStream() { return getOidcConfigurationInputStream(CLIENT_SECRET); } @@ -598,19 +518,6 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithProviderUrl() { - String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + - " }\n" + - "}"; - return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); - } - private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() { String oidcConfig = "{\n" + " \"resource\" : \"" + CLIENT_ID + "\",\n" + From dcbadba73db8e1ad2d4aa8f31bcc7bc97266d9fe Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 1 May 2024 11:20:44 -0400 Subject: [PATCH 159/205] [ELY-2340] Add the ability to allow query params in redirect URIs via a new system property --- .../org/wildfly/security/http/oidc/Oidc.java | 2 + .../http/oidc/OidcRequestAuthenticator.java | 21 ++++- .../security/http/oidc/OidcBaseTest.java | 20 ++++- .../http/oidc/QueryParamsBaseTest.java | 61 ++++++++++++++ .../http/oidc/QueryParamsDisabledTest.java | 74 ++++++++++++++++ .../http/oidc/QueryParamsEnabledTest.java | 84 +++++++++++++++++++ 6 files changed, 258 insertions(+), 4 deletions(-) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index 2052af1a0c1..f42313b7f58 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -65,6 +65,7 @@ public class Oidc { public static final String FACES_REQUEST = "Faces-Request"; public static final String GRANT_TYPE = "grant_type"; public static final String INVALID_TOKEN = "invalid_token"; + public static final String ISSUER = "iss"; public static final String LOGIN_HINT = "login_hint"; public static final String DOMAIN_HINT = "domain_hint"; public static final String MAX_AGE = "max_age"; @@ -113,6 +114,7 @@ public class Oidc { static final String KEYCLOAK_QUERY_BEARER_TOKEN = "k_query_bearer_token"; static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256"; public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME = "wildfly.elytron.oidc.disable.typ.claim.validation"; + public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME = "wildfly.elytron.oidc.allow.query.params"; public static final String X_REQUESTED_WITH = "X-Requested-With"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java index dbb3f056874..bf67e938598 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java @@ -19,10 +19,12 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID; import static org.wildfly.security.http.oidc.Oidc.CODE; import static org.wildfly.security.http.oidc.Oidc.DOMAIN_HINT; import static org.wildfly.security.http.oidc.Oidc.ERROR; +import static org.wildfly.security.http.oidc.Oidc.ISSUER; import static org.wildfly.security.http.oidc.Oidc.KC_IDP_HINT; import static org.wildfly.security.http.oidc.Oidc.LOGIN_HINT; import static org.wildfly.security.http.oidc.Oidc.MAX_AGE; @@ -43,6 +45,8 @@ import java.net.MalformedURLException; import java.net.URISyntaxException; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; @@ -74,6 +78,17 @@ public class OidcRequestAuthenticator { protected String refreshToken; protected String strippedOauthParametersRequestUri; + static final boolean ALLOW_QUERY_PARAMS_PROPERTY; + + static { + ALLOW_QUERY_PARAMS_PROPERTY = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Boolean run() { + return Boolean.parseBoolean(System.getProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, "false")); + } + }); + } + public OidcRequestAuthenticator(RequestAuthenticator requestAuthenticator, OidcHttpFacade facade, OidcClientConfiguration deployment, int sslRedirectPort, OidcTokenStore tokenStore) { this.reqAuthenticator = requestAuthenticator; this.facade = facade; @@ -375,11 +390,15 @@ protected AuthChallenge resolveCode(String code) { private static String stripOauthParametersFromRedirect(String uri) { uri = stripQueryParam(uri, CODE); uri = stripQueryParam(uri, STATE); - return stripQueryParam(uri, SESSION_STATE); + uri = stripQueryParam(uri, SESSION_STATE); + return stripQueryParam(uri, ISSUER); } private String rewrittenRedirectUri(String originalUri) { Map rewriteRules = deployment.getRedirectRewriteRules(); + if (ALLOW_QUERY_PARAMS_PROPERTY && (rewriteRules == null || rewriteRules.isEmpty())) { + return originalUri; + } try { URL url = new URL(originalUri); Map.Entry rule = null; diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index 2891eb90cdf..de3115d96b0 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -343,11 +343,25 @@ protected void checkForScopeClaims(Callback callback, String expectedScopes) thr // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, int expectedDispatcherStatusCode, String expectedLocation, String clientPageText) throws Exception { - performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, expectedLocation, clientPageText, null, false); + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, getClientUrl(), expectedLocation, + clientPageText, null, false); + } + + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, + int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, clientUrl, expectedLocation, + clientPageText, null, false); + } + + protected void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, int expectedDispatcherStatusCode, + String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + performAuthentication(oidcConfig, username, password, loginToKeycloak, expectedDispatcherStatusCode, getClientUrl(), expectedLocation, clientPageText, + expectedScope, checkInvalidScopeError); } private void performAuthentication(InputStream oidcConfig, String username, String password, boolean loginToKeycloak, - int expectedDispatcherStatusCode, String expectedLocation, String clientPageText, String expectedScope, boolean checkInvalidScopeError) throws Exception { + int expectedDispatcherStatusCode, String clientUrl, String expectedLocation, String clientPageText, + String expectedScope, boolean checkInvalidScopeError) throws Exception { try { Map props = new HashMap<>(); OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); @@ -362,7 +376,7 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, expectedScope)); } - URI requestUri = new URI(getClientUrl()); + URI requestUri = new URI(clientUrl); TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); mechanism.evaluateRequest(request); TestingHttpServerResponse response = request.getResponse(); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java new file mode 100644 index 00000000000..e6bb2762ed5 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsBaseTest.java @@ -0,0 +1,61 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.junit.Assume.assumeTrue; + +import org.junit.AfterClass; +import org.junit.BeforeClass; + +import io.restassured.RestAssured; +import okhttp3.mockwebserver.MockWebServer; + +/** + * Tests for the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsBaseTest extends OidcBaseTest { + + @BeforeClass + public static void startTestContainers() throws Exception { + assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); + KEYCLOAK_CONTAINER = new KeycloakContainer(); + KEYCLOAK_CONTAINER.start(); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, 3, 3, false, true)); + client = new MockWebServer(); + client.start(CLIENT_PORT); + } + + @AfterClass + public static void generalCleanup() throws Exception { + if (KEYCLOAK_CONTAINER != null) { + RestAssured + .given() + .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) + .when() + .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); + KEYCLOAK_CONTAINER.stop(); + } + if (client != null) { + client.shutdown(); + } + } + +} diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java new file mode 100644 index 00000000000..f32771d3812 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsDisabledTest.java @@ -0,0 +1,74 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.junit.Assume.assumeFalse; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; + +import org.apache.http.HttpStatus; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Tests for disabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsDisabledTest extends QueryParamsBaseTest { + + @BeforeClass + public static void beforeClass() { + assumeFalse("wildfly.elytron.oidc.allow.query.params should default to false", + Boolean.parseBoolean(System.getProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME))); + } + + /** + * Test successfully logging in without query params included in the URL. + */ + @Test + public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyDisabled() throws Exception { + String originalUrl = getClientUrl(); + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + + /** + * Test successfully logging in with query params included in the URL. + * The query params should not be present upon redirect. + */ + @Test + public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyDisabled() throws Exception { + String queryParams = "?myparam=abc"; + String originalUrl = getClientUrl() + queryParams; + String expectedUrlAfterRedirect = getClientUrl(); + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, + originalUrl, expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + + queryParams = "?one=abc&two=def&three=ghi"; + originalUrl = getClientUrl() + queryParams; + expectedUrlAfterRedirect = getClientUrl(); + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + +} diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java new file mode 100644 index 00000000000..d16cc998ffb --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java @@ -0,0 +1,84 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; + +import org.apache.http.HttpStatus; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Tests for enabling query params via the {@code wildfly.elytron.oidc.allow.query.params} system property. + * + * @author Farah Juma + */ +public class QueryParamsEnabledTest extends QueryParamsBaseTest { + + private static String ALLOW_QUERY_PARAMS_PROPERTY; + + @BeforeClass + public static void beforeClass() { + ALLOW_QUERY_PARAMS_PROPERTY = System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, "true"); + } + + @AfterClass + public static void afterClass() { + if (ALLOW_QUERY_PARAMS_PROPERTY == null) { + System.clearProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME); + } else { + System.setProperty(ALLOW_QUERY_PARAMS_PROPERTY_NAME, ALLOW_QUERY_PARAMS_PROPERTY); + } + } + + /** + * Test successfully logging in without query params included in the URL. + */ + @Test + public void testSuccessfulAuthenticationWithoutQueryParamsWithSystemPropertyEnabled() throws Exception { + String originalUrl = getClientUrl(); + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + + /** + * Test successfully logging in with query params included in the URL. + * The query params should be present upon redirect. + */ + @Test + public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyEnabled() throws Exception { + String queryParams = "?myparam=abc"; + String originalUrl = getClientUrl() + queryParams; + String expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + + queryParams = "?one=abc&two=def&three=ghi"; + originalUrl = getClientUrl() + queryParams; + expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + } + +} From 1dfa97fb282dad2b438a8dc7636398860a9d51e1 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 16 May 2024 16:29:45 -0400 Subject: [PATCH 160/205] [ELY-2758] Release WildFly Elytron 2.4.2.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 7f2a6d4e472..d3c3c60ab9e 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index b12dc503468..e29efa4e1c1 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 03f10fbe0d0..89553210ea9 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 62006ed1d06..47999c51633 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 22e7acf91e2..3d9b84bfcde 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 1c143b80ae9..ac7c8a9c4cd 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 591784c440d..c83e27a23a5 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index bc700a2f833..b4d55e9c468 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 54e046f0779..b6a11c7e61a 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 09b64fc6c6c..14ef268c4cc 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 8626fc570dc..85383c61520 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 12d87121d82..de5250b47db 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index c6478cfedf1..b4922f00d0f 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 5dcaac4f8c1..cbe27ed1f41 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 67b6b780871..4ccaece9da3 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index a7001fbb8e9..bea2884f937 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index b8baf3002c1..3adc34f1ba8 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index fad7524e610..8a205983ec5 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 9e51bece424..fb24940a4a8 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 219601ff845..b2111c0c046 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 57f18e35e70..f26d7132de7 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index bf0aaadc65e..5ecd308dc19 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index d5457a8f2ed..0970a19fe55 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index ac4a963abab..25d2b7f3acd 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index f9b256e3994..d15a7538ecc 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 01738f6353d..a6914069304 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 5a6a6ded3ad..e6aa9c3fe54 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 54cc2faf3d8..fbfa281ab26 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 783701cca8f..446007e8675 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 5a484be6218..21effa5d126 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 3c227618b75..6071f8d0e9f 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index d77c29efff0..438cc19ac18 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 0fef2bde022..8a9c1fe8221 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index c4579a0bed6..ddb672210bf 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 88ee221d55d..9d64e420bc9 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index fd81e45cbfe..82bc3bf927f 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 851713e8a4a..0d1081d413b 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 0d526f33210..48df4a8643e 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index f59e7f7818f..dd2086f8335 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index b9726a60604..4de00051acb 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 8dd5a8d35ed..743a6990e25 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index fc5ecce6899..2b61cbed1b8 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index edf63dfa5f8..9ec1a6e4495 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index c35615338df..960ec76abc0 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index cc68a6988b2..b0afbd172c9 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index fcebe148dc3..d9ceeee6ff9 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 5864bb1ac2d..b109aae118d 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 424584a1bf1..53af889d03a 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 12fb76eb189..54837aca624 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 28ca1e86683..48e8d34e35a 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index bcf5fb32f87..6c1f96296f3 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 0755215fcbe..2af6ca48fd8 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index f2e2b070826..4d53af9dfca 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 6750e50a786..ea88b01bbe9 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 89be00ca310..90869026a2d 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 54a13627c9b..18671375e94 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index b72eb18ba70..2287b8e76b2 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 1aa479ade4b..1d18249a8e9 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 885620b7cb8..f315f7e768d 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index aac1f0fc6c0..53c023863c1 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index a06e3f5239f..7833260af0c 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index fa67a7bb16e..0c0b7e60b0b 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 5b5ac2d4b29..db7e6067c89 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 18f34c35c45..65e1cf9ba7b 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index a3a17e97927..42f3b2936c8 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 9152e137e70..cc491f949eb 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index f807e659de9..e93ed58f041 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index ea7ca5dde62..7dbfe0a53e9 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 29f7a9b71e8..e4fa8db2764 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 288671f4070..355fff148d6 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index a550c9c4283..e576b750f70 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 119100fd2f7..7b44b1514a8 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 3e9d8adc705..7f33ceac947 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 23209778905..dd30c5d4de9 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 1239f4e8310..c438bb0e938 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index aab26321cbc..c80a59fae21 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 86f1d821ea7..d026ac485d7 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.CR1-SNAPSHOT + 2.4.2.Final ../../pom.xml From bed8b7a7d9df2effbaddd9925f25203d6d18ad31 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 16 May 2024 16:30:44 -0400 Subject: [PATCH 161/205] Next is 2.4.3 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index d3c3c60ab9e..1d5870a49ed 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index e29efa4e1c1..ee3aeb60e7f 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 89553210ea9..3aeca13633d 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 47999c51633..c8aeb636339 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 3d9b84bfcde..76c3377cbea 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index ac7c8a9c4cd..71e459eec67 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index c83e27a23a5..8c7584d297c 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index b4d55e9c468..a5a73fb96a7 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index b6a11c7e61a..14de6c34c2f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 14ef268c4cc..a5dec68a4e5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 85383c61520..dead47e6357 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index de5250b47db..dd2e695b889 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index b4922f00d0f..598a6cca097 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index cbe27ed1f41..5343bd1feeb 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 4ccaece9da3..1f8d4fa4a1f 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index bea2884f937..93a89f2c0df 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 3adc34f1ba8..707606c202b 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 8a205983ec5..b3f4dd560eb 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index fb24940a4a8..e0d7248116a 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b2111c0c046..b8fa608f8bb 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index f26d7132de7..4fa5e15bb61 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 5ecd308dc19..4c94881b7dd 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 0970a19fe55..1bdfe47d500 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 25d2b7f3acd..cb28748e2aa 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index d15a7538ecc..2bc423a2d57 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index a6914069304..f3ef094dc9d 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index e6aa9c3fe54..e1f17952803 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index fbfa281ab26..9f42da89bba 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 446007e8675..f5ea32e740c 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 21effa5d126..64a7f7285d2 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 6071f8d0e9f..7d452717d31 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 438cc19ac18..3e53575ee4d 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 8a9c1fe8221..c557c78a896 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index ddb672210bf..0b0b50ba2f6 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 9d64e420bc9..9c6941587f3 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 82bc3bf927f..7e4bb3e80b7 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 0d1081d413b..2ec4684d21e 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 48df4a8643e..a984ae39bf4 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index dd2086f8335..75961d93671 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 4de00051acb..0f20345e31c 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 743a6990e25..09a74c3f7b5 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 2b61cbed1b8..cd7f998a223 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 9ec1a6e4495..6b6ee6768d8 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 960ec76abc0..ec0ff16786a 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index b0afbd172c9..780b6ca04b2 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index d9ceeee6ff9..d451cca80ac 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index b109aae118d..1be768c6d23 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 53af889d03a..e17dbcf59be 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 54837aca624..20543860b1e 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 48e8d34e35a..def67496fc9 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 6c1f96296f3..0e9f6b0347c 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 2af6ca48fd8..761f139cb54 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 4d53af9dfca..a55a8a35b8c 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index ea88b01bbe9..4ca87d6ca7f 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 90869026a2d..a9b980883b2 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 18671375e94..9b74b2a0ae9 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 2287b8e76b2..a7e1eda01f8 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 1d18249a8e9..63a95229ec9 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index f315f7e768d..58a9e199656 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 53c023863c1..7f5f4f830af 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 7833260af0c..46ea7fce61f 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 0c0b7e60b0b..911e0579b06 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index db7e6067c89..a29c76e2d84 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 65e1cf9ba7b..33642878ba5 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 42f3b2936c8..dd2fea2d833 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index cc491f949eb..e44b6d1e7ec 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index e93ed58f041..cedca3b8c1f 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 7dbfe0a53e9..b8ff41dd49e 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index e4fa8db2764..d8764ee6801 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 355fff148d6..679b9015040 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index e576b750f70..71edc465206 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 7b44b1514a8..8629038dd82 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 7f33ceac947..e9538c516de 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index dd30c5d4de9..d1fab09d68b 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index c438bb0e938..f6efb59bc58 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index c80a59fae21..20a2705af1c 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index d026ac485d7..271c7c24b83 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.2.Final + 2.4.3.CR1-SNAPSHOT ../../pom.xml From 0dba5ebb472a0d855659bad94d87623e4e126001 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 16 May 2024 16:50:41 -0400 Subject: [PATCH 162/205] [ELY-2758] Perform API check against 2.4.2.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 71edc465206..088c8b422e0 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.4.1.Final + 2.4.2.Final jar From 417b8c8c0b3b9f6d74fd286098a745df217d6e2a Mon Sep 17 00:00:00 2001 From: lvydra Date: Fri, 14 Jun 2024 16:02:13 +0200 Subject: [PATCH 163/205] [ELY-2767] CredentialStoreCommandTest.testGenerateKeyPairDSA fails when using Java 22 --- .../base/src/main/java/org/wildfly/security/key/KeyUtil.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java b/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java index 234734c96bb..4ab3edd0236 100644 --- a/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java +++ b/credential/base/src/main/java/org/wildfly/security/key/KeyUtil.java @@ -37,6 +37,7 @@ import java.security.interfaces.RSAMultiPrimePrivateCrtKey; import java.security.interfaces.RSAPrivateKey; import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; import java.security.spec.ECParameterSpec; import java.util.Arrays; import java.util.Objects; @@ -99,7 +100,9 @@ public static

P getParameters(Key key, Class< } else if (key instanceof RSAKey && paramSpecClass.isAssignableFrom(RSAParameterSpec.class)) { return paramSpecClass.cast(new RSAParameterSpec((RSAKey) key)); } else if (key instanceof DSAKey && paramSpecClass.isAssignableFrom(DSAParams.class)) { - return paramSpecClass.cast(((DSAKey) key).getParams()); + final DSAKey dsaKey = (DSAKey) key; + final DSAParams dsaParams = dsaKey.getParams(); + return paramSpecClass.cast(new DSAParameterSpec(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG())); } else if (key instanceof ECKey && paramSpecClass.isAssignableFrom(ECParameterSpec.class)) { return paramSpecClass.cast(((ECKey) key).getParams()); } else if (key instanceof DHKey && paramSpecClass.isAssignableFrom(DHParameterSpec.class)) { From 2d06b4cf8ab948a61d974f6230932f1a64d2d26b Mon Sep 17 00:00:00 2001 From: R Searls Date: Fri, 21 Jun 2024 11:52:14 -0400 Subject: [PATCH 164/205] [ELY-2771] upgraded maven-javadoc-plugin to current version. Fixed bld issues in generating site files --- pom.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 20543860b1e..7ca4288cd07 100644 --- a/pom.xml +++ b/pom.xml @@ -56,6 +56,7 @@ 11 + 3.7.0 2.17.0 ${version.com.fasterxml.jackson} 1.6.0 @@ -254,11 +255,119 @@ maven-javadoc-plugin + ${version-javadoc-plugin} + + + org.wildfly.common + wildfly-common + ${version.org.wildfly.common} + + + org.jboss.logging + jboss-logging + ${version.org.jboss.logging} + + + org.jboss.logging + jboss-logging-annotations + ${version.org.jboss.logging.tools} + + + org.jboss.logmanager + jboss-logmanager + ${version.org.jboss.logmanager} + + + org.wildfly.security + wildfly-elytron-credential-source-impl + ${project.version} + + + org.wildfly.security + wildfly-elytron-ssh-util + ${project.version} + + + org.wildfly.client + wildfly-client-config + ${version.org.wildfly.client.config} + + + org.wildfly.security + wildfly-elytron-provider-util + ${project.version} + + + org.kohsuke.metainf-services + metainf-services + ${version.org.kohsuke.metainf-services.metainf-services} + + + org.apache.httpcomponents + httpcore + ${version.org.apache.httpcomponents.httpcore} + + + org.apache.httpcomponents + httpclient + ${version.org.apache.httpcomponents.httpclient} + + + org.bitbucket.b_c + jose4j + ${version.org.bitbucket.b_c.jose4j} + + + com.fasterxml.jackson.core + jackson-databind + ${version.com.fasterxml.jackson.databind} + + + com.fasterxml.jackson.core + jackson-annotations + ${version.com.fasterxml.jackson} + + + com.fasterxml.jackson.core + jackson-core + ${version.com.fasterxml.jackson} + + + jakarta.servlet + jakarta.servlet-api + ${version.jakarta.servlet.jakarta-servlet-api} + + + jakarta.json + jakarta.json-api + ${version.jakarta.json.jakarta-json-api} + + + commons-cli + commons-cli + ${version.commons-cli} + + + org.apache.commons + commons-lang3 + ${version.org.apache.commons} + + + org.apache.sshd + sshd-common + ${version.org.apache.sshd.common} + + + org.jboss.modules + jboss-modules + ${version.org.jboss.modules} + + true none protected - 8 + 11 ${project.basedir}/asn1/src/main/java/; ${project.basedir}/audit/src/main/java/; From 3b6c21b1e1af59863e8869b46866b8b4813caa92 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Mon, 24 Jun 2024 15:34:49 +0100 Subject: [PATCH 165/205] [ELY-2773] First update the CAGenerationTool so we operate on 'Identity' instances for the defined identities. --- .../security/ssl/SSLAuthenticationTest.java | 62 ++++++++++--------- .../ssl/test/util/CAGenerationTool.java | 50 ++++++++++++++- .../ssl/test/util/DefinedCAIdentity.java | 50 +++++++++++++++ .../ssl/test/util/DefinedIdentity.java | 43 +++++++++++++ 4 files changed, 176 insertions(+), 29 deletions(-) create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 8666bf529f6..61b0ca486a5 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -88,6 +88,7 @@ import org.wildfly.security.auth.server.SecurityRealm; import org.wildfly.security.permission.PermissionVerifier; import org.wildfly.security.ssl.test.util.CAGenerationTool; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; import org.wildfly.security.x500.GeneralName; import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; @@ -222,32 +223,36 @@ public static void beforeTest() throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Generates certificate and keystore for OCSP responder - ocspResponderCertificate = caGenerationTool.createIdentity("ocspResponder", + DefinedCAIdentity caIdentity = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedCAIdentity intermediateCAIdentity = caGenerationTool.getDefinedCAIdentity(Identity.INTERMEDIATE); + ocspResponderCertificate = caIdentity.createIdentity("ocspResponder", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"), - "ocsp-responder.keystore", Identity.CA, new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); + "ocsp-responder.keystore", new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); // Generates GOOD certificate referencing the OCSP responder - X509Certificate ocspCheckedGoodCertificate = caGenerationTool.createIdentity("checked", + X509Certificate ocspCheckedGoodCertificate = intermediateCAIdentity.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedGood"), - "ocsp-checked-good.keystore", Identity.INTERMEDIATE, new AuthorityInformationAccessExtension(Collections.singletonList( + "ocsp-checked-good.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) ))); // Generates REVOKED certificate referencing the OCSP responder - X509Certificate ocspCheckedRevokedCertificate = caGenerationTool.createIdentity("checked", + X509Certificate ocspCheckedRevokedCertificate = caIdentity.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedRevoked"), - "ocsp-checked-revoked.keystore", Identity.CA, (new AuthorityInformationAccessExtension(Collections.singletonList( + "ocsp-checked-revoked.keystore", (new AuthorityInformationAccessExtension(Collections.singletonList( new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) )))); // Generates UNKNOWN certificate referencing the OCSP responder - X509Certificate ocspCheckedUnknownCertificate = caGenerationTool.createIdentity("checked", + X509Certificate ocspCheckedUnknownCertificate = caIdentity.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedUnknown"), - "ocsp-checked-unknown.keystore", Identity.CA, new AuthorityInformationAccessExtension(Collections.singletonList( + "ocsp-checked-unknown.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) ))); - X509Certificate greenJuneCertificate = caGenerationTool.getCertificate(Identity.GREENJUNE); + X509Certificate greenJuneCertificate = caGenerationTool + .getDefinedIdentity(Identity.GREENJUNE) + .getCertificate(); KeyStore beetlesKeyStore = createKeyStore("/jks/beetles.keystore"); beetlesKeyStore.setCertificateEntry("ocspResponder", ocspResponderCertificate); @@ -259,7 +264,7 @@ public static void beforeTest() throws Exception { // Adds trusted cert for shortwinged KeyStore shortwingedKeyStore = createKeyStore(); - shortwingedKeyStore.setCertificateEntry("rove", caGenerationTool.getCertificate(Identity.ROVE)); + shortwingedKeyStore.setCertificateEntry("rove", caGenerationTool.getDefinedIdentity(Identity.ROVE).getCertificate()); createTemporaryKeyStoreFile(shortwingedKeyStore, SHORTWINGED_FILE, PASSWORD); // Used for all CRLs @@ -273,52 +278,53 @@ public static void beforeTest() throws Exception { // Creates the CRL for ca/crl/blank.pem X509v2CRLBuilder caBlankCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.CA).getSubjectDN()), + convertSunStyleToBCStyle(caIdentity.getCertificate().getSubjectDN()), currentDate ); X509CRLHolder caBlankCrlHolder = caBlankCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.CA)) + .build(caIdentity.getPrivateKey()) ); // Creates the CRL for ica/crl/blank.pem X509v2CRLBuilder icaBlankCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.INTERMEDIATE).getSubjectDN()), + convertSunStyleToBCStyle(intermediateCAIdentity.getCertificate().getSubjectDN()), currentDate ); X509CRLHolder icaBlankCrlHolder = icaBlankCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.INTERMEDIATE)) + .build(intermediateCAIdentity.getPrivateKey()) ); // Creates the CRL for firefly-revoked.pem X509v2CRLBuilder fireflyRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.CA).getSubjectDN()), + convertSunStyleToBCStyle(caIdentity.getCertificate().getSubjectDN()), currentDate ); fireflyRevokedCrlBuilder.addCRLEntry( - caGenerationTool.getCertificate(Identity.FIREFLY).getSerialNumber(), + caGenerationTool.getDefinedIdentity(Identity.FIREFLY).getCertificate().getSerialNumber(), revokeDate, CRLReason.unspecified ); X509CRLHolder fireflyRevokedCrlHolder = fireflyRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.CA)) + .build(caIdentity.getPrivateKey()) ); + DefinedCAIdentity secondCAIdentity = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); // Creates the CRL for ladybug-revoked.pem X509v2CRLBuilder ladybugRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.SECOND_CA).getSubjectDN()), + convertSunStyleToBCStyle(secondCAIdentity.getCertificate().getSubjectDN()), currentDate ); // revokes the certificate with serial number #2 ladybugRevokedCrlBuilder.addCRLEntry( - caGenerationTool.getCertificate(Identity.LADYBUG).getSerialNumber(), + caGenerationTool.getDefinedIdentity(Identity.LADYBUG).getCertificate().getSerialNumber(), revokeDate, CRLReason.unspecified ); @@ -326,35 +332,35 @@ public static void beforeTest() throws Exception { X509CRLHolder ladybugRevokedCrlHolder = ladybugRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.SECOND_CA)) + .build(secondCAIdentity.getPrivateKey()) ); // Creates the CRL for ica-revoked.pem X509v2CRLBuilder icaRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.CA).getSubjectDN()), + convertSunStyleToBCStyle(caIdentity.getCertificate().getSubjectDN()), currentDate ); icaRevokedCrlBuilder.addCRLEntry( - caGenerationTool.getCertificate(Identity.INTERMEDIATE).getSerialNumber(), + intermediateCAIdentity.getCertificate().getSerialNumber(), revokeDate, CRLReason.unspecified ); X509CRLHolder icaRevokedCrlHolder = icaRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.CA)) + .build(caIdentity.getPrivateKey()) ); // Creates the CRL for rove-revoked.pem X509v2CRLBuilder roveRevokedCrlBuilder = new X509v2CRLBuilder( - convertSunStyleToBCStyle(caGenerationTool.getCertificate(Identity.INTERMEDIATE).getSubjectDN()), + convertSunStyleToBCStyle(intermediateCAIdentity.getCertificate().getSubjectDN()), currentDate ); X509CRLHolder roveRevokedCrlHolder = roveRevokedCrlBuilder.setNextUpdate(nextYear).build( new JcaContentSignerBuilder(SIGNATURE_ALGORTHM) .setProvider("BC") - .build(caGenerationTool.getPrivateKey(Identity.INTERMEDIATE)) + .build(intermediateCAIdentity.getPrivateKey()) ); PemWriter caBlankCrlOutput = new PemWriter(new OutputStreamWriter(new FileOutputStream(CA_BLANK_PEM_CRL))); @@ -385,9 +391,9 @@ public static void beforeTest() throws Exception { roveRevokedCrlOutput.close(); ocspServer = new TestingOcspServer(OCSP_PORT); - ocspServer.createIssuer(1, caGenerationTool.getCertificate(Identity.CA)); - ocspServer.createIssuer(2, caGenerationTool.getCertificate(Identity.INTERMEDIATE)); - ocspServer.createCertificate(1, 1, caGenerationTool.getCertificate(Identity.INTERMEDIATE)); + ocspServer.createIssuer(1, caIdentity.getCertificate()); + ocspServer.createIssuer(2, intermediateCAIdentity.getCertificate()); + ocspServer.createCertificate(1, 1, intermediateCAIdentity.getCertificate()); ocspServer.createCertificate(2, 2, ocspCheckedGoodCertificate); ocspServer.createCertificate(3, 1, ocspCheckedRevokedCertificate); ocspServer.revokeCertificate(3, 4); diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 86526400a81..61f4565283d 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -79,6 +79,8 @@ public class CAGenerationTool implements Closeable { private final File workingDir; + private volatile boolean closed = false; + protected CAGenerationTool(Builder builder) throws Exception { // Ensure we have the directory created to hold the resulting KeyStores workingDir = new File(builder.baseDir); @@ -108,10 +110,45 @@ protected CAGenerationTool(Builder builder) throws Exception { } } + public DefinedIdentity getDefinedIdentity(final Identity identity) { + if (identity.isCertificateAuthority()) { + return getDefinedCAIdentity(identity); + } + + if (!certificateMap.containsKey(identity)) { + throw new IllegalStateException(String.format("Identity %s has not been created.", identity.toString())); + } + + X509Certificate certificate = certificateMap.get(identity); + + return new DefinedIdentity(this, identity, certificate); + } + + public DefinedCAIdentity getDefinedCAIdentity(final Identity identity) { + if (!identity.isCertificateAuthority()) { + throw new IllegalStateException(String.format("Identity %s is not a CertificateAuthority", identity.toString())); + } + + if (!caMap.containsKey(identity)) { + throw new IllegalStateException(String.format("Identity %s has not been created.", identity.toString())); + } + + CAState caState = caMap.get(identity); + return new DefinedCAIdentity(this, identity, caState.issuerCertificate, caState.signingKey); + } + + /** + * @deprecated Use {@link CAIdentity#getCertificate()} instead. + */ + @Deprecated() public X509Certificate getCertificate(final Identity identity) { return certificateMap.get(identity); } + /** + * @deprecated Use {@link CAIdentity#getPrivateKey()} instead. + */ + @Deprecated() public PrivateKey getPrivateKey(final Identity identity) { if (!identity.isCertificateAuthority()) { throw new IllegalStateException(String.format("Identity %s if not a CertificateAuthority", identity.toString())); @@ -175,6 +212,10 @@ private CAState createCA(final Identity identity) { return caState; } + /** + * @deprecated Use {@link #createIdentity(String, X500Principal, String, X509CertificateExtension...)} instead. + */ + @Deprecated public X509Certificate createIdentity(final String alias, final X500Principal principal, final String keyStoreName, final Identity ca, final X509CertificateExtension... extensions) { KeyPair keyPair = keyPairGenerator.generateKeyPair(); @@ -220,7 +261,7 @@ public X509Certificate createIdentity(final String alias, final X500Principal pr } } - public X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, final String keyStoreName) { + private X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, final String keyStoreName) { SelfSignedX509CertificateAndSigningKey selfSignedIdentity = SelfSignedX509CertificateAndSigningKey.builder() .setDn(principal) .setKeyAlgorithmName(KEY_ALGORITHM) @@ -275,8 +316,15 @@ private static KeyStore loadKeyStore(final File location) { } } + void assertNotClosed() { + if (closed) { + throw new IllegalStateException("The CAGenerationTool is closed."); + } + } + @Override public void close() throws IOException { + closed = true; workingDir.delete(); } diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java new file mode 100644 index 00000000000..c4d584b78e1 --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java @@ -0,0 +1,50 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +import javax.security.auth.x500.X500Principal; + +import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.x500.cert.X509CertificateExtension; + +public class DefinedCAIdentity extends DefinedIdentity { + + private final PrivateKey privateKey; + + DefinedCAIdentity(CAGenerationTool caGenerationTool, Identity identity, + X509Certificate certificate, PrivateKey privateKey) { + super(caGenerationTool, identity, certificate); + this.privateKey = privateKey; + } + + public X509Certificate createIdentity(final String alias, final X500Principal principal, + final String keyStoreName, final X509CertificateExtension... extensions) { + caGenerationTool.assertNotClosed(); + + return caGenerationTool.createIdentity(alias, principal, keyStoreName, identity, extensions); + } + + + public PrivateKey getPrivateKey() { + caGenerationTool.assertNotClosed(); + + return privateKey; + } +} diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java new file mode 100644 index 00000000000..1808b8d4f95 --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java @@ -0,0 +1,43 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.security.cert.X509Certificate; + +import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; + +public class DefinedIdentity { + + protected final CAGenerationTool caGenerationTool; + protected final Identity identity; + private final X509Certificate certificate; + + DefinedIdentity(CAGenerationTool caGenerationTool, + Identity identity, + X509Certificate certificate) { + this.caGenerationTool = caGenerationTool; + this.identity = identity; + this.certificate = certificate; + } + + public X509Certificate getCertificate() { + caGenerationTool.assertNotClosed(); + + return certificate; + } + +} From 45c8426184cea2bd1717036a5954103b9b80fb7f Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Mon, 24 Jun 2024 18:05:58 +0100 Subject: [PATCH 166/205] [ELY-2773] Adjust the CA generation util so resulting identities can create their own artifacts. This include KeyManager, TrustManager and KeyStore instances. A CustomIdentity variant is also present for tests that create their own identities. --- .../ssl/test/util/CAGenerationTool.java | 133 +++++++++++++----- .../ssl/test/util/CommonIdentity.java | 66 +++++++++ .../ssl/test/util/CustomIdentity.java | 37 +++++ .../ssl/test/util/DefinedCAIdentity.java | 28 +++- .../ssl/test/util/DefinedIdentity.java | 12 +- 5 files changed, 233 insertions(+), 43 deletions(-) create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java create mode 100644 tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 61f4565283d..4481352b8f8 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -55,7 +55,8 @@ import org.wildfly.security.x500.cert.X509CertificateExtension; /** - * A tool for generating a complete set of certificates backed by a generated certificate authority. + * A tool for generating a complete set of certificates backed by a generated + * certificate authority. * * @author Darran Lofthouse */ @@ -67,10 +68,11 @@ public class CAGenerationTool implements Closeable { private static final String KEY_ALGORITHM = "RSA"; private static final String KEYSTORE_TYPE = "JKS"; // TODO Switch to PKCS#12 private static final int OCSP_PORT = 4854; - private static final char[] PASSWORD = "Elytron".toCharArray(); + static final char[] PASSWORD = "Elytron".toCharArray(); private static final Set BEETLES = Collections - .unmodifiableSet(new HashSet<>(Arrays.asList(Identity.LADYBIRD, Identity.SCARAB, Identity.DUNG, Identity.FIREFLY))); + .unmodifiableSet( + new HashSet<>(Arrays.asList(Identity.LADYBIRD, Identity.SCARAB, Identity.DUNG, Identity.FIREFLY))); private static final Predicate INCLUDE_IN_BEETLES = BEETLES::contains; private final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); @@ -126,7 +128,8 @@ public DefinedIdentity getDefinedIdentity(final Identity identity) { public DefinedCAIdentity getDefinedCAIdentity(final Identity identity) { if (!identity.isCertificateAuthority()) { - throw new IllegalStateException(String.format("Identity %s is not a CertificateAuthority", identity.toString())); + throw new IllegalStateException( + String.format("Identity %s is not a CertificateAuthority", identity.toString())); } if (!caMap.containsKey(identity)) { @@ -137,8 +140,12 @@ public DefinedCAIdentity getDefinedCAIdentity(final Identity identity) { return new DefinedCAIdentity(this, identity, caState.issuerCertificate, caState.signingKey); } + public KeyStore getBeetlesKeyStore() { + return loadKeyStore(new File(workingDir, BEETLES_STORE)); + } + /** - * @deprecated Use {@link CAIdentity#getCertificate()} instead. + * @deprecated Use {@link CommonIdentity#getCertificate()} instead. */ @Deprecated() public X509Certificate getCertificate(final Identity identity) { @@ -146,12 +153,13 @@ public X509Certificate getCertificate(final Identity identity) { } /** - * @deprecated Use {@link CAIdentity#getPrivateKey()} instead. + * @deprecated Use {@link DefinedCAIdentity#getPrivateKey()} instead. */ @Deprecated() public PrivateKey getPrivateKey(final Identity identity) { if (!identity.isCertificateAuthority()) { - throw new IllegalStateException(String.format("Identity %s if not a CertificateAuthority", identity.toString())); + throw new IllegalStateException( + String.format("Identity %s if not a CertificateAuthority", identity.toString())); } return caMap.computeIfAbsent(identity, this::createCA).signingKey; @@ -163,7 +171,8 @@ private CAState createCA(final Identity identity) { Identity signedBy = identity.getSignedBy(); if (signedBy == null) { // As a root CA it will require a self signed certificate. - SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder() + SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey + .builder() .setDn(identity.getPrincipal()) .setKeyAlgorithmName(KEY_ALGORITHM) .setSignatureAlgorithmName(SIGNATURE_ALGORTHM) @@ -184,8 +193,8 @@ private CAState createCA(final Identity identity) { .setSerialNumber(BigInteger.valueOf(signerState.serialNumber++)) .addExtension(new BasicConstraintsExtension(false, true, -1)) .addExtension(new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - ))) + new AccessDescription(OID_AD_OCSP, + new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp"))))) .build(); caState.issuerCertificate = intermediateIssuerCertificate; @@ -212,28 +221,72 @@ private CAState createCA(final Identity identity) { return caState; } + private X509Certificate createCustomCertificate(final Identity ca, final X500Principal principal, + final KeyPair keyPair, final X509CertificateExtension... extensions) throws CertificateException{ + + CAState caState = caMap.computeIfAbsent(ca, this::createCA); + + X509CertificateBuilder certificateBuilder = new X509CertificateBuilder() + .setIssuerDn(ca.getPrincipal()) + .setSubjectDn(principal) + .setSignatureAlgorithmName(SIGNATURE_ALGORTHM) + .setSigningKey(caState.signingKey) + .setPublicKey(keyPair.getPublic()) + .setSerialNumber(BigInteger.valueOf(caState.serialNumber++)) + .addExtension(new BasicConstraintsExtension(false, false, -1)); + for (X509CertificateExtension currentExtension : extensions) { + certificateBuilder.addExtension(currentExtension); + } + + return certificateBuilder.build(); + } + + CustomIdentity createCustomIdentity(final String alias, final X500Principal principal, final String keyStoreName, + final Identity ca, final X509CertificateExtension... extensions) { + try { + KeyPair keyPair = keyPairGenerator.generateKeyPair(); + X509Certificate builtCertificate = createCustomCertificate(ca, principal, keyPair, extensions); + + File keyStoreFile = new File(workingDir, keyStoreName); + KeyStore keyStore = createEmptyKeyStore(); + + List certificates = new ArrayList<>(); + certificates.add(builtCertificate); + + Identity caIdentity = ca; + CAState caState; + + do { + caState = caMap.get(caIdentity); // We just created a signed cert above, the complete chain must be + // present. + certificates.add(caState.issuerCertificate); + caIdentity = caIdentity.getSignedBy(); + } while (caIdentity != null); + + keyStore.setKeyEntry(alias, keyPair.getPrivate(), PASSWORD, + certificates.toArray(new X509Certificate[certificates.size()])); + try (OutputStream out = new FileOutputStream(keyStoreFile)) { + keyStore.store(out, PASSWORD); + } + + return new CustomIdentity(this, builtCertificate, keyStoreFile); + + } catch (IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException e) { + throw new RuntimeException("Umnable to create identity", e); + } + } + /** - * @deprecated Use {@link #createIdentity(String, X500Principal, String, X509CertificateExtension...)} instead. + * @deprecated Use + * {@link #createIdentity(String, X500Principal, String, X509CertificateExtension...)} + * instead. */ @Deprecated public X509Certificate createIdentity(final String alias, final X500Principal principal, final String keyStoreName, final Identity ca, final X509CertificateExtension... extensions) { - KeyPair keyPair = keyPairGenerator.generateKeyPair(); - CAState caState = caMap.computeIfAbsent(ca, this::createCA); - try { - X509CertificateBuilder certificateBuilder = new X509CertificateBuilder() - .setIssuerDn(ca.getPrincipal()) - .setSubjectDn(principal) - .setSignatureAlgorithmName(SIGNATURE_ALGORTHM) - .setSigningKey(caState.signingKey) - .setPublicKey(keyPair.getPublic()) - .setSerialNumber(BigInteger.valueOf(caState.serialNumber++)) - .addExtension(new BasicConstraintsExtension(false, false, -1)); - for (X509CertificateExtension currentExtension : extensions) { - certificateBuilder.addExtension(currentExtension); - } - X509Certificate builtCertificate = certificateBuilder.build(); + KeyPair keyPair = keyPairGenerator.generateKeyPair(); + X509Certificate builtCertificate = createCustomCertificate(ca, principal, keyPair, extensions); File keyStoreFile = new File(workingDir, keyStoreName); KeyStore keyStore = createEmptyKeyStore(); @@ -242,9 +295,14 @@ public X509Certificate createIdentity(final String alias, final X500Principal pr certificates.add(builtCertificate); Identity caIdentity = ca; + CAState caState; + do { - caState = caMap.get(caIdentity); // We just created a signed cert above, the complete chain must be present. - keyStore.setCertificateEntry(caIdentity.toString(), caState.issuerCertificate); // This could be removed as the cert chain is added to the Entry. + caState = caMap.get(caIdentity); // We just created a signed cert above, the complete chain must be + // present. + keyStore.setCertificateEntry(caIdentity.toString(), caState.issuerCertificate); // This could be removed + // as the cert chain is + // added to the Entry. certificates.add(caState.issuerCertificate); caIdentity = caIdentity.getSignedBy(); } while (caIdentity != null); @@ -261,7 +319,8 @@ public X509Certificate createIdentity(final String alias, final X500Principal pr } } - private X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, final String keyStoreName) { + private X509Certificate createSelfSignedIdentity(final String alias, final X500Principal principal, + final String keyStoreName) { SelfSignedX509CertificateAndSigningKey selfSignedIdentity = SelfSignedX509CertificateAndSigningKey.builder() .setDn(principal) .setKeyAlgorithmName(KEY_ALGORITHM) @@ -297,7 +356,7 @@ private X509Certificate createIdentity(final Identity identity) { private static KeyStore createEmptyKeyStore() { try { KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE); - ks.load(null,null); + ks.load(null, null); return ks; } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { @@ -305,7 +364,11 @@ private static KeyStore createEmptyKeyStore() { } } - private static KeyStore loadKeyStore(final File location) { + KeyStore loadKeyStore(final Identity identity) { + return loadKeyStore(new File(workingDir, identity.getKeyStoreName())); + } + + static KeyStore loadKeyStore(final File location) { try (InputStream caTrustStoreFile = new FileInputStream(location)) { KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE); keyStore.load(caTrustStoreFile, PASSWORD); @@ -354,7 +417,8 @@ public enum Identity { CA, true, null), ROVE("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Rove", INTERMEDIATE, false, "rove.keystore"), - SECOND_CA("CN=Wildfly CA, ST=Wildfly, C=CA, EMAILADDRESS=admin@wildfly.org O=Another Root Certificate Authority", + SECOND_CA( + "CN=Wildfly CA, ST=Wildfly, C=CA, EMAILADDRESS=admin@wildfly.org O=Another Root Certificate Authority", null, true, "ca.truststore2"), LADYBUG("OU=Wildfly, O=Wildfly, C=CA, ST=Wildfly, CN=Ladybug", SECOND_CA, false, "ladybug.keystore"), @@ -366,8 +430,9 @@ public enum Identity { private final boolean ca; private final String keyStoreName; - private Identity(final String distinguishedName, final Identity signedBy, final boolean ca, final String keyStoreName) { - this.principal = new X500Principal(distinguishedName); + private Identity(final String distinguishedName, final Identity signedBy, final boolean ca, + final String keyStoreName) { + this.principal = new X500Principal(distinguishedName); this.signedBy = signedBy; this.ca = ca; this.keyStoreName = keyStoreName; diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java new file mode 100644 index 00000000000..2d8f3664015 --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java @@ -0,0 +1,66 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.X509ExtendedKeyManager; + +public abstract class CommonIdentity { + + protected final CAGenerationTool caGenerationTool; + private final X509Certificate certificate; + + CommonIdentity(CAGenerationTool caGenerationTool, X509Certificate certificate) { + this.caGenerationTool = caGenerationTool; + this.certificate = certificate; + } + + public X509Certificate getCertificate() { + caGenerationTool.assertNotClosed(); + + return certificate; + } + + public abstract KeyStore loadKeyStore(); + + public X509ExtendedKeyManager createKeyManager() { + caGenerationTool.assertNotClosed(); + + try { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(loadKeyStore(), CAGenerationTool.PASSWORD); + + for (KeyManager current : keyManagerFactory.getKeyManagers()) { + if (current instanceof X509ExtendedKeyManager) { + return (X509ExtendedKeyManager) current; + } + } + } catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) { + throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager.", e); + } + + throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); + } + +} diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java new file mode 100644 index 00000000000..a1ce69a2b5e --- /dev/null +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java @@ -0,0 +1,37 @@ +/* + * Copyright 2024 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.ssl.test.util; + +import java.io.File; +import java.security.KeyStore; +import java.security.cert.X509Certificate; + +public class CustomIdentity extends CommonIdentity { + + private final File keyStoreFile; + + CustomIdentity(CAGenerationTool caGenerationTool, X509Certificate certificate, File keyStoreFile) { + super(caGenerationTool, certificate); + this.keyStoreFile = keyStoreFile; + } + + @Override + public KeyStore loadKeyStore() { + return CAGenerationTool.loadKeyStore(keyStoreFile); + } + +} diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java index c4d584b78e1..4b01b4af6c8 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedCAIdentity.java @@ -16,9 +16,14 @@ package org.wildfly.security.ssl.test.util; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.X509Certificate; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; import javax.security.auth.x500.X500Principal; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; @@ -34,11 +39,11 @@ public class DefinedCAIdentity extends DefinedIdentity { this.privateKey = privateKey; } - public X509Certificate createIdentity(final String alias, final X500Principal principal, + public CustomIdentity createIdentity(final String alias, final X500Principal principal, final String keyStoreName, final X509CertificateExtension... extensions) { caGenerationTool.assertNotClosed(); - return caGenerationTool.createIdentity(alias, principal, keyStoreName, identity, extensions); + return caGenerationTool.createCustomIdentity(alias, principal, keyStoreName, identity, extensions); } @@ -47,4 +52,23 @@ public PrivateKey getPrivateKey() { return privateKey; } + + public X509TrustManager createTrustManager() { + caGenerationTool.assertNotClosed(); + + try { + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX"); + trustManagerFactory.init(caGenerationTool.loadKeyStore(identity)); + + for (TrustManager current : trustManagerFactory.getTrustManagers()) { + if (current instanceof X509TrustManager) { + return (X509TrustManager) current; + } + } + } catch (NoSuchAlgorithmException | KeyStoreException e) { + throw new IllegalStateException("Unable to obtain X509TrustManager.", e); + } + + throw new IllegalStateException("Unable to obtain X509TrustManager."); + } } diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java index 1808b8d4f95..28595b8e112 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java @@ -16,28 +16,26 @@ package org.wildfly.security.ssl.test.util; +import java.security.KeyStore; import java.security.cert.X509Certificate; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; -public class DefinedIdentity { +public class DefinedIdentity extends CommonIdentity { - protected final CAGenerationTool caGenerationTool; protected final Identity identity; - private final X509Certificate certificate; DefinedIdentity(CAGenerationTool caGenerationTool, Identity identity, X509Certificate certificate) { - this.caGenerationTool = caGenerationTool; + super(caGenerationTool, certificate); this.identity = identity; - this.certificate = certificate; } - public X509Certificate getCertificate() { + public KeyStore loadKeyStore() { caGenerationTool.assertNotClosed(); - return certificate; + return caGenerationTool.loadKeyStore(identity); } } From b1376ddfa718986fe73d262a8fad3c9702022513 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Mon, 24 Jun 2024 18:07:48 +0100 Subject: [PATCH 167/205] [ELY-2773] Update individual tests to use the new APIs to create the SSL artifacts instead of doing it themselves. --- .../MaskedPasswordSSLAuthenticationTest.java | 76 +----- .../security/ssl/SSLAuthenticationTest.java | 257 +++++++++--------- .../security/ssl/TLS13AuthenticationTest.java | 93 ++----- 3 files changed, 160 insertions(+), 266 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java index 119548f4c4b..7855dc22a65 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java @@ -25,12 +25,10 @@ import java.io.Closeable; import java.io.IOException; -import java.io.InputStream; import java.net.InetAddress; import java.net.URI; import java.security.AccessController; import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.PrivilegedAction; import java.security.Security; import java.util.Locale; @@ -38,17 +36,11 @@ import java.util.concurrent.Executors; import java.util.concurrent.Future; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509TrustManager; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -63,6 +55,8 @@ import org.wildfly.security.ssl.SSLUtils; import org.wildfly.security.ssl.test.util.CAGenerationTool; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; +import org.wildfly.security.ssl.test.util.DefinedIdentity; import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; /** @@ -72,64 +66,13 @@ */ public class MaskedPasswordSSLAuthenticationTest { - private static final char[] PASSWORD = "Elytron".toCharArray(); + private static final String JKS_LOCATION = "./target/test-classes/jks"; private static CAGenerationTool caGenerationTool; - /** - * Get the key manager backed by the specified key store. - * - * @param keystorePath the path to the keystore with X509 private key - * @return the initialised key manager. - */ - private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception { - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(createKeyStore(keystorePath), PASSWORD); - - for (KeyManager current : keyManagerFactory.getKeyManagers()) { - if (current instanceof X509ExtendedKeyManager) { - return (X509ExtendedKeyManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); - } - - private static TrustManagerFactory getTrustManagerFactory() throws Exception { - return TrustManagerFactory.getInstance("PKIX"); - } - - /** - * Get the trust manager that trusts all certificates signed by the certificate authority. - * - * @return the trust manager that trusts all certificates signed by the certificate authority. - * @throws KeyStoreException - */ - private static X509TrustManager getCATrustManager() throws Exception { - TrustManagerFactory trustManagerFactory = getTrustManagerFactory(); - trustManagerFactory.init(createKeyStore("/jks/ca.truststore")); - - for (TrustManager current : trustManagerFactory.getTrustManagers()) { - if (current instanceof X509TrustManager) { - return (X509TrustManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509TrustManager."); - } - - private static KeyStore createKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); - try (InputStream caTrustStoreFile = MaskedPasswordSSLAuthenticationTest.class.getResourceAsStream(path)) { - keyStore.load(caTrustStoreFile, PASSWORD); - } - - return keyStore; - } - - private static SecurityDomain getKeyStoreBackedSecurityDomain(String keyStorePath) throws Exception { - SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(createKeyStore(keyStorePath)); + private static SecurityDomain getKeyStoreBackedSecurityDomain(KeyStore keyStore) throws Exception { + SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(keyStore); return SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) @@ -156,10 +99,13 @@ public static void afterTest() throws IOException { @Test public void testTwoWay() throws Exception { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 61b0ca486a5..7555998138f 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -17,12 +17,12 @@ */ package org.wildfly.security.ssl; -import static org.junit.Assert.fail; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.fail; import static org.wildfly.security.ssl.test.util.CAGenerationTool.SIGNATURE_ALGORTHM; import static org.wildfly.security.x500.X500.OID_AD_OCSP; import static org.wildfly.security.x500.X500.OID_KP_OCSP_SIGNING; @@ -37,10 +37,9 @@ import java.net.ServerSocket; import java.net.SocketException; import java.net.URI; -import java.security.Principal; -import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.AccessController; +import java.security.KeyStore; +import java.security.Principal; import java.security.PrivilegedAction; import java.security.Security; import java.security.cert.X509Certificate; @@ -55,17 +54,12 @@ import java.util.concurrent.Executors; import java.util.concurrent.Future; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509TrustManager; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.x500.X500Name; @@ -79,22 +73,24 @@ import org.junit.BeforeClass; import org.junit.Test; import org.wildfly.common.Assert; -import org.wildfly.security.auth.server.SecurityIdentity; -import org.wildfly.security.password.WildFlyElytronPasswordProvider; import org.wildfly.security.auth.client.AuthenticationContext; import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient; import org.wildfly.security.auth.realm.KeyStoreBackedSecurityRealm; import org.wildfly.security.auth.server.SecurityDomain; +import org.wildfly.security.auth.server.SecurityIdentity; import org.wildfly.security.auth.server.SecurityRealm; +import org.wildfly.security.password.WildFlyElytronPasswordProvider; import org.wildfly.security.permission.PermissionVerifier; import org.wildfly.security.ssl.test.util.CAGenerationTool; -import org.wildfly.security.ssl.test.util.DefinedCAIdentity; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.ssl.test.util.CustomIdentity; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; +import org.wildfly.security.ssl.test.util.DefinedIdentity; import org.wildfly.security.x500.GeneralName; -import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; import org.wildfly.security.x500.cert.AccessDescription; import org.wildfly.security.x500.cert.AuthorityInformationAccessExtension; import org.wildfly.security.x500.cert.ExtendedKeyUsageExtension; +import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; /** * Simple test case to test authentication occurring during the establishment of an {@link SSLSession}. @@ -124,64 +120,20 @@ public class SSLAuthenticationTest { private static final File LADYBUG_REVOKED_PEM_CRL = new File(WORKING_DIR_CACRL, "ladybug-revoked.pem"); private static TestingOcspServer ocspServer = null; private static X509Certificate ocspResponderCertificate; - - /** - * Get the key manager backed by the specified key store. - * - * @param keystorePath the path to the keystore with X509 private key - * @return the initialised key manager. - */ - private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception { - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(createKeyStore(keystorePath), PASSWORD); - - for (KeyManager current : keyManagerFactory.getKeyManagers()) { - if (current instanceof X509ExtendedKeyManager) { - return (X509ExtendedKeyManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); - } + private static KeyStore shortWingedKeyStore; + private static CustomIdentity goodIdentity; + private static CustomIdentity revokedIdentity; private static TrustManagerFactory getTrustManagerFactory() throws Exception { return TrustManagerFactory.getInstance("PKIX"); } - /** - * Get the trust manager that trusts all certificates signed by the certificate authority. - * - * @return the trust manager that trusts all certificates signed by the certificate authority. - * @throws KeyStoreException - */ - private static X509TrustManager getCATrustManager() throws Exception { - TrustManagerFactory trustManagerFactory = getTrustManagerFactory(); - trustManagerFactory.init(createKeyStore("/jks/ca.truststore")); - - for (TrustManager current : trustManagerFactory.getTrustManagers()) { - if (current instanceof X509TrustManager) { - return (X509TrustManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509TrustManager."); - } - private static KeyStore createKeyStore() throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null,null); + ks.load(null, null); return ks; } - private static KeyStore createKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); - try (InputStream caTrustStoreFile = SSLAuthenticationTest.class.getResourceAsStream(path)) { - keyStore.load(caTrustStoreFile, PASSWORD); - } - - return keyStore; - } - private static void createTemporaryKeyStoreFile(KeyStore keyStore, File outputFile, char[] password) throws Exception { if (!outputFile.exists()) { outputFile.createNewFile(); @@ -191,12 +143,12 @@ private static void createTemporaryKeyStoreFile(KeyStore keyStore, File outputFi } } - private static SecurityDomain getKeyStoreBackedSecurityDomain(String keyStorePath) throws Exception { - return getKeyStoreBackedSecurityDomain(keyStorePath, true); + private static SecurityDomain getKeyStoreBackedSecurityDomain(KeyStore keyStore) throws Exception { + return getKeyStoreBackedSecurityDomain(keyStore, true); } - private static SecurityDomain getKeyStoreBackedSecurityDomain(String keyStorePath, boolean decoder) throws Exception { - SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(createKeyStore(keyStorePath)); + private static SecurityDomain getKeyStoreBackedSecurityDomain(KeyStore keyStore, boolean decoder) throws Exception { + SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(keyStore); SecurityDomain.Builder builder = SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) @@ -225,36 +177,40 @@ public static void beforeTest() throws Exception { // Generates certificate and keystore for OCSP responder DefinedCAIdentity caIdentity = caGenerationTool.getDefinedCAIdentity(Identity.CA); DefinedCAIdentity intermediateCAIdentity = caGenerationTool.getDefinedCAIdentity(Identity.INTERMEDIATE); - ocspResponderCertificate = caIdentity.createIdentity("ocspResponder", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"), - "ocsp-responder.keystore", new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); + CustomIdentity responderIdentity = caIdentity.createIdentity("ocspResponder", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"), + "ocsp-responder.keystore", new ExtendedKeyUsageExtension(false, Collections.singletonList(OID_KP_OCSP_SIGNING))); + ocspResponderCertificate = responderIdentity.getCertificate(); // Generates GOOD certificate referencing the OCSP responder - X509Certificate ocspCheckedGoodCertificate = intermediateCAIdentity.createIdentity("checked", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedGood"), - "ocsp-checked-good.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - ))); + goodIdentity = intermediateCAIdentity.createIdentity("checked", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedGood"), + "ocsp-checked-good.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( + new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) + ))); + X509Certificate ocspCheckedGoodCertificate = goodIdentity.getCertificate(); // Generates REVOKED certificate referencing the OCSP responder - X509Certificate ocspCheckedRevokedCertificate = caIdentity.createIdentity("checked", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedRevoked"), - "ocsp-checked-revoked.keystore", (new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - )))); + revokedIdentity = caIdentity.createIdentity("checked", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedRevoked"), + "ocsp-checked-revoked.keystore", (new AuthorityInformationAccessExtension(Collections.singletonList( + new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) + )))); + X509Certificate ocspCheckedRevokedCertificate = revokedIdentity.getCertificate(); // Generates UNKNOWN certificate referencing the OCSP responder - X509Certificate ocspCheckedUnknownCertificate = caIdentity.createIdentity("checked", - new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedUnknown"), - "ocsp-checked-unknown.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( - new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) - ))); + CustomIdentity unknownIdentity = caIdentity.createIdentity("checked", + new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedUnknown"), + "ocsp-checked-unknown.keystore", new AuthorityInformationAccessExtension(Collections.singletonList( + new AccessDescription(OID_AD_OCSP, new GeneralName.URIName("http://localhost:" + OCSP_PORT + "/ocsp")) + ))); + X509Certificate ocspCheckedUnknownCertificate = unknownIdentity.getCertificate(); X509Certificate greenJuneCertificate = caGenerationTool .getDefinedIdentity(Identity.GREENJUNE) .getCertificate(); - KeyStore beetlesKeyStore = createKeyStore("/jks/beetles.keystore"); + KeyStore beetlesKeyStore = caGenerationTool.getBeetlesKeyStore(); beetlesKeyStore.setCertificateEntry("ocspResponder", ocspResponderCertificate); beetlesKeyStore.setCertificateEntry("ocspCheckedGood", ocspCheckedGoodCertificate); beetlesKeyStore.setCertificateEntry("ocspCheckedRevoked", ocspCheckedRevokedCertificate); @@ -263,9 +219,9 @@ public static void beforeTest() throws Exception { createTemporaryKeyStoreFile(beetlesKeyStore, new File(JKS_LOCATION, "beetles.keystore"), PASSWORD); // Adds trusted cert for shortwinged - KeyStore shortwingedKeyStore = createKeyStore(); - shortwingedKeyStore.setCertificateEntry("rove", caGenerationTool.getDefinedIdentity(Identity.ROVE).getCertificate()); - createTemporaryKeyStoreFile(shortwingedKeyStore, SHORTWINGED_FILE, PASSWORD); + shortWingedKeyStore = createKeyStore(); + shortWingedKeyStore.setCertificateEntry("rove", caGenerationTool.getDefinedIdentity(Identity.ROVE).getCertificate()); + //createTemporaryKeyStoreFile(shortwingedKeyStore, SHORTWINGED_FILE, PASSWORD); // Used for all CRLs Calendar calendar = Calendar.getInstance(); @@ -439,8 +395,9 @@ public static void afterTest() throws Exception { @Test public void testOneWay() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Firefly", null, true); @@ -448,8 +405,9 @@ public void testOneWay() throws Throwable { @Test public void testCrlBlank() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-crl.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Firefly", null, true); @@ -457,8 +415,9 @@ public void testCrlBlank() throws Throwable { @Test public void testServerRevoked() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-firefly-revoked.org", false, null, null, true); @@ -466,8 +425,9 @@ public void testServerRevoked() throws Throwable { @Test public void testServerIcaRevoked() throws Throwable { + DefinedIdentity rove = caGenerationTool.getDefinedIdentity(Identity.ROVE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/rove.keystore")) + .setKeyManager(rove.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-ica-revoked.org", false, null, null, true); @@ -480,8 +440,9 @@ public void testServerIcaRevoked() throws Throwable { */ @Test public void testOneWayServerRejectedWithSingleCRL() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-one-crl.org", false, null, null, true); @@ -494,8 +455,9 @@ public void testOneWayServerRejectedWithSingleCRL() throws Throwable { */ @Test public void testOneWayServerRejectedWithMultipleCRL() throws Throwable { + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-multiple-crls-failure.org", false, @@ -509,8 +471,9 @@ public void testOneWayServerRejectedWithMultipleCRL() throws Throwable { */ @Test public void testOneWayServerAcceptedWithMultipleCRL() throws Throwable { + DefinedIdentity greenJune = caGenerationTool.getDefinedIdentity(Identity.GREENJUNE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/greenjune.keystore")) + .setKeyManager(greenJune.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-multiple-crls-success.org", true, @@ -523,8 +486,9 @@ public void testOneWayServerAcceptedWithMultipleCRL() throws Throwable { */ @Test public void testCRLMaxCertPathSucceeds() throws Throwable { + DefinedIdentity rove = caGenerationTool.getDefinedIdentity(Identity.ROVE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/rove.keystore")) + .setKeyManager(rove.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-max-cert-path.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Rove", null, true); @@ -537,8 +501,9 @@ public void testCRLMaxCertPathSucceeds() throws Throwable { */ @Test public void testCRLMaxCertPathFails() throws Throwable { + DefinedIdentity rove = caGenerationTool.getDefinedIdentity(Identity.ROVE); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/rove.keystore")) + .setKeyManager(rove.createKeyManager()) .build().create(); performConnectionTest(serverContext, "protocol://test-one-way-max-cert-path-failure.org", false, null, null, true); @@ -546,10 +511,12 @@ public void testCRLMaxCertPathFails() throws Throwable { @Test public void testTwoWay() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -559,10 +526,12 @@ public void testTwoWay() throws Throwable { @Test public void testTwoWayNoDecoder() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore", false)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore(), false)) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -572,10 +541,12 @@ public void testTwoWayNoDecoder() throws Throwable { @Test public void testTwoWayIca() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/shortwinged.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(shortWingedKeyStore)) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -591,9 +562,10 @@ public void testTwoWayIca() throws Throwable { public void testAcceptedIssuersConfiguredWithCRL() throws Throwable { InputStream crl = new FileInputStream("./target/test-classes/ica/crl/blank-blank.pem"); + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); X509RevocationTrustManager trustManager = X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setCrlStream(crl) .setPreferCrls(true) .setNoFallback(true) @@ -614,11 +586,13 @@ public void testTwoWayClientRejectedWithSingleCRL() throws Throwable { // this CRL contains the certificate with the alias "ladybug" which is being sent by the client crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -641,12 +615,14 @@ public void testTwoWayClientAcceptedWithSingleCRL() throws Throwable { // CRL contains "ladybug" certificate but client sends "green june" certificate crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -672,11 +648,13 @@ public void testTwoWayClientRejectedWithMultipleCRL() throws Throwable { crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); crlStreams.add(new FileInputStream("target/test-classes/ca/crl/firefly-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -700,12 +678,14 @@ public void testTwoWayClientAcceptedWithMultipleCRL() throws Throwable { crlStreams.add(new FileInputStream("target/test-classes/ca/crl/ladybug-revoked.pem")); crlStreams.add(new FileInputStream("target/test-classes/ca/crl/firefly-revoked.pem")); + DefinedCAIdentity secondCA = caGenerationTool.getDefinedCAIdentity(Identity.SECOND_CA); + DefinedIdentity firefly = caGenerationTool.getDefinedIdentity(Identity.FIREFLY); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/firefly.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(firefly.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore2")) + .setTrustStore(secondCA.loadKeyStore()) .setCrlStreams(crlStreams) .setPreferCrls(true) .setNoFallback(true) @@ -720,12 +700,14 @@ public void testTwoWayClientAcceptedWithMultipleCRL() throws Throwable { @Test public void testOcspGood() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setNeedClientAuth(true) @@ -756,12 +738,14 @@ public void testOcspMaxCertPathOkay() throws Throwable { } private void ocspMaxCertPathCommon(int maxCertPath, boolean expectValid) throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .setMaxCertPath(maxCertPath) .build()) @@ -774,17 +758,18 @@ private void ocspMaxCertPathCommon(int maxCertPath, boolean expectValid) throws @Test public void testClientSideOcsp() throws Throwable { SSLContext serverContextGood = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/ocsp-checked-good.keystore")) + .setKeyManager(goodIdentity.createKeyManager()) .build().create(); SSLContext serverContextRevoked = new SSLContextBuilder() - .setKeyManager(getKeyManager("/jks/ocsp-checked-revoked.keystore")) + .setKeyManager(revokedIdentity.createKeyManager()) .build().create(); + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); SSLContext clientContext = new SSLContextBuilder() .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setClientMode(true) @@ -802,10 +787,12 @@ public void testClientSideOcsp() throws Throwable { @Test public void testWantClientAuthWithCorrectCertificate() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setWantClientAuth(true) .build().create(); @@ -815,10 +802,12 @@ public void testWantClientAuthWithCorrectCertificate() throws Throwable { @Test public void testWantClientAuthWithIncorrectCertificate() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setWantClientAuth(true) .build().create(); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 2b2addb635e..88ca0cd3e11 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -23,12 +23,9 @@ import java.io.Closeable; import java.io.IOException; -import java.io.InputStream; import java.net.InetAddress; import java.net.URI; import java.security.AccessController; -import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.PrivilegedAction; import java.security.Security; import java.util.Locale; @@ -36,17 +33,11 @@ import java.util.concurrent.Executors; import java.util.concurrent.Future; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509TrustManager; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -61,6 +52,8 @@ import org.wildfly.security.permission.PermissionVerifier; import org.wildfly.security.ssl.test.util.CAGenerationTool; import org.wildfly.security.ssl.test.util.CAGenerationTool.Identity; +import org.wildfly.security.ssl.test.util.DefinedCAIdentity; +import org.wildfly.security.ssl.test.util.DefinedIdentity; import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder; /** @@ -70,7 +63,6 @@ */ public class TLS13AuthenticationTest { - private static final char[] PASSWORD = "Elytron".toCharArray(); private static final String CA_JKS_LOCATION = "./target/test-classes/jks"; private static CAGenerationTool caGenerationTool = null; @@ -84,7 +76,7 @@ public static void setUp() throws Exception{ .setRequestIdentities(Identity.LADYBIRD, Identity.SCARAB) .build(); - SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/jks/beetles.keystore")); + SecurityRealm securityRealm = new KeyStoreBackedSecurityRealm(caGenerationTool.getBeetlesKeyStore()); securityDomain = SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) .build() @@ -105,11 +97,14 @@ public static void cleanUp() throws IOException { public void testTwoWayTLS13() throws Exception { final String CIPHER_SUITE = "TLS_AES_128_GCM_SHA256"; + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.fromNamesString(CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -124,11 +119,14 @@ public void testDifferentPreferredTLS13Suites() throws Exception { final String PREFERRED_CIPHER_SUITE = "TLS_AES_256_GCM_SHA384"; final String SERVER_CIPHER_SUITE = String.format("%s:%s", PREFERRED_CIPHER_SUITE, REQUIRED_CIPHER_SUITE); + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.fromNamesString(SERVER_CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -142,14 +140,17 @@ public void testClientTLS12Only() throws Exception { final String TLS13_CIPHER_SUITE = "TLS_AES_128_GCM_SHA256"; final String TLS12_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_CBC_SHA256"; // TLS v1.2 + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.aggregate( CipherSuiteSelector.fromNamesString(TLS13_CIPHER_SUITE), CipherSuiteSelector.fromString(TLS12_CIPHER_SUITE) )) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -162,11 +163,14 @@ public void testClientTLS12Only() throws Exception { public void testServerTLS12Only() throws Exception { final String SERVER_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_CBC_SHA256"; // TLS v1.2 + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) .setCipherSuiteSelector(CipherSuiteSelector.fromString(SERVER_CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) - .setTrustManager(getCATrustManager()) + .setKeyManager(scarab.createKeyManager()) + .setTrustManager(ca.createTrustManager()) .setNeedClientAuth(true) .build().create(); @@ -179,9 +183,11 @@ public void testServerTLS12Only() throws Exception { public void testOneWayTLS13() throws Exception { final String CIPHER_SUITE = "TLS_AES_128_GCM_SHA256"; + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); + SSLContext serverContext = new SSLContextBuilder() .setCipherSuiteSelector(CipherSuiteSelector.fromNamesString(CIPHER_SUITE)) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setKeyManager(scarab.createKeyManager()) .build().create(); SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-one-way-tls13.org", "wildfly-ssl-test-config-v1_5.xml", CIPHER_SUITE, true); @@ -241,53 +247,6 @@ private SecurityIdentity performConnectionTest(SSLContext serverContext, String } } - /** - * Get the key manager backed by the specified key store. - * - * @param keystorePath the path to the keystore with X509 private key - * @return the initialised key manager. - */ - private static X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception { - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); - keyManagerFactory.init(loadKeyStore(keystorePath), PASSWORD); - - for (KeyManager current : keyManagerFactory.getKeyManagers()) { - if (current instanceof X509ExtendedKeyManager) { - return (X509ExtendedKeyManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); - } - - /** - * Get the trust manager that trusts all certificates signed by the certificate authority. - * - * @return the trust manager that trusts all certificates signed by the certificate authority. - * @throws KeyStoreException - */ - private static X509TrustManager getCATrustManager() throws Exception { - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); - trustManagerFactory.init(loadKeyStore("/jks/ca.truststore")); - - for (TrustManager current : trustManagerFactory.getTrustManagers()) { - if (current instanceof X509TrustManager) { - return (X509TrustManager) current; - } - } - - throw new IllegalStateException("Unable to obtain X509TrustManager."); - } - - private static KeyStore loadKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); - try (InputStream caTrustStoreFile = SSLAuthenticationTest.class.getResourceAsStream(path)) { - keyStore.load(caTrustStoreFile, PASSWORD); - } - - return keyStore; - } - private void safeClose(Closeable closeable) { try { closeable.close(); From 8b0c237d55e70dda5a27b2230f44c20eca400ef1 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 24 Aug 2023 09:12:53 -0400 Subject: [PATCH 168/205] [ELY-2584] Add the ability to specify that the OIDC Authentication Request should include request and request_uri parameters. --- http/oidc/pom.xml | 16 ++ .../security/http/oidc/ElytronMessages.java | 42 ++- .../http/oidc/JWKEncPublicKeyLocator.java | 113 ++++++++ .../oidc/JWTClientCredentialsProvider.java | 46 +--- .../security/http/oidc/JWTSigningUtils.java | 78 ++++++ .../org/wildfly/security/http/oidc/Oidc.java | 24 ++ .../http/oidc/OidcClientConfiguration.java | 135 +++++++++- .../oidc/OidcClientConfigurationBuilder.java | 41 ++- .../security/http/oidc/OidcClientContext.java | 101 +++++++ .../http/oidc/OidcJsonConfiguration.java | 100 ++++++- .../http/oidc/OidcProviderMetadata.java | 33 +++ .../http/oidc/OidcRequestAuthenticator.java | 177 ++++++++++++- .../security/http/oidc/ServerRequest.java | 35 ++- .../http/oidc/KeycloakConfiguration.java | 85 ++++-- .../security/http/oidc/OidcBaseTest.java | 9 +- .../wildfly/security/http/oidc/OidcTest.java | 248 +++++++++++++++++- pom.xml | 7 + 17 files changed, 1202 insertions(+), 88 deletions(-) create mode 100644 http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java create mode 100644 http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 64a7f7285d2..5f3a6504fda 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -128,6 +128,11 @@ keycloak-admin-client test + + org.keycloak + keycloak-services + test + org.jboss.logmanager jboss-logmanager @@ -173,6 +178,17 @@ jmockit test + + org.wildfly.security + wildfly-elytron-credential-source-impl + test + + + org.wildfly.security + wildfly-elytron-tests-common + test-jar + test + diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java index ac5e2861fc3..e836cc3b468 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java @@ -18,10 +18,10 @@ package org.wildfly.security.http.oidc; +import static org.jboss.logging.annotations.Message.NONE; import static org.jboss.logging.Logger.Level.DEBUG; import static org.jboss.logging.Logger.Level.ERROR; import static org.jboss.logging.Logger.Level.WARN; -import static org.jboss.logging.annotations.Message.NONE; import java.io.IOException; @@ -238,5 +238,45 @@ interface ElytronMessages extends BasicLogger { @Message(id = 23057, value = "principal-attribute '%s' claim does not exist, falling back to 'sub'") void principalAttributeClaimDoesNotExist(String principalAttributeClaim); + @Message(id = 23058, value = "Invalid keystore configuration for signing Request Objects.") + IOException invalidKeyStoreConfiguration(); + + @Message(id = 23059, value = "The signature algorithm specified is not supported by the OpenID Provider.") + IOException invalidRequestObjectSignatureAlgorithm(); + + @Message(id = 23060, value = "The encryption algorithm specified is not supported by the OpenID Provider.") + IOException invalidRequestObjectEncryptionAlgorithm(); + + @Message(id = 23061, value = "The content encryption algorithm (enc value) specified is not supported by the OpenID Provider.") + IOException invalidRequestObjectEncryptionEncValue(); + + @LogMessage(level = WARN) + @Message(id = 23062, value = "The OpenID provider does not support request parameters. Sending the request using OAuth2 format.") + void requestParameterNotSupported(); + + @Message(id = 23063, value = "Both request object encryption algorithm and request object content encryption algorithm must be configured to encrypt the request object.") + IllegalArgumentException invalidRequestObjectEncryptionAlgorithmConfiguration(); + + @Message(id = 23064, value = "Failed to create the authentication request using the request parameter.") + RuntimeException unableToCreateRequestWithRequestParameter(@Cause Exception cause); + + @Message(id = 23065, value = "Failed to create the authentication request using the request_uri parameter.") + RuntimeException unableToCreateRequestUriWithRequestParameter(@Cause Exception cause); + + @Message (id = 23066, value = "Failed to send a request to the OpenID provider's Pushed Authorization Request endpoint.") + RuntimeException failedToSendPushedAuthorizationRequest(@Cause Exception cause); + + @Message(id = 23067, value = "Cannot retrieve the request_uri as the pushed authorization request endpoint is not available for the OpenID provider.") + RuntimeException pushedAuthorizationRequestEndpointNotAvailable(); + + @LogMessage(level = WARN) + @Message(id = 23068, value = "The request object will be unsigned. This should not be used in a production environment. To sign the request object, for use in a production environment, please specify the request object signing algorithm.") + void unsignedRequestObjectIsUsed(); + + @Message(id = 23069, value = "The client secret has not been configured. Unable to sign the request object using the client secret.") + RuntimeException clientSecretNotConfigured(); + + @Message(id = 23070, value = "Authentication request format must be one of the following: oauth2, request, request_uri.") + RuntimeException invalidAuthenticationRequestFormat(); } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java new file mode 100644 index 00000000000..819e5950671 --- /dev/null +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKEncPublicKeyLocator.java @@ -0,0 +1,113 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import static org.apache.http.HttpHeaders.ACCEPT; +import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.JSON_CONTENT_TYPE; + +import java.security.PublicKey; +import java.util.ArrayList; +import java.util.Map; +import java.util.List; + +import org.apache.http.client.methods.HttpGet; +import org.wildfly.security.jose.jwk.JWK; +import org.wildfly.security.jose.jwk.JsonWebKeySet; +import org.wildfly.security.jose.jwk.JsonWebKeySetUtil; + +/** + * A public key locator that dynamically obtains the public key used for encryption + * from an OpenID provider by sending a request to the provider's {@code jwks_uri} + * when needed. + * + * @author Prarthona Paul + * */ +class JWKEncPublicKeyLocator implements PublicKeyLocator { + private List currentKeys = new ArrayList<>(); + + private volatile int lastRequestTime = 0; + + @Override + public PublicKey getPublicKey(String kid, OidcClientConfiguration config) { + int minTimeBetweenRequests = config.getMinTimeBetweenJwksRequests(); + int publicKeyCacheTtl = config.getPublicKeyCacheTtl(); + int currentTime = getCurrentTime(); + + PublicKey publicKey = lookupCachedKey(publicKeyCacheTtl, currentTime); + if (publicKey != null) { + return publicKey; + } + + synchronized (this) { + currentTime = getCurrentTime(); + if (currentTime > lastRequestTime + minTimeBetweenRequests) { + sendRequest(config); + lastRequestTime = currentTime; + } else { + log.debug("Won't send request to jwks url. Last request time was " + lastRequestTime); + } + return lookupCachedKey(publicKeyCacheTtl, currentTime); + } + + } + + @Override + public void reset(OidcClientConfiguration config) { + synchronized (this) { + sendRequest(config); + lastRequestTime = getCurrentTime(); + } + } + + private PublicKey lookupCachedKey(int publicKeyCacheTtl, int currentTime) { + if (lastRequestTime + publicKeyCacheTtl > currentTime) { + return currentKeys.get(0); // returns the first cached public key + } else { + return null; + } + } + + private static int getCurrentTime() { + return (int) (System.currentTimeMillis() / 1000); + } + + private void sendRequest(OidcClientConfiguration config) { + if (log.isTraceEnabled()) { + log.trace("Going to send request to retrieve new set of public keys to encrypt a JWT request for client " + config.getResourceName()); + } + + HttpGet request = new HttpGet(config.getJwksUrl()); + request.addHeader(ACCEPT, JSON_CONTENT_TYPE); + try { + JsonWebKeySet jwks = Oidc.sendJsonHttpRequest(config, request, JsonWebKeySet.class); + Map publicKeys = JsonWebKeySetUtil.getKeysForUse(jwks, JWK.Use.ENC); + + if (log.isDebugEnabled()) { + log.debug("Public keys successfully retrieved for client " + config.getResourceName() + ". New kids: " + publicKeys.keySet()); + } + + // update current keys + currentKeys.clear(); + currentKeys.addAll(publicKeys.values()); + } catch (OidcException e) { + log.error("Error when sending request to retrieve public keys", e); + } + } +} diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java index 4da8d3a5384..13df213373b 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTClientCredentialsProvider.java @@ -19,18 +19,13 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.JWTSigningUtils.loadKeyPairFromKeyStore; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ASSERTION; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ASSERTION_TYPE; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ASSERTION_TYPE_JWT; -import static org.wildfly.security.http.oidc.Oidc.PROTOCOL_CLASSPATH; import static org.wildfly.security.http.oidc.Oidc.asInt; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.InputStream; import java.security.KeyPair; -import java.security.KeyStore; -import java.security.PrivateKey; import java.security.PublicKey; import java.security.interfaces.RSAPublicKey; import java.util.Map; @@ -155,43 +150,4 @@ protected JwtClaims createRequestToken(String clientId, String tokenUrl) { jwtClaims.setExpirationTime(exp); return jwtClaims; } - - private static KeyPair loadKeyPairFromKeyStore(String keyStoreFile, String storePassword, String keyPassword, String keyAlias, String keyStoreType) { - InputStream stream = findFile(keyStoreFile); - try { - KeyStore keyStore = KeyStore.getInstance(keyStoreType); - keyStore.load(stream, storePassword.toCharArray()); - PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray()); - if (privateKey == null) { - log.unableToLoadKeyWithAlias(keyAlias); - } - PublicKey publicKey = keyStore.getCertificate(keyAlias).getPublicKey(); - return new KeyPair(publicKey, privateKey); - } catch (Exception e) { - throw log.unableToLoadPrivateKey(e); - } - } - - private static InputStream findFile(String keystoreFile) { - if (keystoreFile.startsWith(PROTOCOL_CLASSPATH)) { - String classPathLocation = keystoreFile.replace(PROTOCOL_CLASSPATH, ""); - // try current class classloader first - InputStream is = JWTClientCredentialsProvider.class.getClassLoader().getResourceAsStream(classPathLocation); - if (is == null) { - is = Thread.currentThread().getContextClassLoader().getResourceAsStream(classPathLocation); - } - if (is != null) { - return is; - } else { - throw log.unableToFindKeystoreFile(keystoreFile); - } - } else { - try { - // fallback to file - return new FileInputStream(keystoreFile); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); - } - } - } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java new file mode 100644 index 00000000000..03546d8a23f --- /dev/null +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java @@ -0,0 +1,78 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.security.KeyPair; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.PublicKey; + +import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.PROTOCOL_CLASSPATH; + +/** + * A utility class to obtain the KeyPair from a keystore file. + * + * @author Prarthona Paul + */ + +class JWTSigningUtils { + + public static KeyPair loadKeyPairFromKeyStore(String keyStoreFile, String storePassword, String keyPassword, String keyAlias, String keyStoreType) { + InputStream stream = findFile(keyStoreFile); + try { + KeyStore keyStore = KeyStore.getInstance(keyStoreType); + keyStore.load(stream, storePassword.toCharArray()); + PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray()); + if (privateKey == null) { + throw log.unableToLoadKeyWithAlias(keyAlias); + } + PublicKey publicKey = keyStore.getCertificate(keyAlias).getPublicKey(); + return new KeyPair(publicKey, privateKey); + } catch (Exception e) { + throw log.unableToLoadPrivateKey(e); + } + } + + public static InputStream findFile(String keystoreFile) { + if (keystoreFile.startsWith(PROTOCOL_CLASSPATH)) { + String classPathLocation = keystoreFile.replace(PROTOCOL_CLASSPATH, ""); + // try current class classloader first + InputStream is = JWTSigningUtils.class.getClassLoader().getResourceAsStream(classPathLocation); + if (is == null) { + is = Thread.currentThread().getContextClassLoader().getResourceAsStream(classPathLocation); + } + if (is != null) { + return is; + } else { + throw log.unableToFindKeystoreFile(keystoreFile); + } + } else { + try { + // fallback to file + return new FileInputStream(keystoreFile); + } catch (FileNotFoundException e) { + throw new RuntimeException(e); + } + } + } +} diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index f42313b7f58..575809f2f4b 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -45,6 +45,7 @@ public class Oidc { public static final String ACCEPT = "Accept"; + public static final String AUTHENTICATION_REQUEST_FORMAT = "authentication-request-format"; public static final String OIDC_NAME = "OIDC"; public static final String JSON_CONTENT_TYPE = "application/json"; public static final String HTML_CONTENT_TYPE = "text/html"; @@ -74,6 +75,8 @@ public class Oidc { public static final String PARTIAL = "partial/"; public static final String PASSWORD = "password"; public static final String PROMPT = "prompt"; + public static final String REQUEST = "request"; + public static final String REQUEST_URI = "request_uri"; public static final String SCOPE = "scope"; public static final String UI_LOCALES = "ui_locales"; public static final String USERNAME = "username"; @@ -201,6 +204,27 @@ public enum TokenStore { COOKIE } + public enum AuthenticationRequestFormat { + OAUTH2("oauth2"), + REQUEST("request"), + REQUEST_URI("request_uri"); + + private final String value; + + AuthenticationRequestFormat(String value) { + this.value = value; + } + + /** + * Get the string value for this authentication format. + * + * @return the string value for this authentication format + */ + public String getValue() { + return value; + } + } + public enum ClientCredentialsProviderType { SECRET("secret"), JWT("jwt"), diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java index 3e18fb4eb6d..ca56da28633 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java @@ -30,9 +30,11 @@ import static org.wildfly.security.http.oidc.Oidc.SLASH; import static org.wildfly.security.http.oidc.Oidc.SSLRequired; import static org.wildfly.security.http.oidc.Oidc.TokenStore; +import static org.wildfly.security.jose.util.JsonSerialization.readValue; import java.net.URI; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.concurrent.Callable; @@ -41,7 +43,6 @@ import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.util.EntityUtils; -import org.wildfly.security.jose.util.JsonSerialization; /** * The OpenID Connect (OIDC) configuration for a client application. This class is based on @@ -81,6 +82,11 @@ public enum RelativeUrlsUsed { protected String jwksUrl; protected String issuerUrl; protected String principalAttribute = "sub"; + protected List requestObjectSigningAlgValuesSupported; + protected List requestObjectEncryptionEncValuesSupported; + protected List requestObjectEncryptionAlgValuesSupported; + protected boolean requestParameterSupported; + protected boolean requestUriParameterSupported; protected String resource; protected String clientId; @@ -126,6 +132,17 @@ public enum RelativeUrlsUsed { protected boolean verifyTokenAudience = false; protected String tokenSignatureAlgorithm = DEFAULT_TOKEN_SIGNATURE_ALGORITHM; + protected String authenticationRequestFormat; + protected String requestObjectSigningAlgorithm; + protected String requestObjectEncryptionAlgValue; + protected String requestObjectEncryptionEncValue; + protected String pushedAuthorizationRequestEndpoint; + protected String requestObjectSigningKeyStoreFile; + protected String requestObjectSigningKeyStorePassword; + protected String requestObjectSigningKeyPassword; + protected String requestObjectSigningKeyAlias; + protected String requestObjectSigningKeyStoreType; + protected JWKEncPublicKeyLocator encryptionPublicKeyLocator; public OidcClientConfiguration() { } @@ -223,6 +240,13 @@ protected void resolveUrls() { tokenUrl = config.getTokenEndpoint(); logoutUrl = config.getLogoutEndpoint(); jwksUrl = config.getJwksUri(); + requestParameterSupported = config.getRequestParameterSupported(); + requestObjectSigningAlgValuesSupported = config.getRequestObjectSigningAlgValuesSupported(); + requestObjectEncryptionEncValuesSupported = config.getRequestObjectEncryptionEncValuesSupported(); + requestObjectEncryptionAlgValuesSupported = config.getRequestObjectEncryptionAlgValuesSupported(); + requestUriParameterSupported = config.getRequestUriParameterSupported(); + pushedAuthorizationRequestEndpoint = config.getPushedAuthorizationRequestEndpoint(); + if (authServerBaseUrl != null) { // keycloak-specific properties accountUrl = getUrl(issuerUrl, ACCOUNT_PATH); @@ -246,7 +270,7 @@ protected OidcProviderMetadata getOidcProviderMetadata(String discoveryUrl) thro EntityUtils.consumeQuietly(response.getEntity()); throw new Exception(response.getStatusLine().getReasonPhrase()); } - return JsonSerialization.readValue(response.getEntity().getContent(), OidcProviderMetadata.class); + return readValue(response.getEntity().getContent(), OidcProviderMetadata.class); } finally { request.releaseConnection(); } @@ -329,6 +353,26 @@ public String getIssuerUrl() { return issuerUrl; } + public List getRequestObjectSigningAlgValuesSupported() { + return requestObjectSigningAlgValuesSupported; + } + + public List getRequestObjectEncryptionAlgValuesSupported() { + return requestObjectEncryptionAlgValuesSupported; + } + + public List getRequestObjectEncryptionEncValuesSupported() { + return requestObjectEncryptionEncValuesSupported; + } + + public boolean getRequestParameterSupported() { + return requestParameterSupported; + } + + public boolean getRequestUriParameterSupported() { + return requestUriParameterSupported; + } + public void setResource(String resource) { this.resource = resource; } @@ -648,4 +692,91 @@ public String getTokenSignatureAlgorithm() { return tokenSignatureAlgorithm; } + public String getAuthenticationRequestFormat() { + return authenticationRequestFormat; + } + + public void setAuthenticationRequestFormat(String authenticationRequestFormat) { + this.authenticationRequestFormat = authenticationRequestFormat; + } + + public String getRequestObjectSigningAlgorithm() { + return requestObjectSigningAlgorithm; + } + + public void setRequestObjectSigningAlgorithm(String requestObjectSigningAlgorithm) { + this.requestObjectSigningAlgorithm = requestObjectSigningAlgorithm; + } + + public String getRequestObjectEncryptionAlgValue() { + return requestObjectEncryptionAlgValue; + } + + public void setRequestObjectEncryptionAlgValue(String requestObjectEncryptionAlgValue) { + this.requestObjectEncryptionAlgValue = requestObjectEncryptionAlgValue; + } + + public String getRequestObjectEncryptionEncValue() { + return requestObjectEncryptionEncValue; + } + + public void setRequestObjectEncryptionEncValue(String requestObjectEncryptionEncValue) { + this.requestObjectEncryptionEncValue = requestObjectEncryptionEncValue; + } + + public String getRequestObjectSigningKeyStoreFile() { + return requestObjectSigningKeyStoreFile; + } + + public void setRequestObjectSigningKeyStoreFile(String keyStoreFile) { + this.requestObjectSigningKeyStoreFile = keyStoreFile; + } + + public String getRequestObjectSigningKeyStorePassword() { + return requestObjectSigningKeyStorePassword; + } + + public void setRequestObjectSigningKeyStorePassword(String requestObjectSigningKeyStorePassword) { + this.requestObjectSigningKeyStorePassword = requestObjectSigningKeyStorePassword; + } + + public String getRequestObjectSigningKeyPassword() { + return requestObjectSigningKeyPassword; + } + + public void setRequestObjectSigningKeyPassword(String requestObjectSigningKeyPassword) { + this.requestObjectSigningKeyPassword = requestObjectSigningKeyPassword; + } + + public String getRequestObjectSigningKeyStoreType() { + return requestObjectSigningKeyStoreType; + } + + public void setRequestObjectSigningKeyStoreType(String requestObjectSigningKeyStoreType) { + this.requestObjectSigningKeyStoreType = requestObjectSigningKeyStoreType; + } + + public String getRequestObjectSigningKeyAlias() { + return requestObjectSigningKeyAlias; + } + + public void setRequestObjectSigningKeyAlias(String requestObjectSigningKeyAlias) { + this.requestObjectSigningKeyAlias = requestObjectSigningKeyAlias; + } + + public String getPushedAuthorizationRequestEndpoint() { + return pushedAuthorizationRequestEndpoint; + } + + public void setPushedAuthorizationRequestEndpoint(String pushedAuthorizationRequestEndpoint) { + this.pushedAuthorizationRequestEndpoint = pushedAuthorizationRequestEndpoint; + } + + public void setEncryptionPublicKeyLocator(JWKEncPublicKeyLocator publicKeySetExtractor) { + this.encryptionPublicKeyLocator = publicKeySetExtractor; + } + + public JWKEncPublicKeyLocator getEncryptionPublicKeyLocator() { + return this.encryptionPublicKeyLocator; + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java index f2d757e493c..43bebace9f6 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java @@ -18,7 +18,11 @@ package org.wildfly.security.http.oidc; +import static org.jose4j.jws.AlgorithmIdentifiers.NONE; import static org.wildfly.security.http.oidc.ElytronMessages.log; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; import static org.wildfly.security.http.oidc.Oidc.SSLRequired; import static org.wildfly.security.http.oidc.Oidc.TokenStore; @@ -103,6 +107,41 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc if (oidcJsonConfiguration.getScope() != null) { oidcClientConfiguration.setScope(oidcJsonConfiguration.getScope()); } + if (oidcJsonConfiguration.getAuthenticationRequestFormat() != null) { + if (!(oidcJsonConfiguration.getAuthenticationRequestFormat().equals(OAUTH2.getValue()) || + oidcJsonConfiguration.getAuthenticationRequestFormat().equals(REQUEST.getValue()) || + oidcJsonConfiguration.getAuthenticationRequestFormat().equals(REQUEST_URI.getValue()))) { + throw log.invalidAuthenticationRequestFormat(); + } + oidcClientConfiguration.setAuthenticationRequestFormat(oidcJsonConfiguration.getAuthenticationRequestFormat()); + } else { + oidcClientConfiguration.setAuthenticationRequestFormat(OAUTH2.getValue()); + } + if (oidcJsonConfiguration.getRequestObjectSigningAlgorithm() != null) { + oidcClientConfiguration.setRequestObjectSigningAlgorithm(oidcJsonConfiguration.getRequestObjectSigningAlgorithm()); + } else { + oidcClientConfiguration.setRequestObjectSigningAlgorithm(NONE); + } + if (oidcJsonConfiguration.getRequestObjectEncryptionAlgValue() != null && oidcJsonConfiguration.getRequestObjectEncryptionEncValue() != null) { //both are required to encrypt the request object + oidcClientConfiguration.setRequestObjectEncryptionAlgValue(oidcJsonConfiguration.getRequestObjectEncryptionAlgValue()); + oidcClientConfiguration.setRequestObjectEncryptionEncValue(oidcJsonConfiguration.getRequestObjectEncryptionEncValue()); + JWKEncPublicKeyLocator encryptionPublicKeyLocator = new JWKEncPublicKeyLocator(); + oidcClientConfiguration.setEncryptionPublicKeyLocator(encryptionPublicKeyLocator); + } else if (oidcJsonConfiguration.getRequestObjectEncryptionAlgValue() != null || oidcJsonConfiguration.getRequestObjectEncryptionEncValue() != null) { //if only one is specified, that is not correct + throw log.invalidRequestObjectEncryptionAlgorithmConfiguration(); + } + if (oidcJsonConfiguration.getRequestObjectSigningKeyStoreFile() != null + && oidcJsonConfiguration.getRequestObjectSigningKeyStorePassword() != null + && oidcJsonConfiguration.getRequestObjectSigningKeyPassword() != null + && oidcJsonConfiguration.getRequestObjectSigningKeyAlias() != null) { + oidcClientConfiguration.setRequestObjectSigningKeyStoreFile(oidcJsonConfiguration.getRequestObjectSigningKeyStoreFile()); + oidcClientConfiguration.setRequestObjectSigningKeyStorePassword(oidcJsonConfiguration.getRequestObjectSigningKeyStorePassword()); + oidcClientConfiguration.setRequestObjectSigningKeyPassword(oidcJsonConfiguration.getRequestObjectSigningKeyPassword()); + oidcClientConfiguration.setRequestObjectSigningKeyAlias(oidcJsonConfiguration.getRequestObjectSigningKeyAlias()); + if (oidcJsonConfiguration.getRequestObjectSigningKeyStoreType() != null) { + oidcClientConfiguration.setRequestObjectSigningKeyStoreType(oidcJsonConfiguration.getRequestObjectSigningKeyStoreType()); + } + } if (oidcJsonConfiguration.getPrincipalAttribute() != null) oidcClientConfiguration.setPrincipalAttribute(oidcJsonConfiguration.getPrincipalAttribute()); oidcClientConfiguration.setResourceCredentials(oidcJsonConfiguration.getCredentials()); @@ -193,8 +232,8 @@ public static OidcJsonConfiguration loadOidcJsonConfiguration(InputStream is) { return adapterConfig; } - public static OidcClientConfiguration build(OidcJsonConfiguration oidcJsonConfiguration) { return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration); } + } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java index 3c249bb846b..f5d930bd525 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientContext.java @@ -525,6 +525,107 @@ public String getTokenSignatureAlgorithm() { public void setTokenSignatureAlgorithm(String tokenSignatureAlgorithm) { delegate.setTokenSignatureAlgorithm(tokenSignatureAlgorithm); } + + @Override + public String getAuthenticationRequestFormat() { + return delegate.getAuthenticationRequestFormat(); + } + + @Override + public void setAuthenticationRequestFormat(String authFormat) { + delegate.setAuthenticationRequestFormat(authFormat); + } + + @Override + public String getRequestObjectSigningAlgorithm() { + return delegate.getRequestObjectSigningAlgorithm(); + } + + @Override + public void setRequestObjectSigningAlgorithm(String requestSignature) { + delegate.setRequestObjectSigningAlgorithm(requestSignature); + } + + @Override + public String getRequestObjectEncryptionAlgValue() { + return delegate.getRequestObjectEncryptionAlgValue(); + } + + @Override + public void setRequestObjectEncryptionAlgValue(String requestObjectEncryptionAlgValue) { + delegate.setRequestObjectEncryptionAlgValue(requestObjectEncryptionAlgValue); + } + + @Override + public String getRequestObjectEncryptionEncValue() { + return delegate.requestObjectEncryptionEncValue; + } + + @Override + public void setRequestObjectEncryptionEncValue (String requestObjectEncryptionEncValue) { + delegate.requestObjectEncryptionEncValue = requestObjectEncryptionEncValue; + } + + @Override + public String getRequestObjectSigningKeyStoreFile() { + return delegate.requestObjectSigningKeyStoreFile; + } + + @Override + public void setRequestObjectSigningKeyStoreFile(String keyStoreFile) { + delegate.requestObjectSigningKeyStoreFile = keyStoreFile; + } + + @Override + public String getRequestObjectSigningKeyStorePassword() { + return delegate.requestObjectSigningKeyStorePassword; + } + + @Override + public void setRequestObjectSigningKeyStorePassword(String requestObjectSigningKeyStorePassword) { + delegate.requestObjectSigningKeyStorePassword = requestObjectSigningKeyStorePassword; + } + + @Override + public String getRequestObjectSigningKeyPassword() { + return delegate.requestObjectSigningKeyPassword; + } + + @Override + public void setRequestObjectSigningKeyPassword(String requestObjectSigningKeyPassword) { + delegate.requestObjectSigningKeyPassword = requestObjectSigningKeyPassword; + } + + @Override + public String getRequestObjectSigningKeyStoreType() { + return delegate.requestObjectSigningKeyStoreType; + } + + @Override + public void setRequestObjectSigningKeyStoreType(String type) { + delegate.requestObjectSigningKeyStoreType = type; + } + + @Override + public String getRequestObjectSigningKeyAlias() { + return delegate.requestObjectSigningKeyAlias; + } + + @Override + public void setRequestObjectSigningKeyAlias(String alias) { + delegate.requestObjectSigningKeyAlias = alias; + } + + @Override + public boolean getRequestParameterSupported() { + return delegate.requestParameterSupported; + } + + @Override + public boolean getRequestUriParameterSupported() { + return delegate.requestUriParameterSupported; + } + } protected String getAuthServerBaseUrl(OidcHttpFacade facade, String base) { diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java index f835cc4fbc2..29d2d785e3c 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java @@ -38,15 +38,18 @@ "resource", "public-client", "credentials", "use-resource-role-mappings", "use-realm-role-mappings", "enable-cors", "cors-max-age", "cors-allowed-methods", "cors-exposed-headers", - "expose-token", "bearer-only", "autodetect-bearer-only", - "connection-pool-size", + "expose-token", "bearer-only", "autodetect-bearer-only", "connection-pool-size", "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password", "client-keystore", "client-keystore-password", "client-key-password", "always-refresh-token", "register-node-at-startup", "register-node-period", "token-store", "adapter-state-cookie-path", "principal-attribute", "proxy-url", "turn-off-change-session-id-on-login", "token-minimum-time-to-live", "min-time-between-jwks-requests", "public-key-cache-ttl", - "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope" + "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope", + "authentication-request-format", "request-object-signing-algorithm", "request-object-encryption-alg-value", + "request-object-encryption-enc-value", "request-object-signing-keystore-file", + "request-object-signing-keystore-password","request-object-signing-key-password", "request-object-signing-key-alias", + "request-object-signing-keystore-type" }) public class OidcJsonConfiguration { @@ -64,6 +67,16 @@ public class OidcJsonConfiguration { protected String clientKeystorePassword; @JsonProperty("client-key-password") protected String clientKeyPassword; + @JsonProperty("request-object-signing-keystore-file") + protected String requestObjectSigningKeyStoreFile; + @JsonProperty("request-object-signing-keystore-password") + protected String requestObjectSigningKeyStorePassword; + @JsonProperty("request-object-signing-key-password") + protected String requestObjectSigningKeyPassword; + @JsonProperty("request-object-signing-key-alias") + protected String requestObjectSigningKeyAlias; + @JsonProperty("request-object-signing-keystore-type") + protected String requestObjectSigningKeyStoreType; @JsonProperty("connection-pool-size") protected int connectionPoolSize = 20; @JsonProperty("always-refresh-token") @@ -142,6 +155,17 @@ public class OidcJsonConfiguration { @JsonProperty("scope") protected String scope; + @JsonProperty("authentication-request-format") + protected String authenticationRequestFormat; + + @JsonProperty("request-object-signing-algorithm") + protected String requestObjectSigningAlgorithm; + + @JsonProperty("request-object-encryption-alg-value") + protected String requestObjectEncryptionAlgValue; + + @JsonProperty("request-object-encryption-enc-value") + protected String requestObjectEncryptionEncValue; /** * The Proxy url to use for requests to the auth-server, configurable via the adapter config property {@code proxy-url}. @@ -181,6 +205,13 @@ public void setTruststorePassword(String truststorePassword) { this.truststorePassword = truststorePassword; } + public String getRequestObjectSigningKeyStoreFile() { + return requestObjectSigningKeyStoreFile; + } + + public void setRequestObjectSigningKeyStoreFile(String requestObjectSigningKeyStoreFile) { + this.requestObjectSigningKeyStoreFile = requestObjectSigningKeyStoreFile; + } public String getClientKeystore() { return clientKeystore; } @@ -189,6 +220,22 @@ public void setClientKeystore(String clientKeystore) { this.clientKeystore = clientKeystore; } + public String getRequestObjectSigningKeyStoreType() { + return requestObjectSigningKeyStoreType; + } + + public void setRequestObjectSigningKeyStoreType(String requestObjectSigningKeyStoreType) { + this.requestObjectSigningKeyStoreType = requestObjectSigningKeyStoreType; + } + + public String getRequestObjectSigningKeyAlias() { + return requestObjectSigningKeyAlias; + } + + public void setRequestObjectSigningKeyAlias(String requestObjectSigningKeyAlias) { + this.requestObjectSigningKeyAlias = requestObjectSigningKeyAlias; + } + public String getClientKeystorePassword() { return clientKeystorePassword; } @@ -201,10 +248,26 @@ public String getClientKeyPassword() { return clientKeyPassword; } + public String getRequestObjectSigningKeyPassword() { + return requestObjectSigningKeyPassword; + } + + public String getRequestObjectSigningKeyStorePassword() { + return requestObjectSigningKeyStorePassword; + } + public void setClientKeyPassword(String clientKeyPassword) { this.clientKeyPassword = clientKeyPassword; } + public void setRequestObjectSigningKeyStorePassword(String requestObjectSigningKeyStorePassword) { + this.requestObjectSigningKeyStorePassword = requestObjectSigningKeyStorePassword; + } + + public void setRequestObjectSigningKeyPassword(String requestObjectSigningKeyPassword) { + this.requestObjectSigningKeyPassword = requestObjectSigningKeyPassword; + } + public int getConnectionPoolSize() { return connectionPoolSize; } @@ -521,5 +584,36 @@ public String getScope() { public void setScope(String scope) { this.scope = scope; } + public String getAuthenticationRequestFormat() { + return authenticationRequestFormat; + } + + public void setAuthenticationRequestFormat(String authenticationRequestFormat) { + this.authenticationRequestFormat = authenticationRequestFormat; + } + + public String getRequestObjectSigningAlgorithm() { + return requestObjectSigningAlgorithm; + } + + public void setRequestObjectSigningAlgorithm(String requestObjectSigningAlgorithm) { + this.requestObjectSigningAlgorithm = requestObjectSigningAlgorithm; + } + + public String getRequestObjectEncryptionAlgValue() { + return requestObjectEncryptionAlgValue; + } + + public void setRequestObjectEncryptionAlgValue(String requestObjectEncryptionAlgValue) { + this.requestObjectEncryptionAlgValue = requestObjectEncryptionAlgValue; + } + + public String getRequestObjectEncryptionEncValue() { + return requestObjectEncryptionEncValue; + } + + public void setRequestObjectEncryptionEncValue (String requestObjectEncryptionEncValue) { + this.requestObjectEncryptionEncValue = requestObjectEncryptionEncValue; + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java index 9984de7c023..6c964dbfe1b 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java @@ -114,6 +114,9 @@ public class OidcProviderMetadata { @JsonProperty("request_uri_parameter_supported") private Boolean requestUriParameterSupported; + @JsonProperty("pushed_authorization_request_endpoint") + private String pushedAuthorizationRequestEndpoint; + @JsonProperty("revocation_endpoint") private String revocationEndpoint; @@ -142,6 +145,12 @@ public class OidcProviderMetadata { @JsonProperty("tls_client_certificate_bound_access_tokens") private Boolean tlsClientCertificateBoundAccessTokens; + @JsonProperty("request_object_encryption_enc_values_supported") + private List requestObjectEncryptionEncValuesSupported; + + @JsonProperty("request_object_encryption_alg_values_supported") + private List requestObjectEncryptionAlgValuesSupported; + protected Map otherClaims = new HashMap(); public String getIssuer() { @@ -411,6 +420,30 @@ public Boolean getTlsClientCertificateBoundAccessTokens() { return tlsClientCertificateBoundAccessTokens; } + public List getRequestObjectEncryptionAlgValuesSupported() { + return requestObjectEncryptionAlgValuesSupported; + } + + public void setRequestObjectEncryptionAlgValuesSupported(List requestObjectEncryptionAlgValuesSupported) { + this.requestObjectEncryptionAlgValuesSupported = requestObjectEncryptionAlgValuesSupported; + } + + public List getRequestObjectEncryptionEncValuesSupported() { + return requestObjectEncryptionEncValuesSupported; + } + + public void setRequestObjectEncryptionEncValuesSupported(List requestObjectEncryptionEncValuesSupported) { + this.requestObjectEncryptionEncValuesSupported = requestObjectEncryptionEncValuesSupported; + } + + public String getPushedAuthorizationRequestEndpoint() { + return pushedAuthorizationRequestEndpoint; + } + + public void setPushedAuthorizationRequestEndpoint(String url) { + this.pushedAuthorizationRequestEndpoint = url; + } + @JsonAnyGetter public Map getOtherClaims() { return otherClaims; diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java index bf67e938598..5ef5c26122e 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcRequestAuthenticator.java @@ -18,6 +18,10 @@ package org.wildfly.security.http.oidc; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA256; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA384; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA512; +import static org.jose4j.jws.AlgorithmIdentifiers.NONE; import static org.wildfly.security.http.oidc.ElytronMessages.log; import static org.wildfly.security.http.oidc.Oidc.ALLOW_QUERY_PARAMS_PROPERTY_NAME; import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID; @@ -32,13 +36,17 @@ import static org.wildfly.security.http.oidc.Oidc.PROMPT; import static org.wildfly.security.http.oidc.Oidc.REDIRECT_URI; import static org.wildfly.security.http.oidc.Oidc.RESPONSE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_URI; import static org.wildfly.security.http.oidc.Oidc.SCOPE; import static org.wildfly.security.http.oidc.Oidc.SESSION_STATE; import static org.wildfly.security.http.oidc.Oidc.STATE; import static org.wildfly.security.http.oidc.Oidc.UI_LOCALES; +import static org.wildfly.security.http.oidc.Oidc.ClientCredentialsProviderType.SECRET; + +import static org.wildfly.security.http.oidc.Oidc.logToken; import static org.wildfly.security.http.oidc.Oidc.generateId; import static org.wildfly.security.http.oidc.Oidc.getQueryParamValue; -import static org.wildfly.security.http.oidc.Oidc.logToken; import static org.wildfly.security.http.oidc.Oidc.stripQueryParam; import java.io.IOException; @@ -47,6 +55,10 @@ import java.net.URL; import java.security.AccessController; import java.security.PrivilegedAction; +import java.nio.charset.StandardCharsets; +import java.security.Key; +import java.security.KeyPair; +import java.security.PublicKey; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; @@ -54,10 +66,16 @@ import java.util.Map; import java.util.Set; -import org.apache.http.HttpStatus; import org.apache.http.NameValuePair; +import org.apache.http.HttpStatus; import org.apache.http.client.utils.URIBuilder; import org.apache.http.message.BasicNameValuePair; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwt.JwtClaims; +import org.jose4j.keys.HmacKey; +import org.jose4j.lang.JoseException; import org.wildfly.security.http.HttpConstants; /** @@ -201,18 +219,73 @@ protected String getRedirectUri(String state) { return null; } - URIBuilder redirectUriBuilder = new URIBuilder(deployment.getAuthUrl()) - .addParameter(RESPONSE_TYPE, CODE) - .addParameter(CLIENT_ID, deployment.getResourceName()) - .addParameter(REDIRECT_URI, rewrittenRedirectUri(url)) - .addParameter(STATE, state); - redirectUriBuilder.addParameters(forwardedQueryParams); + String redirectUri = rewrittenRedirectUri(url); + URIBuilder redirectUriBuilder = new URIBuilder(deployment.getAuthUrl()); + redirectUriBuilder.addParameter(RESPONSE_TYPE, CODE) + .addParameter(CLIENT_ID, deployment.getResourceName()); + + switch (deployment.getAuthenticationRequestFormat()) { + case REQUEST: + if (deployment.getRequestParameterSupported()) { + // add request objects into request parameter + try { + createRequestWithRequestParameter(REQUEST, redirectUriBuilder, redirectUri, state, forwardedQueryParams); + } catch (IOException | JoseException e) { + throw log.unableToCreateRequestWithRequestParameter(e); + } + } else { + // send request as usual + createOAuthRequest(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + log.requestParameterNotSupported(); + } + break; + case REQUEST_URI: + if (deployment.getRequestUriParameterSupported()) { + try { + createRequestWithRequestParameter(REQUEST_URI, redirectUriBuilder, redirectUri, state, forwardedQueryParams); + } catch (IOException | JoseException e) { + throw log.unableToCreateRequestUriWithRequestParameter(e); + } + } else { + // send request as usual + createOAuthRequest(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + log.requestParameterNotSupported(); + } + break; + default: + createOAuthRequest(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + break; + } return redirectUriBuilder.build().toString(); } catch (URISyntaxException e) { throw log.unableToCreateRedirectResponse(e); } } + protected URIBuilder createOAuthRequest(URIBuilder redirectUriBuilder, String redirectUri, String state, List forwardedQueryParams) { + redirectUriBuilder.addParameter(REDIRECT_URI, redirectUri) + .addParameter(STATE, state) + .addParameters(forwardedQueryParams); + return redirectUriBuilder; + } + + protected URIBuilder createRequestWithRequestParameter(String requestFormat, URIBuilder redirectUriBuilder, String redirectUri, String state, List forwardedQueryParams) throws JoseException, IOException { + String request = convertToRequestParameter(redirectUriBuilder, redirectUri, state, forwardedQueryParams); + + switch (requestFormat) { + case REQUEST: + redirectUriBuilder.addParameter(REDIRECT_URI, redirectUri) + .addParameter(REQUEST, request); + break; + case REQUEST_URI: + String request_uri = ServerRequest.getRequestUri(request, deployment); + redirectUriBuilder.addParameter("request_uri", request_uri) + .addParameter(REDIRECT_URI, redirectUri); + break; + } + return redirectUriBuilder; + } + protected int getSSLRedirectPort() { return sslRedirectPort; } @@ -461,4 +534,92 @@ private void addScopes(String scopes, Set allScopes) { allScopes.addAll(Arrays.asList(scopes.split("\\s+"))); } } + + private String convertToRequestParameter(URIBuilder redirectUriBuilder, String redirectUri, String state, List forwardedQueryParams) throws JoseException, IOException { + redirectUriBuilder.addParameter(SCOPE, OIDC_SCOPE); + + JwtClaims jwtClaims = new JwtClaims(); + jwtClaims.setIssuer(deployment.getResourceName()); + jwtClaims.setAudience(deployment.getIssuerUrl()); + + for ( NameValuePair parameter: forwardedQueryParams) { + jwtClaims.setClaim(parameter.getName(), parameter.getValue()); + } + jwtClaims.setClaim(STATE, state); + jwtClaims.setClaim(REDIRECT_URI, redirectUri); + jwtClaims.setClaim(RESPONSE_TYPE, CODE); + jwtClaims.setClaim(CLIENT_ID, deployment.getResourceName()); + + // sign JWT first before encrypting + JsonWebSignature signedRequest = signRequest(jwtClaims, deployment); + + // Encrypting optional + if (deployment.getRequestObjectEncryptionAlgValue() != null && !deployment.getRequestObjectEncryptionAlgValue().isEmpty() && + deployment.getRequestObjectEncryptionEncValue() != null && !deployment.getRequestObjectEncryptionEncValue().isEmpty()) { + return encryptRequest(signedRequest).getCompactSerialization(); + } else { + return signedRequest.getCompactSerialization(); + } + } + + private static KeyPair getkeyPair(OidcClientConfiguration deployment) throws IOException { + if (!deployment.getRequestObjectSigningAlgorithm().equals(NONE) && deployment.getRequestObjectSigningKeyStoreFile() == null){ + throw log.invalidKeyStoreConfiguration(); + } else { + return JWTSigningUtils.loadKeyPairFromKeyStore(deployment.getRequestObjectSigningKeyStoreFile(), + deployment.getRequestObjectSigningKeyStorePassword(), deployment.getRequestObjectSigningKeyPassword(), + deployment.getRequestObjectSigningKeyAlias(), deployment.getRequestObjectSigningKeyStoreType()); + } + } + + private static JsonWebSignature signRequest(JwtClaims jwtClaims, OidcClientConfiguration deployment) throws IOException, JoseException { + JsonWebSignature jsonWebSignature = new JsonWebSignature(); + jsonWebSignature.setPayload(jwtClaims.toJson()); + + if (!deployment.getRequestObjectSigningAlgValuesSupported().contains(deployment.getRequestObjectSigningAlgorithm())) { + throw log.invalidRequestObjectSignatureAlgorithm(); + } else { + if (deployment.getRequestObjectSigningAlgorithm().equals(NONE)) { //unsigned + jsonWebSignature.setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS); + jsonWebSignature.setAlgorithmHeaderValue(NONE); + } else if (deployment.getRequestObjectSigningAlgorithm().equals(HMAC_SHA256) + || deployment.getRequestObjectSigningAlgorithm().equals(HMAC_SHA384) + || deployment.getRequestObjectSigningAlgorithm().equals(HMAC_SHA512)) { //signed with symmetric key + jsonWebSignature.setAlgorithmHeaderValue(deployment.getRequestObjectSigningAlgorithm()); + String secretKey = (String) deployment.getResourceCredentials().get(SECRET.getValue()); + if (secretKey == null) { + throw log.clientSecretNotConfigured(); + } else { + Key key = new HmacKey(secretKey.getBytes(StandardCharsets.UTF_8)); //the client secret is a shared secret between the server and the client + jsonWebSignature.setKey(key); + } + } else { //signed with asymmetric key + KeyPair keyPair = getkeyPair(deployment); + jsonWebSignature.setKey(keyPair.getPrivate()); + jsonWebSignature.setAlgorithmHeaderValue(deployment.getRequestObjectSigningAlgorithm()); + } + if (!deployment.getRequestObjectSigningAlgorithm().equals(NONE)) + jsonWebSignature.sign(); + else + log.unsignedRequestObjectIsUsed(); + return jsonWebSignature; + } + } + + private JsonWebEncryption encryptRequest(JsonWebSignature signedRequest) throws JoseException, IOException { + if (!deployment.getRequestObjectEncryptionAlgValuesSupported().contains(deployment.getRequestObjectEncryptionAlgValue())) { + throw log.invalidRequestObjectEncryptionAlgorithm(); + } else if (!deployment.getRequestObjectEncryptionEncValuesSupported().contains(deployment.getRequestObjectEncryptionEncValue())) { + throw log.invalidRequestObjectEncryptionEncValue(); + } else { + JsonWebEncryption jsonEncryption = new JsonWebEncryption(); + jsonEncryption.setPayload(signedRequest.getCompactSerialization()); + jsonEncryption.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, deployment.getRequestObjectEncryptionAlgValue(), deployment.getRequestObjectEncryptionEncValue())); + jsonEncryption.setAlgorithmHeaderValue(deployment.getRequestObjectEncryptionAlgValue()); + jsonEncryption.setEncryptionMethodHeaderParameter(deployment.getRequestObjectEncryptionEncValue()); + PublicKey encPublicKey = deployment.getEncryptionPublicKeyLocator().getPublicKey(null, deployment); + jsonEncryption.setKey(encPublicKey); + return jsonEncryption; + } + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java index ad50d715c56..3a203541ee4 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ServerRequest.java @@ -25,13 +25,14 @@ import static org.wildfly.security.http.oidc.Oidc.KEYCLOAK_CLIENT_CLUSTER_HOST; import static org.wildfly.security.http.oidc.Oidc.PASSWORD; import static org.wildfly.security.http.oidc.Oidc.REDIRECT_URI; +import static org.wildfly.security.http.oidc.Oidc.REQUEST; import static org.wildfly.security.http.oidc.Oidc.USERNAME; import java.io.BufferedReader; import java.io.ByteArrayOutputStream; -import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.IOException; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.util.ArrayList; @@ -46,6 +47,8 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.message.BasicNameValuePair; import org.apache.http.util.EntityUtils; +import org.jose4j.jwt.JwtClaims; +import org.jose4j.jwt.consumer.InvalidJwtException; import org.wildfly.security.jose.util.JsonSerialization; /** @@ -274,4 +277,34 @@ public static AccessAndIDTokenResponse getBearerToken(OidcClientConfiguration oi } return tokenResponse; } + + public static String getRequestUri(String request, OidcClientConfiguration deployment) throws OidcException { + if (deployment.getPushedAuthorizationRequestEndpoint() == null) { + throw log.pushedAuthorizationRequestEndpointNotAvailable(); + } + HttpPost parRequest = new HttpPost(deployment.getPushedAuthorizationRequestEndpoint()); + List formParams = new ArrayList(); + formParams.add(new BasicNameValuePair(REQUEST, request)); + ClientCredentialsProviderUtils.setClientCredentials(deployment, parRequest, formParams); + + UrlEncodedFormEntity form = new UrlEncodedFormEntity(formParams, StandardCharsets.UTF_8); + parRequest.setEntity(form); + + HttpResponse response; + try { + response = deployment.getClient().execute(parRequest); + } catch (Exception e) { + throw log.failedToSendPushedAuthorizationRequest(e); + } + if (response.getStatusLine().getStatusCode() != HttpStatus.SC_CREATED) { + EntityUtils.consumeQuietly(response.getEntity()); + throw log.unexpectedResponseCodeFromOidcProvider(response.getStatusLine().getStatusCode()); + } + try (InputStream inputStream = response.getEntity().getContent()) { + JwtClaims jwt = JwtClaims.parse(readString(inputStream, StandardCharsets.UTF_8)); + return jwt.getClaimValueAsString("request_uri"); + } catch (IOException | InvalidJwtException e) { + throw log.failedToDecodeRequestUri(e); + } + } } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java index 4bb5e2b33b0..8ebf4051bf2 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java @@ -20,12 +20,23 @@ import static org.wildfly.security.http.oidc.OidcBaseTest.TENANT1_REALM; import static org.wildfly.security.http.oidc.OidcBaseTest.TENANT2_REALM; +import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; +import java.util.Base64; import java.util.Collections; import java.util.List; +import java.util.Objects; +import javax.security.auth.x500.X500Principal; +import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper; import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; @@ -33,10 +44,9 @@ import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RolesRepresentation; import org.keycloak.representations.idm.UserRepresentation; - +import org.wildfly.security.ssl.test.util.CAGenerationTool; import io.restassured.RestAssured; -import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; /** * Keycloak configuration for testing. @@ -53,6 +63,24 @@ public class KeycloakConfiguration { private static final String BOB_PASSWORD = "bob123+"; public static final String ALLOWED_ORIGIN = "http://somehost"; public static final boolean EMAIL_VERIFIED = false; + public static final String RSA_KEYSTORE_FILE_NAME = "jwt.keystore"; + public static final String EC_KEYSTORE_FILE_NAME = "jwtEC.keystore"; + public static final String KEYSTORE_ALIAS = "jwtKeystore"; + public static final String KEYSTORE_PASS = "Elytron"; + public static final String PKCS12_KEYSTORE_TYPE = "PKCS12"; + public static String KEYSTORE_CLASSPATH; + + /* Accepted Request Object Encrypting Algorithms for KeyCloak*/ + public static final String RSA_OAEP = "RSA-OAEP"; + public static final String RSA_OAEP_256 = "RSA-OAEP-256"; + public static final String RSA1_5 = "RSA1_5"; + + /* Accepted Request Object Encryption Methods for KeyCloak*/ + public static final String A128CBC_HS256 = "A128CBC-HS256"; + public static final String A192CBC_HS384 = "A192CBC-HS384"; + public static final String A256CBC_HS512 = "A256CBC-HS512"; + public static CAGenerationTool caGenerationTool = null; + public X509Certificate caCertificate = null; // the users below are for multi-tenancy tests specifically public static final String TENANT1_USER = "tenant1_user"; @@ -76,20 +104,20 @@ public class KeycloakConfiguration { * */ public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, - String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) { + String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, configureClientScopes); } public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, int accessTokenLifespan, - int ssoSessionMaxLifespan, boolean configureClientScopes, boolean multiTenancyApp) { + int ssoSessionMaxLifespan, boolean configureClientScopes, boolean multiTenancyApp) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, accessTokenLifespan, ssoSessionMaxLifespan, configureClientScopes, multiTenancyApp); } public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, - String corsClientId) { + String corsClientId) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, bearerOnlyClientId, corsClientId); } @@ -126,25 +154,25 @@ public static String getAccessToken(String authServerUrl, String realmName, Stri private static RealmRepresentation createRealm(final String realmName, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, - String corsClientId) { + String corsClientId) throws Exception { return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, bearerOnlyClientId, corsClientId, false); } private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, - String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) { + String clientHostName, int clientPort, String clientApp, boolean configureClientScopes) throws Exception { return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, false, null, null, configureClientScopes); } private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, int accessTokenLifeSpan, int ssoSessionMaxLifespan, - boolean configureClientScopes, boolean multiTenancyApp) { + boolean configureClientScopes, boolean multiTenancyApp) throws Exception { return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, false, null, null, accessTokenLifeSpan, ssoSessionMaxLifespan, configureClientScopes, multiTenancyApp); } private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, - String corsClientId, boolean configureClientScopes) { + String corsClientId, boolean configureClientScopes) throws Exception { return createRealm(name, clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, bearerOnlyClientId, corsClientId, 3, 3, configureClientScopes, false); } @@ -152,7 +180,7 @@ private static RealmRepresentation createRealm(String name, String clientId, Str String clientHostName, int clientPort, String clientApp, boolean directAccessGrantEnabled, String bearerOnlyClientId, String corsClientId, int accessTokenLifespan, int ssoSessionMaxLifespan, - boolean configureClientScopes, boolean multiTenancyApp) { + boolean configureClientScopes, boolean multiTenancyApp) throws Exception { RealmRepresentation realm = new RealmRepresentation(); realm.setRealm(name); realm.setEnabled(true); @@ -201,17 +229,12 @@ private static RealmRepresentation createRealm(String name, String clientId, Str } private static ClientRepresentation createWebAppClient(String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp, - boolean directAccessGrantEnabled, boolean multiTenancyApp) { + boolean directAccessGrantEnabled, boolean multiTenancyApp) throws Exception { return createWebAppClient(clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, null, multiTenancyApp); } private static ClientRepresentation createWebAppClient(String clientId, String clientSecret, String clientHostName, int clientPort, - String clientApp, boolean directAccessGrantEnabled, String allowedOrigin) { - return createWebAppClient(clientId, clientSecret, clientHostName, clientPort, clientApp, directAccessGrantEnabled, allowedOrigin, false); - } - - private static ClientRepresentation createWebAppClient(String clientId, String clientSecret, String clientHostName, int clientPort, - String clientApp, boolean directAccessGrantEnabled, String allowedOrigin, boolean multiTenancyApp) { + String clientApp, boolean directAccessGrantEnabled, String allowedOrigin, boolean multiTenancyApp) throws Exception { ClientRepresentation client = new ClientRepresentation(); client.setClientId(clientId); client.setPublicClient(false); @@ -224,9 +247,29 @@ private static ClientRepresentation createWebAppClient(String clientId, String c } client.setEnabled(true); client.setDirectAccessGrantsEnabled(directAccessGrantEnabled); + if (allowedOrigin != null) { client.setWebOrigins(Collections.singletonList(allowedOrigin)); } + + OIDCAdvancedConfigWrapper oidcAdvancedConfigWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client); + oidcAdvancedConfigWrapper.setUseJwksUrl(false); + KEYSTORE_CLASSPATH = Objects.requireNonNull(KeycloakConfiguration.class.getClassLoader().getResource("")).getPath(); + File ksFile = new File(KEYSTORE_CLASSPATH + RSA_KEYSTORE_FILE_NAME); + if (ksFile.exists()) { + InputStream stream = findFile(KEYSTORE_CLASSPATH + RSA_KEYSTORE_FILE_NAME); + KeyStore keyStore = KeyStore.getInstance(PKCS12_KEYSTORE_TYPE); + keyStore.load(stream, KEYSTORE_PASS.toCharArray()); + client.getAttributes().put("jwt.credential.certificate", Base64.getEncoder().encodeToString(keyStore.getCertificate(KEYSTORE_ALIAS).getEncoded())); + } else { + caGenerationTool = CAGenerationTool.builder() + .setBaseDir(KEYSTORE_CLASSPATH) + .setRequestIdentities(CAGenerationTool.Identity.values()) // Create all identities. + .build(); + X500Principal principal = new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"); + X509Certificate rsaCert = caGenerationTool.createIdentity(KEYSTORE_ALIAS, principal, RSA_KEYSTORE_FILE_NAME, CAGenerationTool.Identity.CA); + client.getAttributes().put("jwt.credential.certificate", Base64.getEncoder().encodeToString(rsaCert.getEncoded())); + } return client; } @@ -257,4 +300,12 @@ private static UserRepresentation createUser(String username, String password, L return user; } + private static InputStream findFile(String keystoreFile) { + try { + return new FileInputStream(keystoreFile); + } catch (FileNotFoundException e) { + throw new RuntimeException(e); + } + } + } \ No newline at end of file diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index de3115d96b0..b604af8a8f8 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -81,7 +81,7 @@ public class OidcBaseTest extends AbstractBaseHttpTest { public static final String CLIENT_ID = "test-webapp"; - public static final String CLIENT_SECRET = "secret"; + public static final String CLIENT_SECRET = "longerclientsecretthatisstleast256bitslong"; public static KeycloakContainer KEYCLOAK_CONTAINER; public static final String TEST_REALM = "WildFly"; public static final String TEST_REALM_WITH_SCOPES = "WildFlyScopes"; @@ -100,6 +100,13 @@ public class OidcBaseTest extends AbstractBaseHttpTest { public static final String TENANT2_ENDPOINT = "tenant2"; protected HttpServerAuthenticationMechanismFactory oidcFactory; + public enum RequestObjectErrorType { + INVALID_ALGORITHM, + MISSING_CLIENT_SECRET, + INVALID_REQUEST_FORMAT, + MISSING_ENC_VALUE + } + @AfterClass public static void generalCleanup() throws Exception { if (KEYCLOAK_CONTAINER != null) { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index b7e1ce6ec6a..fdda1aac447 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -18,6 +18,20 @@ package org.wildfly.security.http.oidc; +import static org.jose4j.jws.AlgorithmIdentifiers.NONE; +import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA256; +import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA512; +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA256; +import static org.jose4j.jws.AlgorithmIdentifiers.RSA_PSS_USING_SHA256; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.KEYSTORE_CLASSPATH; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.KEYSTORE_PASS; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.PKCS12_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.RSA1_5; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.RSA_OAEP; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.RSA_OAEP_256; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.A128CBC_HS256; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.A192CBC_HS384; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.A256CBC_HS512; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -32,6 +46,9 @@ import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_USER; import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; import java.io.ByteArrayInputStream; import java.io.InputStream; @@ -42,19 +59,18 @@ import javax.security.auth.callback.CallbackHandler; -import org.apache.http.HttpStatus; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; -import org.wildfly.security.http.HttpServerAuthenticationMechanism; - +import com.gargoylesoftware.htmlunit.html.HtmlPage; import com.gargoylesoftware.htmlunit.TextPage; import com.gargoylesoftware.htmlunit.WebClient; -import com.gargoylesoftware.htmlunit.html.HtmlPage; - import io.restassured.RestAssured; import okhttp3.mockwebserver.MockWebServer; import okhttp3.mockwebserver.QueueDispatcher; +import org.apache.http.HttpStatus; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; /** * Tests for the OpenID Connect authentication mechanism. @@ -237,6 +253,100 @@ public void testOpenIDWithMultipleScopeValue() throws Exception { true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT, expectedScope, false); } + // Note: The tests will fail if `localhost` is not listed first in `/etc/hosts` file for the loopback addresses (IPv4 and IPv6). + @Test + public void testSuccessfulOauth2Request() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(OAUTH2.getValue(), "", "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPlaintextRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), NONE, "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPlaintextEncryptedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), NONE, RSA_OAEP, A128CBC_HS256), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulRsaSignedAndEncryptedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_USING_SHA512, RSA_OAEP, A192CBC_HS384, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPsSignedAndRsaEncryptedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_PSS_USING_SHA256, RSA_OAEP_256, A256CBC_HS512, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testInvalidSigningAlgorithm() throws Exception { + //ES256K is a valid signature algorithm, but not one of the ones supported by keycloak + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), "ES256K", RSA_OAEP_256, A256CBC_HS512, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), RequestObjectErrorType.INVALID_ALGORITHM); + } + + @Test + public void testSuccessfulRsaSignedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_USING_SHA256, "", "", KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulPsSignedRequest() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA_PSS_USING_SHA256, "", "", KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + @Test + public void testInvalidRequestEncryptionAlgorithm() throws Exception { + // None is not a valid algorithm for encrypting jwt's and RSA-OAEP is not a valid algorithm for signing + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), RSA1_5, NONE, NONE, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), RequestObjectErrorType.INVALID_ALGORITHM); + } + + @Test + public void testSuccessfulPlaintextRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST_URI.getValue(), NONE, "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulHmacSignedRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), HMAC_SHA256, "", ""), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulHmacSignedAndEncryptedRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue(), HMAC_SHA256, RSA_OAEP, A128CBC_HS256), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulSignedAndEncryptedRequestUri() throws Exception { + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST_URI.getValue(), RSA_USING_SHA256, RSA_OAEP_256, A256CBC_HS512, KEYSTORE_CLASSPATH + KeycloakConfiguration.RSA_KEYSTORE_FILE_NAME, KeycloakConfiguration.KEYSTORE_ALIAS, PKCS12_KEYSTORE_TYPE), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, + true, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT); + } + + @Test + public void testSuccessfulHmacSignedRequestObjectWithoutSecret() throws Exception { + // this is supposed to fail since for symmetric algorithms we sign the request object with the client secret + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestObjectPublicClient(REQUEST.getValue(), HMAC_SHA256), RequestObjectErrorType.MISSING_CLIENT_SECRET); + } + + @Test + public void testIncorrectAuthenticationFormat() throws Exception { + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithRequestObjectPublicClient("INVALID_REQUEST_PARAMETER", HMAC_SHA256), RequestObjectErrorType.INVALID_REQUEST_FORMAT); + } + + @Test + public void testRequestObjectConfigMissingENCValue() throws Exception { + testRequestObjectInvalidConfiguration(getOidcConfigurationInputStreamWithoutEncValue(REQUEST.getValue(), RSA_OAEP), RequestObjectErrorType.MISSING_ENC_VALUE); + } + /***************************************************************************************************************************************** * Tests for multi-tenancy. * @@ -496,6 +606,54 @@ private void performTenantRequest(String username, String password, String tenan } } + private void testRequestObjectInvalidConfiguration(InputStream oidcConfig, RequestObjectErrorType requestObjectErrorType) throws Exception { + try { + Map props = new HashMap<>(); + try { + OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); + if (requestObjectErrorType == RequestObjectErrorType.MISSING_ENC_VALUE || requestObjectErrorType == RequestObjectErrorType.INVALID_REQUEST_FORMAT) { + Assert.fail("No error was thrown while attempting to build the client configuration."); + } + assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); + + OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); + oidcFactory = new OidcMechanismFactory(oidcClientContext); + HttpServerAuthenticationMechanism mechanism; + + if (oidcClientConfiguration.getAuthenticationRequestFormat().contains(REQUEST.getValue())) { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler(true, "+phone+profile+email")); + } else { + mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + } + + URI requestUri = new URI(getClientUrl()); + TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); + try { + mechanism.evaluateRequest(request); + Assert.fail("No error was thrown while attempting to evaluate the request"); + } catch (Exception e) { + + if (requestObjectErrorType == RequestObjectErrorType.INVALID_ALGORITHM) { + assertTrue(e.getMessage().contains("Failed to create the authentication request")); + } else if (requestObjectErrorType == RequestObjectErrorType.MISSING_CLIENT_SECRET) { + assertTrue(e.getMessage().contains("The client secret has not been configured.")); + } else { + throw e; + } + } + } catch (Exception e) { + if (requestObjectErrorType == RequestObjectErrorType.INVALID_REQUEST_FORMAT) { + assertTrue(e.getMessage().contains("Authentication request format must be one of the following: oauth2, request, request_uri.")); + } else if (requestObjectErrorType == RequestObjectErrorType.MISSING_ENC_VALUE) { + assertTrue(e.getMessage().contains("Both request object encryption algorithm and request object content encryption algorithm must be configured to encrypt the request object.")); + } + } + } finally { + client.setDispatcher(new QueueDispatcher()); + } + } + + private InputStream getOidcConfigurationInputStream() { return getOidcConfigurationInputStream(CLIENT_SECRET); } @@ -582,7 +740,6 @@ private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } - private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ String oidcConfig = "{\n" + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + @@ -590,6 +747,25 @@ private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ " \"public-client\" : \"false\",\n" + " \"scope\" : \"" + scopeValue + "\",\n" + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + + " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + + " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + + " \"scope\" : \"profile email phone\",\n" + " \"credentials\" : {\n" + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + @@ -597,6 +773,59 @@ private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } + private InputStream getOidcConfigurationInputStreamWithoutEncValue(String requestParameter, String encryptionAlgorithm){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + + " \"scope\" : \"profile email phone\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + + private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod, String keyStorePath, String alias, String keyStoreType){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + + " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + + " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + + " \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" + + " \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" + + " \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"request-object-signing-key-alias\" : \"" + alias + "\",\n" + + " \"scope\" : \"email phone profile\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + + private InputStream getOidcConfigurationInputStreamWithRequestObjectPublicClient(String requestParameter, String signingAlgorithm){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"public-client\" : \"true\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + + " \"scope\" : \"email phone profile\"\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } + private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { String oidcConfig = "{\n" + " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + @@ -642,3 +871,4 @@ private static final String getClientPageTestForTenant(String tenant) { return tenant.equals(TENANT1_ENDPOINT) ? TENANT1_ENDPOINT : TENANT2_ENDPOINT + ":" + CLIENT_PAGE_TEXT; } } + diff --git a/pom.xml b/pom.xml index 20543860b1e..e71dc5e2d33 100644 --- a/pom.xml +++ b/pom.xml @@ -99,6 +99,7 @@ 4.3.3 2.40.0 2.3.0 + 3.1.0.Final INFO @@ -1152,6 +1153,12 @@ ${version.org.bouncycastle} test + + org.keycloak + keycloak-services + ${version.org.keycloak.keycloak-services} + test + From 4119a7e28f71168cdd5aff60e9ffeaf40c090a0c Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 26 Jun 2024 14:24:50 +0100 Subject: [PATCH 169/205] [ELY-2774] Move tests to PKCS#12 KeyStores --- .../MaskedPasswordSSLAuthenticationTest.java | 4 +- .../security/ssl/SSLAuthenticationTest.java | 4 +- .../ssl/SSLv2HelloAuthenticationTest.java | 20 ++++----- .../security/ssl/TLS13AuthenticationTest.java | 2 +- ...ildfly-masked-password-ssl-config-v1_4.xml | 5 ++- .../wildfly/security/ssl/ocsp-responder.xml | 2 +- .../ssl/wildfly-ssl-test-config-v1_5.xml | 9 ++-- .../ssl/wildfly-ssl-test-config-v1_6.xml | 9 ++-- .../ssl/wildfly-ssl-test-config-v1_7.xml | 43 ++++++++++--------- .../ssl/test/util/CAGenerationTool.java | 2 +- 10 files changed, 53 insertions(+), 47 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java index 7855dc22a65..0ba8e2713a1 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/client/MaskedPasswordSSLAuthenticationTest.java @@ -137,11 +137,11 @@ private SecurityIdentity performConnectionTest(SSLContext serverContext, SSLCont SSLSocket sslSocket = (SSLSocket) clientContext.getSocketFactory().createSocket(InetAddress.getLoopbackAddress(), 1111); sslSocket.getSession(); + System.out.println("Client connected"); return sslSocket; } catch (Exception e) { + System.out.println("Client Connection Failed"); throw new RuntimeException(e); - } finally { - System.out.println("Client connected"); } }); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 7555998138f..9c2731228b6 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -104,7 +104,7 @@ public class SSLAuthenticationTest { private final int TESTING_PORT = 18201; private static final char[] PASSWORD = "Elytron".toCharArray(); - private static final String JKS_LOCATION = "./target/test-classes/jks"; + private static final String JKS_LOCATION = "./target/test-classes/pkcs12"; private static final String CA_CRL_LOCATION = "./target/test-classes/ca/crl"; private static final String ICA_CRL_LOCATION = "./target/test-classes/ica/crl"; private static final File WORKING_DIR_CACRL = new File(CA_CRL_LOCATION); @@ -129,7 +129,7 @@ private static TrustManagerFactory getTrustManagerFactory() throws Exception { } private static KeyStore createKeyStore() throws Exception { - KeyStore ks = KeyStore.getInstance("JKS"); + KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null, null); return ks; } diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java index 9e61933f29a..a65c8b27d15 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java @@ -89,7 +89,7 @@ public class SSLv2HelloAuthenticationTest { private static final char[] PASSWORD = "Elytron".toCharArray(); - private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks"; + private static final String CA_JKS_LOCATION = "./target/test-classes/ca/pkcs12"; private static File ladybirdFile = null; private static File scarabFile = null; private static File beetlesFile = null; @@ -119,7 +119,7 @@ public static void setUp() throws Exception{ createKeyStores(ladybirdFile, scarabFile, beetlesFile, trustFile); - securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/ca/jks/beetles.keystore")); + securityRealm = new KeyStoreBackedSecurityRealm(loadKeyStore("/ca/pkcs12/beetles.keystore")); securityDomain = SecurityDomain.builder() .addRealm("KeystoreRealm", securityRealm) @@ -162,7 +162,7 @@ public void testOneWaySSLv2HelloProtocolMatch() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) .build().create(); @@ -187,7 +187,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) @@ -214,7 +214,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception { public void testTwoWaySSLv2HelloNotEnabled() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .build().create(); @@ -243,7 +243,7 @@ public void testTwoWaySSLv2HelloNoClientSupport() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) @@ -273,7 +273,7 @@ public void testTwoWaySSlv2HelloNoServerSupport() throws Exception { SSLContext serverContext = new SSLContextBuilder() .setSecurityDomain(securityDomain) - .setKeyManager(getKeyManager("/ca/jks/scarab.keystore")) + .setKeyManager(getKeyManager("/ca/pkcs12/scarab.keystore")) .setTrustManager(getCATrustManager()) .setNeedClientAuth(true) .setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf(list))) @@ -376,7 +376,7 @@ private static X509ExtendedKeyManager getKeyManager(final String keystorePath) t */ private static X509TrustManager getCATrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); - trustManagerFactory.init(loadKeyStore("/ca/jks/ca.truststore")); + trustManagerFactory.init(loadKeyStore("/ca/pkcs12/ca.truststore")); for (TrustManager current : trustManagerFactory.getTrustManagers()) { if (current instanceof X509TrustManager) { @@ -388,13 +388,13 @@ private static X509TrustManager getCATrustManager() throws Exception { } private static KeyStore loadKeyStore() throws Exception{ - KeyStore ks = KeyStore.getInstance("JKS"); + KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null,null); return ks; } private static KeyStore loadKeyStore(final String path) throws Exception { - KeyStore keyStore = KeyStore.getInstance("jks"); + KeyStore keyStore = KeyStore.getInstance("PKCS12"); try (InputStream caTrustStoreFile = SSLAuthenticationTest.class.getResourceAsStream(path)) { keyStore.load(caTrustStoreFile, PASSWORD); } diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 88ca0cd3e11..da5df6d45f3 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -63,7 +63,7 @@ */ public class TLS13AuthenticationTest { - private static final String CA_JKS_LOCATION = "./target/test-classes/jks"; + private static final String CA_JKS_LOCATION = "./target/test-classes/pkcs12"; private static CAGenerationTool caGenerationTool = null; private static SecurityDomain securityDomain = null; diff --git a/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml b/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml index d458d71f173..133acd78f2d 100644 --- a/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml +++ b/tests/base/src/test/resources/org/wildfly/security/auth/client/wildfly-masked-password-ssl-config-v1_4.xml @@ -21,10 +21,11 @@ - + + - + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml index 50b99e567d7..8b0d7755811 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/ocsp-responder.xml @@ -19,7 +19,7 @@ JKS - password=Elytron,keystore=file:target/test-classes/jks/ocsp-responder.keystore + password=Elytron,keystore=file:target/test-classes/pkcs12/ocsp-responder.keystore SHA256withRSA diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml index e23e2fa28ee..fa0ec880644 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml @@ -20,11 +20,12 @@ - - + + + - - + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml index 197b3d44798..d25b1505a41 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml @@ -20,11 +20,12 @@ - - + + + - - + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml index a323343d443..287021e3d81 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml @@ -20,41 +20,44 @@ - - + + + - - + + + - - + + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 4481352b8f8..5b5963794d4 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -66,7 +66,7 @@ public class CAGenerationTool implements Closeable { private static final String BEETLES_STORE = "beetles.keystore"; private static final String KEY_ALGORITHM = "RSA"; - private static final String KEYSTORE_TYPE = "JKS"; // TODO Switch to PKCS#12 + private static final String KEYSTORE_TYPE = "PKCS12"; private static final int OCSP_PORT = 4854; static final char[] PASSWORD = "Elytron".toCharArray(); From acdef0c6d1eb487b2e653b2f417dce2efae6cdb5 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 26 Jun 2024 14:44:06 +0100 Subject: [PATCH 170/205] [ELY-2777] Also ignore VSCode files. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 2055c9d34e5..5e7aeeaaa67 100644 --- a/.gitignore +++ b/.gitignore @@ -20,6 +20,8 @@ target nbactions.xml nb-configuration.xml catalog.xml +# Ignore VSCode Files +.vscode # maven-ant-tasks.jar test-output From ddc7877f4fbefa853a3113287bbc5c81c76d00d5 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 26 Jun 2024 15:10:38 +0100 Subject: [PATCH 171/205] [ELY-2775] Rename the configuration files as they are specific to the test cases. --- .../wildfly/security/ssl/SSLAuthenticationTest.java | 2 +- .../security/ssl/SSLv2HelloAuthenticationTest.java | 11 ++++++----- .../wildfly/security/ssl/TLS13AuthenticationTest.java | 11 ++++++----- ...-config-v1_7.xml => ssl-authentication-config.xml} | 2 ++ ...v1_6.xml => sslv2-hello-authentication-config.xml} | 2 ++ ...onfig-v1_5.xml => tls13-authentication-config.xml} | 2 ++ 6 files changed, 19 insertions(+), 11 deletions(-) rename tests/base/src/test/resources/org/wildfly/security/ssl/{wildfly-ssl-test-config-v1_7.xml => ssl-authentication-config.xml} (99%) rename tests/base/src/test/resources/org/wildfly/security/ssl/{wildfly-ssl-test-config-v1_6.xml => sslv2-hello-authentication-config.xml} (98%) rename tests/base/src/test/resources/org/wildfly/security/ssl/{wildfly-ssl-test-config-v1_5.xml => tls13-authentication-config.xml} (98%) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 8666bf529f6..f044a972102 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -821,7 +821,7 @@ public void testWantClientAuthWithIncorrectCertificate() throws Throwable { } private void performConnectionTest(SSLContext serverContext, String clientUri, boolean expectValid, String expectedServerPrincipal, String expectedClientPrincipal, boolean oneWay) throws Throwable { - System.setProperty("wildfly.config.url", SSLAuthenticationTest.class.getResource("wildfly-ssl-test-config-v1_7.xml").toExternalForm()); + System.setProperty("wildfly.config.url", SSLAuthenticationTest.class.getResource("ssl-authentication-config.xml").toExternalForm()); AccessController.doPrivileged((PrivilegedAction) () -> Security.insertProviderAt(WildFlyElytronPasswordProvider.getInstance(), 1)); AuthenticationContext context = AuthenticationContext.getContextManager().get(); diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java index 9e61933f29a..6fb2a57b055 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLv2HelloAuthenticationTest.java @@ -88,6 +88,7 @@ */ public class SSLv2HelloAuthenticationTest { + private static final String CLIENT_CONFIG = "sslv2-hello-authentication-config.xml"; private static final char[] PASSWORD = "Elytron".toCharArray(); private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks"; private static File ladybirdFile = null; @@ -170,7 +171,7 @@ public void testOneWaySSLv2HelloProtocolMatch() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://one-way-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledProtocols, // We expect client and server socket to only have SSLv2Hello and TLSv1 enabled "TLSv1"); // We expect the negotiated protocol to be TLSv1, as SSLv2Hello is a pseudo-protocol } @@ -197,7 +198,7 @@ public void testTwoWaySSLv2HelloProtocolMatch() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledProtocols, // We expect client and server socket to only have SSLv2Hello and TLSv1 enabled "TLSv1"); // We expect the negotiated protocol to be TLSv1, as SSLv2Hello is a pseudo-protocol @@ -223,7 +224,7 @@ public void testTwoWaySSLv2HelloNotEnabled() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://two-way-no-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledProtocols, // We expect the default protocols to be enabled i.e. SSLv2Hello should only be enabled if explicitly configured "TLSv1.2"); // We expect the negotiated protocol to be the highest version protocol in common @@ -254,7 +255,7 @@ public void testTwoWaySSLv2HelloNoClientSupport() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://two-way-no-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, enabledClientProtocols, enabledServerProtocols, "TLSv1"); // We expect the negotiated protocol to be the highest version protocol in common @@ -284,7 +285,7 @@ public void testTwoWaySSlv2HelloNoServerSupport() throws Exception { SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-sslv2hello.org", - "wildfly-ssl-test-config-v1_6.xml", + CLIENT_CONFIG, clientEnabledProtocols, serverEnabledProtocols, "NONE"); // handshake is expected to fail, which in turn returns an empty SSLSession diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java index 2b2addb635e..a5475c522f1 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/TLS13AuthenticationTest.java @@ -70,6 +70,7 @@ */ public class TLS13AuthenticationTest { + private static final String CLIENT_CONFIG = "tls13-authentication-config.xml"; private static final char[] PASSWORD = "Elytron".toCharArray(); private static final String CA_JKS_LOCATION = "./target/test-classes/jks"; @@ -113,7 +114,7 @@ public void testTwoWayTLS13() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-tls13.org", "wildfly-ssl-test-config-v1_5.xml", CIPHER_SUITE, true); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-two-way-tls13.org", CLIENT_CONFIG, CIPHER_SUITE, true); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -132,7 +133,7 @@ public void testDifferentPreferredTLS13Suites() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-different-preferred-tls13-suites.org", "wildfly-ssl-test-config-v1_5.xml", REQUIRED_CIPHER_SUITE, true); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-different-preferred-tls13-suites.org", CLIENT_CONFIG, REQUIRED_CIPHER_SUITE, true); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -153,7 +154,7 @@ public void testClientTLS12Only() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-client-tls12-only.org", "wildfly-ssl-test-config-v1_5.xml", TLS12_CIPHER_SUITE, false); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-client-tls12-only.org", CLIENT_CONFIG, TLS12_CIPHER_SUITE, false); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -170,7 +171,7 @@ public void testServerTLS12Only() throws Exception { .setNeedClientAuth(true) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-server-tls12-only.org", "wildfly-ssl-test-config-v1_5.xml", SERVER_CIPHER_SUITE, false); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-server-tls12-only.org", CLIENT_CONFIG, SERVER_CIPHER_SUITE, false); assertNotNull(identity); assertEquals("Principal Name", "ladybird", identity.getPrincipal().getName()); } @@ -184,7 +185,7 @@ public void testOneWayTLS13() throws Exception { .setKeyManager(getKeyManager("/jks/scarab.keystore")) .build().create(); - SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-one-way-tls13.org", "wildfly-ssl-test-config-v1_5.xml", CIPHER_SUITE, true); + SecurityIdentity identity = performConnectionTest(serverContext, "protocol://test-one-way-tls13.org", CLIENT_CONFIG, CIPHER_SUITE, true); assertNull(identity); } diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/ssl-authentication-config.xml similarity index 99% rename from tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml rename to tests/base/src/test/resources/org/wildfly/security/ssl/ssl-authentication-config.xml index a323343d443..5577e556fe2 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_7.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/ssl-authentication-config.xml @@ -17,6 +17,8 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/sslv2-hello-authentication-config.xml similarity index 98% rename from tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml rename to tests/base/src/test/resources/org/wildfly/security/ssl/sslv2-hello-authentication-config.xml index 197b3d44798..6269aefcace 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_6.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/sslv2-hello-authentication-config.xml @@ -17,6 +17,8 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> + + diff --git a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml b/tests/base/src/test/resources/org/wildfly/security/ssl/tls13-authentication-config.xml similarity index 98% rename from tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml rename to tests/base/src/test/resources/org/wildfly/security/ssl/tls13-authentication-config.xml index e23e2fa28ee..84c57691b1c 100644 --- a/tests/base/src/test/resources/org/wildfly/security/ssl/wildfly-ssl-test-config-v1_5.xml +++ b/tests/base/src/test/resources/org/wildfly/security/ssl/tls13-authentication-config.xml @@ -17,6 +17,8 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> + + From bc085490d8531b22a7ccbd8ffb8d8f6c1fa8277c Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 26 Jun 2024 11:51:34 -0400 Subject: [PATCH 172/205] [ELY-2779] Release WildFly Elytron 2.5.0.CR1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 1d5870a49ed..1bb2101a112 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index ee3aeb60e7f..13d4fa6399b 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 3aeca13633d..70e475fd3ee 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index c8aeb636339..b61484f576a 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 76c3377cbea..1102c47a950 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 71e459eec67..447ae787d89 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 8c7584d297c..8caa455b249 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index a5a73fb96a7..9c726f00354 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 14de6c34c2f..19f3ec7dab6 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index a5dec68a4e5..46fa373215b 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index dead47e6357..55e347bc454 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index dd2e695b889..584b5489ce8 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 598a6cca097..8f349e52f62 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 5343bd1feeb..17afc96418f 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 1f8d4fa4a1f..b114c32ebb0 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 93a89f2c0df..02f79b7a192 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 707606c202b..beb6d7dff8f 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index b3f4dd560eb..b2d51542a3d 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index e0d7248116a..c79722692ac 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b8fa608f8bb..46134f47ffc 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 4fa5e15bb61..90fb36303cb 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 4c94881b7dd..3839e677749 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 1bdfe47d500..92afda08da5 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index cb28748e2aa..ee871f14d13 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 2bc423a2d57..b867481e172 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index f3ef094dc9d..39e51acb174 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index e1f17952803..4f1cb10fbf5 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 9f42da89bba..380e0113b93 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index f5ea32e740c..177d969020a 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 5f3a6504fda..e30ed295d57 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 7d452717d31..dafb5d778e5 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 3e53575ee4d..b198de9308e 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index c557c78a896..ccaf0149b63 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 0b0b50ba2f6..0509366415f 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 9c6941587f3..fba0fa259fa 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 7e4bb3e80b7..12bdb900d54 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 2ec4684d21e..107e34a33e5 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index a984ae39bf4..60a997a740e 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 75961d93671..9501b4f4c89 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 0f20345e31c..ba33f8f7242 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 09a74c3f7b5..847331cd891 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index cd7f998a223..cbe7a82f91a 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 6b6ee6768d8..74ca3ef94e0 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index ec0ff16786a..519a3ac14b1 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 780b6ca04b2..ce2b8e1e1ca 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index d451cca80ac..4ec509fc3c0 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 1be768c6d23..9d99cc8df2d 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index e17dbcf59be..350b855e907 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/pom.xml b/pom.xml index e71dc5e2d33..2f415265865 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index def67496fc9..1454fb77b08 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 0e9f6b0347c..a04a39d4dd0 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 761f139cb54..9975b76079f 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index a55a8a35b8c..34655d6ffff 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 4ca87d6ca7f..19673708591 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index a9b980883b2..1c8a2f982c8 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 9b74b2a0ae9..19102fe0dac 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index a7e1eda01f8..0b10d80da27 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 63a95229ec9..454da3e44a4 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 58a9e199656..c3b836a18a5 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 7f5f4f830af..5624ab72757 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 46ea7fce61f..8c820afc749 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 911e0579b06..2f2446a3eac 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index a29c76e2d84..2d54c62c531 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 33642878ba5..047a38269da 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index dd2fea2d833..0407b808862 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index e44b6d1e7ec..d5b55643aa9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index cedca3b8c1f..b6a36f5f1bd 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index b8ff41dd49e..413af0dcc10 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index d8764ee6801..e1fce688e7f 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 679b9015040..507c86c71be 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 088c8b422e0..fcf69f98a02 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 8629038dd82..2471bded36d 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index e9538c516de..13e68517cf5 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index d1fab09d68b..e6ced79f8e0 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index f6efb59bc58..9fc1ec036d4 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 20a2705af1c..4cce9fc6b8e 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 271c7c24b83..46d423db5e3 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.4.3.CR1-SNAPSHOT + 2.5.0.CR1 ../../pom.xml From ef030181e959498f2e05130534c4bf479a2fbef7 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Wed, 26 Jun 2024 11:52:38 -0400 Subject: [PATCH 173/205] Next is 2.5.0.CR2 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 1bb2101a112..2049b067764 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 13d4fa6399b..9aa7bf8eb53 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 70e475fd3ee..7294d228fa3 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index b61484f576a..6d913c89e0f 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 1102c47a950..750971c13cd 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 447ae787d89..0cc7ec4af30 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 8caa455b249..9460e093a14 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 9c726f00354..4783a8c8f5d 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 19f3ec7dab6..1adafc80e1d 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 46fa373215b..06ca9b049f6 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 55e347bc454..12e8172afde 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 584b5489ce8..24c10e95df8 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 8f349e52f62..56d99abab7b 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 17afc96418f..7cb76abd798 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index b114c32ebb0..26da6e01fa3 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 02f79b7a192..9bc93bcabd8 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index beb6d7dff8f..36c5e9081de 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index b2d51542a3d..877966d3310 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index c79722692ac..1d5fa1defd5 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 46134f47ffc..2d162ce8acb 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 90fb36303cb..22c0940c81c 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 3839e677749..6841e5c5986 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 92afda08da5..2686354cf15 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index ee871f14d13..e6159c669c7 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index b867481e172..6a52f74cafe 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 39e51acb174..27b12641810 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 4f1cb10fbf5..3020bb68828 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 380e0113b93..cc7081c679b 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 177d969020a..01eaa9b8887 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index e30ed295d57..4f207e9480b 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index dafb5d778e5..d2d4aa74fa0 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index b198de9308e..8897d40327b 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index ccaf0149b63..10273e8c6f3 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 0509366415f..25fdf3b66c7 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index fba0fa259fa..98c8adaca2a 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 12bdb900d54..77a513860c5 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 107e34a33e5..efb397c5f0e 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 60a997a740e..0c11bd1adaa 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 9501b4f4c89..3433c5c8a66 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index ba33f8f7242..d4cc6df4fb5 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 847331cd891..86da621f2f6 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index cbe7a82f91a..cba5eb55ab0 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 74ca3ef94e0..6f68b3ab45b 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 519a3ac14b1..a1f3bc9bdba 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index ce2b8e1e1ca..0f9496edf43 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 4ec509fc3c0..d4b29fac69e 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 9d99cc8df2d..aa7de136de0 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 350b855e907..1402836303e 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 2f415265865..b13fae1cea5 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 1454fb77b08..d448e5188c9 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index a04a39d4dd0..a94b8100a83 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 9975b76079f..a76393c2b8d 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 34655d6ffff..24c1c138e53 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 19673708591..6d3427da055 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 1c8a2f982c8..ae44c73cda5 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 19102fe0dac..7d89646316f 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 0b10d80da27..84e336b7860 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 454da3e44a4..b199bf16d51 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index c3b836a18a5..c0c9022b4c9 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 5624ab72757..001d899f230 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 8c820afc749..97d0e8395bf 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 2f2446a3eac..ade71404b0e 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 2d54c62c531..bc926157a0a 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 047a38269da..651f6f930a7 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 0407b808862..9971c237e77 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index d5b55643aa9..7ac742a33e9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index b6a36f5f1bd..26a85203e47 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 413af0dcc10..d0a819e1981 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index e1fce688e7f..808d02cf28c 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 507c86c71be..de4371c77d6 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index fcf69f98a02..22d2f8fc7c6 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 2471bded36d..c9f7a53c713 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 13e68517cf5..602283fa6bd 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index e6ced79f8e0..26434c8ce68 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 9fc1ec036d4..b02136ee546 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 4cce9fc6b8e..8e0d64e35f2 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 46d423db5e3..93f0b0b398a 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR1 + 2.5.0.CR2-SNAPSHOT ../../pom.xml From a5cea70ed0123de73574f1e24b2049e54b49a75e Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Thu, 27 Jun 2024 19:42:56 +0100 Subject: [PATCH 174/205] [ELY-2774] Also make it possible to get the KeyStore type and location. --- .../security/ssl/test/util/CAGenerationTool.java | 10 +++++++++- .../wildfly/security/ssl/test/util/CommonIdentity.java | 7 +++++++ .../wildfly/security/ssl/test/util/CustomIdentity.java | 5 +++++ .../security/ssl/test/util/DefinedIdentity.java | 6 ++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java index 5b5963794d4..e28f884d999 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CAGenerationTool.java @@ -144,6 +144,10 @@ public KeyStore getBeetlesKeyStore() { return loadKeyStore(new File(workingDir, BEETLES_STORE)); } + public String getKeyStoreType() { + return KEYSTORE_TYPE; + } + /** * @deprecated Use {@link CommonIdentity#getCertificate()} instead. */ @@ -364,8 +368,12 @@ private static KeyStore createEmptyKeyStore() { } } + File getKeyStoreFile(Identity identity) { + return new File(workingDir, identity.getKeyStoreName()); + } + KeyStore loadKeyStore(final Identity identity) { - return loadKeyStore(new File(workingDir, identity.getKeyStoreName())); + return loadKeyStore(getKeyStoreFile(identity)); } static KeyStore loadKeyStore(final File location) { diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java index 2d8f3664015..ffd89fbdf0a 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CommonIdentity.java @@ -16,6 +16,7 @@ package org.wildfly.security.ssl.test.util; +import java.io.File; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -42,8 +43,14 @@ public X509Certificate getCertificate() { return certificate; } + public String getKeyStoreType() { + return caGenerationTool.getKeyStoreType(); + } + public abstract KeyStore loadKeyStore(); + public abstract File getKeyStoreFile(); + public X509ExtendedKeyManager createKeyManager() { caGenerationTool.assertNotClosed(); diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java index a1ce69a2b5e..f7f2100c53f 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/CustomIdentity.java @@ -34,4 +34,9 @@ public KeyStore loadKeyStore() { return CAGenerationTool.loadKeyStore(keyStoreFile); } + @Override + public File getKeyStoreFile() { + return keyStoreFile; + } + } diff --git a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java index 28595b8e112..0983b2e928d 100644 --- a/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java +++ b/tests/common/src/test/java/org/wildfly/security/ssl/test/util/DefinedIdentity.java @@ -16,6 +16,7 @@ package org.wildfly.security.ssl.test.util; +import java.io.File; import java.security.KeyStore; import java.security.cert.X509Certificate; @@ -38,4 +39,9 @@ public KeyStore loadKeyStore() { return caGenerationTool.loadKeyStore(identity); } + @Override + public File getKeyStoreFile() { + return caGenerationTool.getKeyStoreFile(identity); + } + } From 91e9b0bacaae4b6497443b710d3893a6c267e246 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Wed, 26 Jun 2024 16:25:21 -0400 Subject: [PATCH 175/205] ELY-2776 Add tests to the OIDC testsuite to test for cases where request/request_uri parameters are not supported by the OpenID provider --- .../oidc/MockOidcClientConfiguration.java | 167 ++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java new file mode 100644 index 00000000000..b59d75a192f --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/MockOidcClientConfiguration.java @@ -0,0 +1,167 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import com.gargoylesoftware.htmlunit.TextPage; +import io.restassured.RestAssured; +import mockit.Mock; +import mockit.MockUp; +import mockit.integration.junit4.JMockit; +import okhttp3.mockwebserver.MockWebServer; +import org.apache.http.HttpStatus; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.wildfly.security.http.HttpServerAuthenticationMechanism; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.net.URI; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; +import java.util.Map; + +import static org.jose4j.jws.AlgorithmIdentifiers.HMAC_SHA256; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.ALICE; +import static org.wildfly.security.http.oidc.KeycloakConfiguration.ALICE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; +import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; +import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; +import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; + +/** + * Tests for cases where the OpenID provider does not support + * request parameters when sending the request object as a JWT. + * The OidcClientConfiguration class is mocked to return values + * indicating a lack of support for request parameters. + * + * @author Prarthona Paul + */ +@RunWith(JMockit.class) +public class MockOidcClientConfiguration extends OidcBaseTest { + + @BeforeClass + public static void startTestContainers() throws Exception { + assumeTrue("Docker isn't available, OIDC tests will be skipped", isDockerAvailable()); + KEYCLOAK_CONTAINER = new KeycloakContainer(); + KEYCLOAK_CONTAINER.start(); + sendRealmCreationRequest(KeycloakConfiguration.getRealmRepresentation(TEST_REALM, CLIENT_ID, CLIENT_SECRET, CLIENT_HOST_NAME, CLIENT_PORT, CLIENT_APP, false)); + client = new MockWebServer(); + client.start(CLIENT_PORT); + } + + @AfterClass + public static void generalCleanup() throws Exception { + if (KEYCLOAK_CONTAINER != null) { + RestAssured + .given() + .auth().oauth2(KeycloakConfiguration.getAdminAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl())) + .when() + .delete(KEYCLOAK_CONTAINER.getAuthServerUrl() + "/admin/realms/" + TEST_REALM).then().statusCode(204); + KEYCLOAK_CONTAINER.stop(); + } + if (client != null) { + client.shutdown(); + } + } + + @BeforeClass + public static void beforeClass() { + System.setProperty("oidc.provider.url", KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM); + } + + @AfterClass + public static void afterClass() { + System.clearProperty("oidc.provider.url"); + } + + @Test + public void testOidcWithRequestParameterUnsupported() throws Exception { + mockOidcClientConfig(); + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST.getValue()), REQUEST.getValue()); + } + + @Test + public void testOidcWithRequestUriParameterUnsupported() throws Exception { + mockOidcClientConfig(); + performAuthentication(getOidcConfigurationInputStreamWithRequestParameter(REQUEST_URI.getValue()), REQUEST_URI.getValue()); + } + + public void performAuthentication(InputStream oidcConfig, String requestFormat) throws Exception { + Map props = new HashMap<>(); + OidcClientConfiguration oidcClientConfiguration = OidcClientConfigurationBuilder.build(oidcConfig); + assertEquals(OidcClientConfiguration.RelativeUrlsUsed.NEVER, oidcClientConfiguration.getRelativeUrls()); + OidcClientContext oidcClientContext = new OidcClientContext(oidcClientConfiguration); + oidcFactory = new OidcMechanismFactory(oidcClientContext); + HttpServerAuthenticationMechanism mechanism = oidcFactory.createAuthenticationMechanism(OIDC_NAME, props, getCallbackHandler()); + + URI requestUri = new URI(getClientUrl()); + TestingHttpServerRequest request = new TestingHttpServerRequest(null, requestUri); + mechanism.evaluateRequest(request); + TestingHttpServerResponse response = request.getResponse(); + assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusCode()); + assertEquals(Status.NO_AUTH, request.getResult()); + assertFalse(response.getFirstResponseHeaderValue("Location").contains(requestFormat + "=")); + assertTrue(response.getFirstResponseHeaderValue("Location").contains("scope=" + OIDC_SCOPE + "+phone+profile+email")); //ALL scopes should be added to the URL directly + + client.setDispatcher(createAppResponse(mechanism, HttpStatus.SC_MOVED_TEMPORARILY, getClientUrl(), CLIENT_PAGE_TEXT)); + + TextPage page = loginToKeycloak(ALICE, ALICE_PASSWORD, requestUri, response.getLocation(), + response.getCookies()).click(); + assertTrue(page.getContent().contains(CLIENT_PAGE_TEXT)); + } + + + private void mockOidcClientConfig(){ + new MockUp(){ + // Used to indicate that the OpenID provider does not support request_uri parameter + @Mock + boolean getRequestUriParameterSupported(){ + return false; + } + + // Used to indicate that the OpenID provider does not support request parameter + @Mock + boolean getRequestParameterSupported(){ + return false; + } + }; + } + + private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter){ + String oidcConfig = "{\n" + + " \"client-id\" : \"" + CLIENT_ID + "\",\n" + + " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"public-client\" : \"false\",\n" + + " \"ssl-required\" : \"EXTERNAL\",\n" + + " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + + " \"request-object-signing-algorithm\" : \"" + HMAC_SHA256 + "\",\n" + + " \"scope\" : \"profile email phone\",\n" + + " \"credentials\" : {\n" + + " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " }\n" + + "}"; + return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); + } +} From bce826795ab8d8320d150f765dafcdfa1953f486 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 8 Jul 2024 13:24:14 -0400 Subject: [PATCH 176/205] [ELY-2782] Release WildFly Elytron 2.5.0.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 2049b067764..ba5636fde7f 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 9aa7bf8eb53..886d95cd35c 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 7294d228fa3..72e52b8d4f6 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 6d913c89e0f..d5fc9882a3d 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 750971c13cd..4ea41367ba3 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 0cc7ec4af30..0e00976830b 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 9460e093a14..61f5949f9ee 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 4783a8c8f5d..10db0045fd1 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 1adafc80e1d..29ba72cfb24 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 06ca9b049f6..6a4a89a7e26 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 12e8172afde..b2e50a32e1f 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 24c10e95df8..5eaea307927 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 56d99abab7b..fb11acc1443 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 7cb76abd798..b7099b8a9e6 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 26da6e01fa3..7dacf0794b4 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 9bc93bcabd8..e92449d8056 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 36c5e9081de..41a32839041 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 877966d3310..2138375c428 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 1d5fa1defd5..db9759029be 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 2d162ce8acb..ded0e5d1e13 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 22c0940c81c..f65cb1adb19 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 6841e5c5986..8fe9f814c61 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 2686354cf15..cc58462d6d6 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index e6159c669c7..0161d656151 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 6a52f74cafe..67a3121c049 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 27b12641810..33f1874b1b5 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 3020bb68828..c1bff0ebf48 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index cc7081c679b..875da1e593f 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 01eaa9b8887..39cef99ed00 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 4f207e9480b..33c6e186f84 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index d2d4aa74fa0..b85693666b7 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 8897d40327b..7d7235d838f 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 10273e8c6f3..bc8de7fdd8d 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 25fdf3b66c7..f7447afb86c 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 98c8adaca2a..6e885007926 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 77a513860c5..b11de9802d6 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index efb397c5f0e..596292bc4d3 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 0c11bd1adaa..af5aba32890 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 3433c5c8a66..860044282af 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index d4cc6df4fb5..4220d210902 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 86da621f2f6..33ac416b449 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index cba5eb55ab0..0e042793569 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 6f68b3ab45b..c57506e9593 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index a1f3bc9bdba..cda42cc1557 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 0f9496edf43..7cd65da8914 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index d4b29fac69e..2ba2d6bef70 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index aa7de136de0..5fb746034ef 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 1402836303e..4b3def3bf55 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/pom.xml b/pom.xml index b13fae1cea5..c85b514eef0 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index d448e5188c9..e93d005da8c 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index a94b8100a83..6bf38325b3d 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index a76393c2b8d..fb6d2904103 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 24c1c138e53..e12a23a1c2e 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 6d3427da055..e0510d21e6b 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index ae44c73cda5..e7fe5510d6c 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 7d89646316f..b2c2ff81232 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 84e336b7860..21a9c2d6ca5 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index b199bf16d51..71e39f14cfd 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index c0c9022b4c9..74333f698a4 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 001d899f230..6a0bfd4a06e 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 97d0e8395bf..ebdfc6b7d75 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index ade71404b0e..393f082f172 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index bc926157a0a..f5280ba56ef 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 651f6f930a7..a2c9535ddae 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 9971c237e77..629624be26f 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 7ac742a33e9..a1b459b4409 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 26a85203e47..99984abb135 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index d0a819e1981..4baec19c722 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 808d02cf28c..436ee8aac3d 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index de4371c77d6..68acd21c2c2 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 22d2f8fc7c6..96c5eea9acb 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index c9f7a53c713..db57ca757e9 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 602283fa6bd..83a43f15219 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 26434c8ce68..58856969e54 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index b02136ee546..c738ca1adb5 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 8e0d64e35f2..06284818b4b 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 93f0b0b398a..fb5492bd718 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.CR2-SNAPSHOT + 2.5.0.Final ../../pom.xml From dac1abc18f94e4f7bbb2ba4932d44aec9d63e345 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 8 Jul 2024 13:24:49 -0400 Subject: [PATCH 177/205] Next is 2.5.1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index ba5636fde7f..17d217aa03b 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 886d95cd35c..f1309641cd7 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 72e52b8d4f6..0280389a985 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index d5fc9882a3d..5c81f8abd4a 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 4ea41367ba3..6ad7a764fbb 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 0e00976830b..53771e0992a 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 61f5949f9ee..612eb58e4f7 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 10db0045fd1..9959bf41e83 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 29ba72cfb24..64d0212d743 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 6a4a89a7e26..40d41f502b5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index b2e50a32e1f..23e1405e73c 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 5eaea307927..f098bff90e0 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index fb11acc1443..567269a0bcc 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index b7099b8a9e6..d1e4fde738b 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 7dacf0794b4..f8f651001db 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index e92449d8056..567e2898d66 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 41a32839041..34a43a3d4d3 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 2138375c428..850092ade46 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index db9759029be..b7509fd76c2 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index ded0e5d1e13..0dc7c4e6dab 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index f65cb1adb19..9f5d25fb712 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 8fe9f814c61..7c6b0a780a2 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index cc58462d6d6..41d6088eb48 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 0161d656151..f109668ee07 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 67a3121c049..ba442678819 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 33f1874b1b5..555709ebf7f 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index c1bff0ebf48..63b684280c5 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 875da1e593f..4f969bed7e6 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 39cef99ed00..44758b79b0c 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 33c6e186f84..d425be12549 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index b85693666b7..3137d415a1a 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 7d7235d838f..e57ac0f3753 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index bc8de7fdd8d..f2f01e78861 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index f7447afb86c..36219ec7d14 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 6e885007926..9aa8169a4f8 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index b11de9802d6..31ce391bf50 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 596292bc4d3..f269c8be7fd 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index af5aba32890..c0561c83ba4 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 860044282af..464b7cd5b7e 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 4220d210902..80484b800e3 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 33ac416b449..4db7db93b33 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 0e042793569..f6643be8be7 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index c57506e9593..7365a240e02 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index cda42cc1557..20a334b3392 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 7cd65da8914..e688852a11b 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 2ba2d6bef70..4b5efa8837e 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 5fb746034ef..743cdbce880 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 4b3def3bf55..2259afb4ae2 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index c85b514eef0..1f156c50776 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index e93d005da8c..57f043e5e16 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 6bf38325b3d..7545ec1b05c 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index fb6d2904103..96df765c59f 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index e12a23a1c2e..320f1cb15e6 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index e0510d21e6b..938a92c3dd7 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index e7fe5510d6c..8718cb1f40f 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index b2c2ff81232..d264e610b86 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 21a9c2d6ca5..d85cdb34f81 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 71e39f14cfd..8b4a8120c74 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 74333f698a4..4e47eae672f 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 6a0bfd4a06e..751c67512b9 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index ebdfc6b7d75..304f30da23d 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 393f082f172..be7e3312472 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index f5280ba56ef..8ad61f03743 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index a2c9535ddae..7cb2fce3483 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 629624be26f..af3b62b18b3 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index a1b459b4409..5502ca52742 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 99984abb135..08930997149 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 4baec19c722..82455a3ebd3 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 436ee8aac3d..8bc44ac2f96 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 68acd21c2c2..6d072cf4ec2 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 96c5eea9acb..12f4949ee9d 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index db57ca757e9..bbf002144fd 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 83a43f15219..2052a5c8d83 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 58856969e54..633b4b1720d 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index c738ca1adb5..0db7cf98026 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 06284818b4b..ebc333a8e73 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index fb5492bd718..e1e0b8a3ab8 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.0.Final + 2.5.1.CR1-SNAPSHOT ../../pom.xml From dd978af96f7902cc69a0a2d75fa87bb9e7748d05 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Mon, 8 Jul 2024 13:43:31 -0400 Subject: [PATCH 178/205] [ELY-2782] Perform API check against 2.5.0.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 12f4949ee9d..098550c3fb6 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.4.2.Final + 2.5.0.Final jar From ecce0fe9e0b792ed48f2d9c2c0abd3746c7c4410 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 22 Jul 2024 12:11:48 -0400 Subject: [PATCH 179/205] ELY-2789 OIDCSecurityContext deserialization issue --- .../http/oidc/OidcSecurityContext.java | 4 +-- .../security/http/oidc/BearerTest.java | 33 +++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java index 5556f311967..c539a2e6224 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java @@ -76,8 +76,8 @@ public String getRealm() { private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException { in.defaultReadObject(); try { - token = new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(tokenString)); - idToken = new IDToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(idTokenString)); + token = tokenString == null ? null : new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(tokenString)); + idToken = idTokenString == null ? null : new IDToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(idTokenString)); } catch (InvalidJwtException e) { throw log.unableToParseToken(); } diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java index 18c4b2f087d..275c9b181ac 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java @@ -27,7 +27,10 @@ import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.InputStream; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; import java.net.URI; import java.nio.charset.StandardCharsets; import java.util.Collections; @@ -36,6 +39,7 @@ import java.util.Map; import org.apache.http.HttpStatus; +import org.jose4j.jwt.consumer.JwtConsumerBuilder; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; @@ -146,6 +150,35 @@ public static void generalCleanup() throws Exception { } } + @Test + public void testOIDCSecurityContextDeserialization() throws Exception { + String accessTokenString = KeycloakConfiguration.getAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl(), TEST_REALM, KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, CLIENT_ID, CLIENT_SECRET); + AccessToken accessToken = new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(accessTokenString)); + OidcSecurityContext oidcSecurityContext = new OidcSecurityContext(accessTokenString, accessToken, null, null); + OidcPrincipal oidcPrincipal = new OidcPrincipal("alice", oidcSecurityContext); + + // Serialize + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream); + objectOutputStream.writeObject(oidcPrincipal); + objectOutputStream.close(); + + //deserialize + byte[] bytes = byteArrayOutputStream.toByteArray(); + ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes); + ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream); + OidcPrincipal deserializedOidcPrincipal = (OidcPrincipal)objectInputStream.readObject(); + OidcSecurityContext deserializedOidcSecurityContext = deserializedOidcPrincipal.getOidcSecurityContext(); + AccessToken deserializedAccessToken = deserializedOidcSecurityContext.getToken(); + + assertEquals(accessTokenString, deserializedOidcSecurityContext.getTokenString()); + assertEquals(KeycloakConfiguration.ALICE, deserializedOidcPrincipal.getName()); + assertEquals(KeycloakConfiguration.ALICE, deserializedAccessToken.getPreferredUsername()); + assertEquals("alice@gmail.com", deserializedAccessToken.getEmail()); + assertEquals(TEST_REALM, deserializedOidcSecurityContext.getRealm()); + objectInputStream.close(); + } + @Test public void testSucessfulAuthenticationWithAuthServerUrl() throws Exception { performBearerAuthentication(getOidcConfigurationInputStream(), SECURED_ENDPOINT, KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, From b873518504735f5fa5b0b6fdd971e967e49fd8a9 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 22 Jul 2024 15:20:23 -0400 Subject: [PATCH 180/205] ELY-2790 Upgrade commons-lang3 from 3.15.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1f156c50776..86616fa442d 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ ${version.com.fasterxml.jackson} 1.6.0 4.0.1 - 3.14.0 + 3.15.0 2.0.0.AM27 2.1.6 2.0.3 From 4384881bf4f7ea7f811a314247454d8c0102cef0 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 8 Aug 2024 11:38:50 -0400 Subject: [PATCH 181/205] [ELY-2795] Upgrade io.rest-assured from 4.3.3 to 5.5.0 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 1f156c50776..3e59f9cd594 100644 --- a/pom.xml +++ b/pom.xml @@ -95,8 +95,8 @@ 3.0.0 0.9.6 1.15.3 - 18.0.2 - 4.3.3 + 25.0.2 + 5.5.0 2.40.0 2.3.0 3.1.0.Final From 456d84d1b67fd0a5be57ea6b161be6122cdd505b Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 8 Aug 2024 09:51:41 -0400 Subject: [PATCH 182/205] [ELY-2794] Upgrade the keycloak-services and keycloak test dependencies to the versions 23.0.7 and 25.0.2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3e59f9cd594..c2c630f0d9d 100644 --- a/pom.xml +++ b/pom.xml @@ -99,7 +99,7 @@ 5.5.0 2.40.0 2.3.0 - 3.1.0.Final + 23.0.7 INFO From 779ee61679236041a545e3669487355d99ad401f Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Tue, 13 Aug 2024 15:43:47 -0400 Subject: [PATCH 183/205] [ELY-2796] Release WildFly Elytron 2.5.1.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 17d217aa03b..545e8f95917 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index f1309641cd7..b42303d2458 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 0280389a985..85d263fea7e 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 5c81f8abd4a..b805fb93af9 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 6ad7a764fbb..a43174a40b4 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 53771e0992a..cbdae80b321 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 612eb58e4f7..bbf2ef90b83 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 9959bf41e83..b218b00e298 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 64d0212d743..901d5e60ddd 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 40d41f502b5..105e5a45352 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 23e1405e73c..86a4734634b 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index f098bff90e0..cb9818995b7 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 567269a0bcc..8f4ab4889cc 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index d1e4fde738b..08bcc550f28 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index f8f651001db..16ee2dcd419 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 567e2898d66..67b266c3358 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 34a43a3d4d3..50fb279e5c4 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 850092ade46..143030bb2be 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index b7509fd76c2..5432bfdf838 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 0dc7c4e6dab..b72dcd3aa61 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 9f5d25fb712..d5523b1071a 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 7c6b0a780a2..46200c8a1d7 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 41d6088eb48..38957e19d12 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index f109668ee07..7f7e66885f6 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index ba442678819..a1e953a09fe 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 555709ebf7f..66173ba36f3 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 63b684280c5..52d99efd381 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 4f969bed7e6..ddfc8a1a9a4 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 44758b79b0c..d04d59f79d5 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index d425be12549..b404c80201f 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 3137d415a1a..ef5f6a8df95 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index e57ac0f3753..c4470e6e5af 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index f2f01e78861..b7755310e9f 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 36219ec7d14..358b178e74d 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 9aa8169a4f8..f33889099e9 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 31ce391bf50..d256a2e9915 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index f269c8be7fd..142a2e69240 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index c0561c83ba4..2120f9c1865 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 464b7cd5b7e..e8aa2d09c44 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 80484b800e3..d49ba536df5 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 4db7db93b33..cdcdc6f1a6e 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index f6643be8be7..99f1113be6e 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 7365a240e02..3a075b48ab6 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 20a334b3392..f918d2f7c9b 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index e688852a11b..3afef2ad08f 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 4b5efa8837e..ed3e9d7c0f3 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 743cdbce880..ffdb7698d13 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 2259afb4ae2..3f287a19b25 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 1f156c50776..9b358a82fd4 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 57f043e5e16..3624a9a941f 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 7545ec1b05c..f6c77d324dd 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 96df765c59f..2f11d218c72 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 320f1cb15e6..413b4d94399 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 938a92c3dd7..cb94af2bb89 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 8718cb1f40f..08f5b98def6 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index d264e610b86..d9036ea7f01 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index d85cdb34f81..cb6580d7149 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 8b4a8120c74..74a5b4bad53 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 4e47eae672f..3fb585930b8 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 751c67512b9..9f0042ad59f 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 304f30da23d..8ee63bf9ae8 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index be7e3312472..a9b721cef3e 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 8ad61f03743..998f3101769 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 7cb2fce3483..05ec6086101 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index af3b62b18b3..4e0896f89a7 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 5502ca52742..3862ef8d5f9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 08930997149..8f121cca8ab 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 82455a3ebd3..960274fcc82 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 8bc44ac2f96..2e4e9d49cb5 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 6d072cf4ec2..d474180638f 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 098550c3fb6..1316d424299 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index bbf002144fd..13298be7be1 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 2052a5c8d83..4511cdc54f6 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 633b4b1720d..4486d633a23 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 0db7cf98026..5f9d2485cf0 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index ebc333a8e73..7874593f0e4 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index e1e0b8a3ab8..6cd5da260df 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.CR1-SNAPSHOT + 2.5.1.Final ../../pom.xml From 9fbcc650eae2482b0d1d0250b204e982deffa50f Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Tue, 13 Aug 2024 15:44:26 -0400 Subject: [PATCH 184/205] Next is 2.5.2 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 545e8f95917..1eefb6c1f3f 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index b42303d2458..d4f6c840eda 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 85d263fea7e..0661646ab8b 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index b805fb93af9..2ab12bd36ca 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index a43174a40b4..6cd31e3a957 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index cbdae80b321..6e48afe2a25 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index bbf2ef90b83..2243df70dfd 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index b218b00e298..c691385b5e9 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 901d5e60ddd..a63d8942f3f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 105e5a45352..a30057a6abc 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 86a4734634b..bafda60cf0b 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index cb9818995b7..58ce9bfc75e 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 8f4ab4889cc..df27ef751ed 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 08bcc550f28..50ec88ea27a 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 16ee2dcd419..7c1976839e1 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 67b266c3358..8f6938ab3fa 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 50fb279e5c4..5be0f3844b4 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 143030bb2be..53f6d726221 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 5432bfdf838..6005943ae52 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b72dcd3aa61..98618df9ef8 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index d5523b1071a..193f81c319d 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 46200c8a1d7..06370d1c6d3 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 38957e19d12..3690a681977 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 7f7e66885f6..29b5f908d29 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index a1e953a09fe..e5fe1afd830 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 66173ba36f3..4cb7fa865c5 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 52d99efd381..187158d2dee 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index ddfc8a1a9a4..fdf26ca42f8 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index d04d59f79d5..6703cc6e6c7 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index b404c80201f..0d98cb9cdae 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index ef5f6a8df95..e8e9ae7dfaa 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index c4470e6e5af..56c9713ff77 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index b7755310e9f..7844474a2cf 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 358b178e74d..92c37b726d3 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index f33889099e9..b85827d9283 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index d256a2e9915..e5321b18071 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 142a2e69240..8ad8fe59a16 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 2120f9c1865..6729d438516 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index e8aa2d09c44..f6d2e42def8 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index d49ba536df5..915c5814f25 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index cdcdc6f1a6e..8603e2d2e7d 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 99f1113be6e..d8a70b5a869 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 3a075b48ab6..3d34c66ede4 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index f918d2f7c9b..64a8c725123 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 3afef2ad08f..10ae56f74c3 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index ed3e9d7c0f3..e0cd26073b1 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index ffdb7698d13..53bc46cdd76 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 3f287a19b25..24e307ac07c 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 9b358a82fd4..f3fdca5b17d 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 3624a9a941f..7620c98e1ab 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index f6c77d324dd..c6f5056e9de 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 2f11d218c72..72ffdfcd601 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 413b4d94399..7e4a99222d5 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index cb94af2bb89..6b090270a67 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 08f5b98def6..fa455c4aac5 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index d9036ea7f01..8d02e4ee250 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index cb6580d7149..e7382a254d1 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 74a5b4bad53..92a0f0126be 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 3fb585930b8..f9404532ffe 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 9f0042ad59f..ed2f8cfc933 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 8ee63bf9ae8..6d5ac6fe7fa 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index a9b721cef3e..707ddb548a1 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 998f3101769..d6ffd8f95a7 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 05ec6086101..95cee45589d 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 4e0896f89a7..f935d139e37 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 3862ef8d5f9..59a5ccff1b9 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 8f121cca8ab..81bacad327a 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 960274fcc82..2406ce66298 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 2e4e9d49cb5..eae2363ffc1 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index d474180638f..5c4ad863994 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1316d424299..25427bd30a3 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 13298be7be1..b0b912c4974 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 4511cdc54f6..11e6eaf787c 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 4486d633a23..0a5baf9a738 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 5f9d2485cf0..536305499c0 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 7874593f0e4..f93de8dea27 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 6cd5da260df..caf08adca64 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.1.Final + 2.5.2.CR1-SNAPSHOT ../../pom.xml From 7a8fd8cee12fd18c6fd638e8d18fc738fed969c1 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Tue, 13 Aug 2024 16:45:42 -0400 Subject: [PATCH 185/205] [ELY-2796] Perform API check against 2.5.1.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 25427bd30a3..c4428245d15 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.5.0.Final + 2.5.1.Final jar From 2270981641aac2eccebf3c3a2367c521412ab900 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Mon, 19 Aug 2024 09:41:39 -0400 Subject: [PATCH 186/205] Fixes to ELY-2756 Add tests to the elytron test suite to test to test OCSP with revoked and unknown certificates --- .../security/ssl/SSLAuthenticationTest.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java index 2e8458ada47..b1005514045 100644 --- a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java @@ -719,12 +719,14 @@ public void testOcspGood() throws Throwable { @Test public void testOcspRevoked() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setNeedClientAuth(true) @@ -736,12 +738,14 @@ public void testOcspRevoked() throws Throwable { @Test public void testOcspUnknown() throws Throwable { + DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA); + DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB); SSLContext serverContext = new SSLContextBuilder() - .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")) - .setKeyManager(getKeyManager("/jks/scarab.keystore")) + .setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore())) + .setKeyManager(scarab.createKeyManager()) .setTrustManager(X509RevocationTrustManager.builder() .setTrustManagerFactory(getTrustManagerFactory()) - .setTrustStore(createKeyStore("/jks/ca.truststore")) + .setTrustStore(ca.loadKeyStore()) .setOcspResponderCert(ocspResponderCertificate) .build()) .setNeedClientAuth(true) From a8886e3fa038d176af60a527b38f987135ab240d Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Thu, 27 Jun 2024 10:32:41 -0400 Subject: [PATCH 187/205] ELY-2778 Replace string literals inside the OidcJsonConfiguration class with constants --- .../org/wildfly/security/http/oidc/Oidc.java | 53 ++++ .../http/oidc/OidcJsonConfiguration.java | 197 +++++++++------ .../security/http/oidc/OidcBaseTest.java | 12 +- .../wildfly/security/http/oidc/OidcTest.java | 237 ++++++++++-------- 4 files changed, 312 insertions(+), 187 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index 575809f2f4b..c6b38c9ef4d 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -45,7 +45,13 @@ public class Oidc { public static final String ACCEPT = "Accept"; + public static final String ADAPTER_STATE_COOKIE_PATH = "adapter-state-cookie-path"; + public static final String ALLOW_ANY_HOSTNAME = "allow-any-hostname"; + public static final String ALWAYS_REFRESH_TOKEN = "always-refresh-token"; + public static final String AUTH_SERVER_URL = "auth-server-url"; public static final String AUTHENTICATION_REQUEST_FORMAT = "authentication-request-format"; + public static final String AUTODETECT_BEARER_ONLY = "autodetect-bearer-only"; + public static final String BEARER_ONLY = "bearer-only"; public static final String OIDC_NAME = "OIDC"; public static final String JSON_CONTENT_TYPE = "application/json"; public static final String HTML_CONTENT_TYPE = "text/html"; @@ -55,14 +61,27 @@ public class Oidc { public static final String KEYCLOAK_REALMS_PATH = "realms/"; public static final String JSON_CONFIG_CONTEXT_PARAM = "org.wildfly.security.http.oidc.json.config"; static final String ACCOUNT_PATH = "account"; + public static final String CORS_MAX_AGE = "cors-max-age"; + public static final String CORS_ALLOWED_HEADERS = "cors-allowed-headers"; + public static final String CORS_ALLOWED_METHODS = "cors-allowed-methods"; + public static final String CORS_EXPOSED_HEADERS = "cors-exposed-headers"; + public static final String CONNECTION_POOL_SIZE = "connection-pool-size"; public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node"; public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node"; + public static final String CREDENTIALS = "credentials"; + public static final String DISABLE_TRUST_MANAGER = "disable-trust-manager"; public static final String SLASH = "/"; public static final String OIDC_CLIENT_CONTEXT_KEY = OidcClientContext.class.getName(); public static final String CLIENT_ID = "client_id"; + public static final String CLIENT_ID_JSON_VALUE = "client-id"; + public static final String CLIENT_KEYSTORE = "client-keystore"; + public static final String CLIENT_KEYSTORE_PASSWORD = "client-keystore-password"; + public static final String CLIENT_KEY_PASSWORD = "client-key-password"; public static final String CODE = "code"; + public static final String ENABLE_CORS = "enable-cors"; public static final String ERROR = "error"; public static final String ERROR_DESCRIPTION = "error_description"; + public static final String EXPOSE_TOKEN = "expose-token"; public static final String FACES_REQUEST = "Faces-Request"; public static final String GRANT_TYPE = "grant_type"; public static final String INVALID_TOKEN = "invalid_token"; @@ -74,9 +93,17 @@ public class Oidc { public static final String OPTIONS = "OPTIONS"; public static final String PARTIAL = "partial/"; public static final String PASSWORD = "password"; + public static final String PRINCIPAL_ATTRIBUTE = "principal-attribute"; public static final String PROMPT = "prompt"; + public static final String PROXY_URL = "proxy-url"; + public static final String PUBLIC_CLIENT = "public-client"; + public static final String REALM = "realm"; + public static final String REALM_PUBLIC_KEY = "realm-public-key"; + public static final String REGISTER_NODE_AT_STARTUP = "register-node-at-startup"; + public static final String REGISTER_NODE_PERIOD = "register-node-period"; public static final String REQUEST = "request"; public static final String REQUEST_URI = "request_uri"; + public static final String RESOURCE = "resource"; public static final String SCOPE = "scope"; public static final String UI_LOCALES = "ui_locales"; public static final String USERNAME = "username"; @@ -86,6 +113,7 @@ public class Oidc { public static final String RESPONSE_TYPE = "response_type"; public static final String SESSION_STATE = "session_state"; public static final String SOAP_ACTION = "SOAPAction"; + public static final String SSL_REQUIRED = "ssl-required"; public static final String STALE_TOKEN = "Stale token"; public static final String STATE = "state"; public static final int INVALID_ISSUED_FOR_CLAIM = -1; @@ -118,8 +146,33 @@ public class Oidc { static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256"; public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME = "wildfly.elytron.oidc.disable.typ.claim.validation"; public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME = "wildfly.elytron.oidc.allow.query.params"; + public static final String TOKEN_MINIMUM_TIME_TO_LIVE = "token-minimum-time-to-live"; + public static final String TOKEN_SIGNATURE_ALGORITHM = "token-signature-algorithm"; + public static final String TOKEN_STORE = "token-store"; + public static final String TRUSTSTORE = "truststore"; + public static final String TRUSTSTORE_PASSWORD = "truststore-password"; + public static final String TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN = "turn-off-change-session-id-on-login"; + public static final String USE_RESOURCE_ROLE_MAPPINGS = "use-resource-role-mappings"; + public static final String USE_REALM_ROLE_MAPPINGS = "use-realm-role-mappings"; public static final String X_REQUESTED_WITH = "X-Requested-With"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; + public static final String MIN_TIME_BETWEEN_JWKS_REQUESTS = "min-time-between-jwks-requests"; + public static final String PUBLIC_KEY_CACHE_TTL = "public-key-cache-ttl"; + public static final String IGNORE_OAUTH_QUERY_PARAMETER = "ignore-oauth-query-parameter"; + public static final String VERIFY_TOKEN_AUDIENCE = "verify-token-audience"; + public static final String REQUEST_OBJECT_SIGNING_ALGORITHM = "request-object-signing-algorithm"; + public static final String REQUEST_OBJECT_ENCRYPTION_ALG_VALUE = "request-object-encryption-alg-value"; + public static final String REQUEST_OBJECT_ENCRYPTION_ENC_VALUE = "request-object-encryption-enc-value"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_FILE = "request-object-signing-keystore-file"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD = "request-object-signing-keystore-password"; + public static final String REQUEST_OBJECT_SIGNING_KEY_PASSWORD = "request-object-signing-key-password"; + public static final String REQUEST_OBJECT_SIGNING_KEY_ALIAS = "request-object-signing-key-alias"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE = "request-object-signing-keystore-type"; + public static final String REDIRECT_REWRITE_RULES = "redirect-rewrite-rules"; + public static final String ENABLE_PKCE = "enable-pkce"; + public static final String CONFIDENTIAL_PORT = "confidential-port"; + public static final String ENABLE_BASIC_AUTH = "enable-basic-auth"; + public static final String PROVIDER_URL = "provider-url"; /** * Bearer token pattern. diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java index 29d2d785e3c..4f107b79591 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java @@ -19,6 +19,61 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.Oidc.DEFAULT_TOKEN_SIGNATURE_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.ADAPTER_STATE_COOKIE_PATH; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_ANY_HOSTNAME; +import static org.wildfly.security.http.oidc.Oidc.ALWAYS_REFRESH_TOKEN; +import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL; +import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT; +import static org.wildfly.security.http.oidc.Oidc.AUTODETECT_BEARER_ONLY; +import static org.wildfly.security.http.oidc.Oidc.BEARER_ONLY; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID_JSON_VALUE; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.CONFIDENTIAL_PORT; +import static org.wildfly.security.http.oidc.Oidc.CONNECTION_POOL_SIZE; +import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_HEADERS; +import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_METHODS; +import static org.wildfly.security.http.oidc.Oidc.CORS_EXPOSED_HEADERS; +import static org.wildfly.security.http.oidc.Oidc.CORS_MAX_AGE; +import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS; +import static org.wildfly.security.http.oidc.Oidc.DISABLE_TRUST_MANAGER; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_BASIC_AUTH; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_CORS; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_PKCE; +import static org.wildfly.security.http.oidc.Oidc.EXPOSE_TOKEN; +import static org.wildfly.security.http.oidc.Oidc.IGNORE_OAUTH_QUERY_PARAMETER; +import static org.wildfly.security.http.oidc.Oidc.MIN_TIME_BETWEEN_JWKS_REQUESTS; +import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE; +import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL; +import static org.wildfly.security.http.oidc.Oidc.PROXY_URL; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_KEY_CACHE_TTL; +import static org.wildfly.security.http.oidc.Oidc.REDIRECT_REWRITE_RULES; +import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_AT_STARTUP; +import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_PERIOD; +import static org.wildfly.security.http.oidc.Oidc.REALM; +import static org.wildfly.security.http.oidc.Oidc.REALM_PUBLIC_KEY; +import static org.wildfly.security.http.oidc.Oidc.RESOURCE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.SCOPE; +import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_MINIMUM_TIME_TO_LIVE; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_STORE; +import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE; +import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN; +import static org.wildfly.security.http.oidc.Oidc.USE_RESOURCE_ROLE_MAPPINGS; +import static org.wildfly.security.http.oidc.Oidc.USE_REALM_ROLE_MAPPINGS; +import static org.wildfly.security.http.oidc.Oidc.VERIFY_TOKEN_AUDIENCE; import java.util.Map; import java.util.TreeMap; @@ -34,143 +89,143 @@ * @author John D. Ament * @author Farah Juma */ -@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-required", - "resource", "public-client", "credentials", - "use-resource-role-mappings", "use-realm-role-mappings", - "enable-cors", "cors-max-age", "cors-allowed-methods", "cors-exposed-headers", - "expose-token", "bearer-only", "autodetect-bearer-only", "connection-pool-size", - "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password", - "client-keystore", "client-keystore-password", "client-key-password", - "always-refresh-token", - "register-node-at-startup", "register-node-period", "token-store", "adapter-state-cookie-path", "principal-attribute", - "proxy-url", "turn-off-change-session-id-on-login", "token-minimum-time-to-live", - "min-time-between-jwks-requests", "public-key-cache-ttl", - "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope", - "authentication-request-format", "request-object-signing-algorithm", "request-object-encryption-alg-value", - "request-object-encryption-enc-value", "request-object-signing-keystore-file", - "request-object-signing-keystore-password","request-object-signing-key-password", "request-object-signing-key-alias", - "request-object-signing-keystore-type" +@JsonPropertyOrder({REALM, REALM_PUBLIC_KEY, AUTH_SERVER_URL, SSL_REQUIRED, + RESOURCE, PUBLIC_CLIENT, CREDENTIALS, + USE_RESOURCE_ROLE_MAPPINGS, USE_REALM_ROLE_MAPPINGS, + ENABLE_CORS, CORS_MAX_AGE, CORS_ALLOWED_METHODS, CORS_EXPOSED_HEADERS, + EXPOSE_TOKEN, BEARER_ONLY, AUTODETECT_BEARER_ONLY, CONNECTION_POOL_SIZE, + ALLOW_ANY_HOSTNAME, DISABLE_TRUST_MANAGER, TRUSTSTORE, TRUSTSTORE_PASSWORD, + CLIENT_KEYSTORE, CLIENT_KEYSTORE_PASSWORD, CLIENT_KEY_PASSWORD, + ALWAYS_REFRESH_TOKEN, + REGISTER_NODE_AT_STARTUP, REGISTER_NODE_PERIOD, TOKEN_STORE, ADAPTER_STATE_COOKIE_PATH, PRINCIPAL_ATTRIBUTE, + PROXY_URL, TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN, TOKEN_MINIMUM_TIME_TO_LIVE, + MIN_TIME_BETWEEN_JWKS_REQUESTS, PUBLIC_KEY_CACHE_TTL, + IGNORE_OAUTH_QUERY_PARAMETER, VERIFY_TOKEN_AUDIENCE, TOKEN_SIGNATURE_ALGORITHM, SCOPE, + AUTHENTICATION_REQUEST_FORMAT, REQUEST_OBJECT_SIGNING_ALGORITHM, REQUEST_OBJECT_ENCRYPTION_ALG_VALUE, + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE, REQUEST_OBJECT_SIGNING_KEYSTORE_FILE, + REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD,REQUEST_OBJECT_SIGNING_KEY_PASSWORD, REQUEST_OBJECT_SIGNING_KEY_ALIAS, + REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE }) public class OidcJsonConfiguration { - @JsonProperty("allow-any-hostname") + @JsonProperty(ALLOW_ANY_HOSTNAME) protected boolean allowAnyHostname; - @JsonProperty("disable-trust-manager") + @JsonProperty(DISABLE_TRUST_MANAGER) protected boolean disableTrustManager; - @JsonProperty("truststore") + @JsonProperty(TRUSTSTORE) protected String truststore; - @JsonProperty("truststore-password") + @JsonProperty(TRUSTSTORE_PASSWORD) protected String truststorePassword; - @JsonProperty("client-keystore") + @JsonProperty(CLIENT_KEYSTORE) protected String clientKeystore; - @JsonProperty("client-keystore-password") + @JsonProperty(CLIENT_KEYSTORE_PASSWORD) protected String clientKeystorePassword; - @JsonProperty("client-key-password") + @JsonProperty(CLIENT_KEY_PASSWORD) protected String clientKeyPassword; - @JsonProperty("request-object-signing-keystore-file") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_FILE) protected String requestObjectSigningKeyStoreFile; - @JsonProperty("request-object-signing-keystore-password") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD) protected String requestObjectSigningKeyStorePassword; - @JsonProperty("request-object-signing-key-password") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_PASSWORD) protected String requestObjectSigningKeyPassword; - @JsonProperty("request-object-signing-key-alias") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_ALIAS) protected String requestObjectSigningKeyAlias; - @JsonProperty("request-object-signing-keystore-type") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE) protected String requestObjectSigningKeyStoreType; - @JsonProperty("connection-pool-size") + @JsonProperty(CONNECTION_POOL_SIZE) protected int connectionPoolSize = 20; - @JsonProperty("always-refresh-token") + @JsonProperty(ALWAYS_REFRESH_TOKEN) protected boolean alwaysRefreshToken = false; - @JsonProperty("register-node-at-startup") + @JsonProperty(REGISTER_NODE_AT_STARTUP) protected boolean registerNodeAtStartup = false; - @JsonProperty("register-node-period") + @JsonProperty(REGISTER_NODE_PERIOD) protected int registerNodePeriod = -1; - @JsonProperty("token-store") + @JsonProperty(TOKEN_STORE) protected String tokenStore; - @JsonProperty("adapter-state-cookie-path") + @JsonProperty(ADAPTER_STATE_COOKIE_PATH) protected String tokenCookiePath; - @JsonProperty("principal-attribute") + @JsonProperty(PRINCIPAL_ATTRIBUTE) protected String principalAttribute; - @JsonProperty("turn-off-change-session-id-on-login") + @JsonProperty(TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN) protected Boolean turnOffChangeSessionIdOnLogin; - @JsonProperty("token-minimum-time-to-live") + @JsonProperty(TOKEN_MINIMUM_TIME_TO_LIVE) protected int tokenMinimumTimeToLive = 0; - @JsonProperty("min-time-between-jwks-requests") + @JsonProperty(MIN_TIME_BETWEEN_JWKS_REQUESTS) protected int minTimeBetweenJwksRequests = 10; - @JsonProperty("public-key-cache-ttl") + @JsonProperty(PUBLIC_KEY_CACHE_TTL) protected int publicKeyCacheTtl = 86400; // 1 day // https://tools.ietf.org/html/rfc7636 - @JsonProperty("enable-pkce") + @JsonProperty(ENABLE_PKCE) protected boolean pkce = false; - @JsonProperty("ignore-oauth-query-parameter") + @JsonProperty(IGNORE_OAUTH_QUERY_PARAMETER) protected boolean ignoreOAuthQueryParameter = false; - @JsonProperty("verify-token-audience") + @JsonProperty(VERIFY_TOKEN_AUDIENCE) protected boolean verifyTokenAudience = false; - @JsonProperty("confidential-port") + @JsonProperty(CONFIDENTIAL_PORT) protected int confidentialPort; - @JsonProperty("resource") + @JsonProperty(RESOURCE) protected String resource; - @JsonProperty("use-resource-role-mappings") + @JsonProperty(USE_RESOURCE_ROLE_MAPPINGS) protected boolean useResourceRoleMappings; - @JsonProperty("use-realm-role-mappings") + @JsonProperty(USE_REALM_ROLE_MAPPINGS) protected boolean useRealmRoleMappings = true; - @JsonProperty("enable-cors") + @JsonProperty(ENABLE_CORS) protected boolean cors; - @JsonProperty("cors-max-age") + @JsonProperty(CORS_MAX_AGE) protected int corsMaxAge = -1; - @JsonProperty("cors-allowed-headers") + @JsonProperty(CORS_ALLOWED_HEADERS) protected String corsAllowedHeaders; - @JsonProperty("cors-allowed-methods") + @JsonProperty(CORS_ALLOWED_METHODS) protected String corsAllowedMethods; - @JsonProperty("cors-exposed-headers") + @JsonProperty(CORS_EXPOSED_HEADERS) protected String corsExposedHeaders; - @JsonProperty("expose-token") + @JsonProperty(EXPOSE_TOKEN) protected boolean exposeToken; - @JsonProperty("bearer-only") + @JsonProperty(BEARER_ONLY) protected boolean bearerOnly; - @JsonProperty("autodetect-bearer-only") + @JsonProperty(AUTODETECT_BEARER_ONLY) protected boolean autodetectBearerOnly; - @JsonProperty("enable-basic-auth") + @JsonProperty(ENABLE_BASIC_AUTH) protected boolean enableBasicAuth; - @JsonProperty("public-client") + @JsonProperty(PUBLIC_CLIENT) protected boolean publicClient; - @JsonProperty("credentials") + @JsonProperty(CREDENTIALS) protected Map credentials = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); - @JsonProperty("redirect-rewrite-rules") + @JsonProperty(REDIRECT_REWRITE_RULES) protected Map redirectRewriteRules; - @JsonProperty("realm") + @JsonProperty(REALM) protected String realm; - @JsonProperty("realm-public-key") + @JsonProperty(REALM_PUBLIC_KEY) protected String realmKey; - @JsonProperty("auth-server-url") + @JsonProperty(AUTH_SERVER_URL) protected String authServerUrl; - @JsonProperty("ssl-required") + @JsonProperty(SSL_REQUIRED) protected String sslRequired; - @JsonProperty("provider-url") + @JsonProperty(PROVIDER_URL) protected String providerUrl; - @JsonProperty("client-id") + @JsonProperty(CLIENT_ID_JSON_VALUE) protected String clientId; - @JsonProperty("token-signature-algorithm") + @JsonProperty(TOKEN_SIGNATURE_ALGORITHM) protected String tokenSignatureAlgorithm = DEFAULT_TOKEN_SIGNATURE_ALGORITHM; - @JsonProperty("scope") + @JsonProperty(SCOPE) protected String scope; - @JsonProperty("authentication-request-format") + @JsonProperty(AUTHENTICATION_REQUEST_FORMAT) protected String authenticationRequestFormat; - @JsonProperty("request-object-signing-algorithm") + @JsonProperty(REQUEST_OBJECT_SIGNING_ALGORITHM) protected String requestObjectSigningAlgorithm; - @JsonProperty("request-object-encryption-alg-value") + @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ALG_VALUE) protected String requestObjectEncryptionAlgValue; - @JsonProperty("request-object-encryption-enc-value") + @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ENC_VALUE) protected String requestObjectEncryptionEncValue; /** * The Proxy url to use for requests to the auth-server, configurable via the adapter config property {@code proxy-url}. */ - @JsonProperty("proxy-url") + @JsonProperty(PROXY_URL) protected String proxyUrl; public boolean isAllowAnyHostname() { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index b604af8a8f8..6eb698160a0 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -413,12 +413,12 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + Oidc.PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + Oidc.PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + Oidc.SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + Oidc.CREDENTIALS + "\" : {\n" + + " \"" + Oidc.ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index fdda1aac447..4dede8b5ed6 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -44,8 +44,28 @@ import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT1_USER; import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_PASSWORD; import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_USER; +import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL; +import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT; +import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS; +import static org.wildfly.security.http.oidc.Oidc.ClientCredentialsProviderType; +import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL; import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT; +import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE; +import static org.wildfly.security.http.oidc.Oidc.RESOURCE; +import static org.wildfly.security.http.oidc.Oidc.REALM; +import static org.wildfly.security.http.oidc.Oidc.SCOPE; +import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; @@ -664,13 +684,13 @@ private InputStream getOidcConfigurationInputStream(String clientSecret) { private InputStream getOidcConfigurationInputStream(String clientSecret, String authServerUrl) { String oidcConfig = "{\n" + - " \"realm\" : \"" + TEST_REALM + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"auth-server-url\" : \"" + authServerUrl + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + clientSecret + "\"\n" + + " \"" + REALM + "\" : \"" + TEST_REALM + "\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + AUTH_SERVER_URL + "\" : \"" + authServerUrl + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + clientSecret + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -678,12 +698,12 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -691,12 +711,12 @@ private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpres private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"${oidc.provider.url}\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"${oidc.provider.url}\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -704,12 +724,12 @@ private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression( private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -717,11 +737,11 @@ private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash( private InputStream getOidcConfigurationMissingRequiredOption() { String oidcConfig = "{\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -729,45 +749,43 @@ private InputStream getOidcConfigurationMissingRequiredOption() { private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() { String oidcConfig = "{\n" + - " \"token-signature-algorithm\" : \"RS256\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + TOKEN_SIGNATURE_ALGORITHM + "\" : \"RS256\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"scope\" : \"" + scopeValue + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SCOPE + "\" : \"" + scopeValue + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + - " \"scope\" : \"profile email phone\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" + + " \"" + SCOPE + "\" : \"profile email phone\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -775,16 +793,15 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r private InputStream getOidcConfigurationInputStreamWithoutEncValue(String requestParameter, String encryptionAlgorithm){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"scope\" : \"profile email phone\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + SCOPE + "\" : \"profile email phone\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -792,22 +809,22 @@ private InputStream getOidcConfigurationInputStreamWithoutEncValue(String reques private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod, String keyStorePath, String alias, String keyStoreType){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + - " \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" + - " \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" + - " \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" + - " \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" + - " \"request-object-signing-key-alias\" : \"" + alias + "\",\n" + - " \"scope\" : \"email phone profile\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_FILE + "\" : \"" + keyStorePath + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE + "\" : \"" + keyStoreType + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEY_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEY_ALIAS + "\" : \"" + alias + "\",\n" + + " \"" + SCOPE + "\" : \"email phone profile\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -815,26 +832,26 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r private InputStream getOidcConfigurationInputStreamWithRequestObjectPublicClient(String requestParameter, String signingAlgorithm){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"true\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"scope\" : \"email phone profile\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"true\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + SCOPE + "\" : \"email phone profile\"\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { String oidcConfig = "{\n" + - " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PRINCIPAL_ATTRIBUTE + "\" : \"" + principalAttributeValue + "\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -842,13 +859,13 @@ private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String static InputStream getTenantConfigWithAuthServerUrl(String tenant) { String oidcConfig = "{\n" + - " \"realm\" : \"" + tenant + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"auth-server-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + REALM + "\" : \"" + tenant + "\",\n" + + " \""+ RESOURCE +"\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT +"\" : \"false\",\n" + + " \"" + AUTH_SERVER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -856,12 +873,12 @@ static InputStream getTenantConfigWithAuthServerUrl(String tenant) { static InputStream getTenantConfigWithProviderUrl(String tenant) { String oidcConfig = "{\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); From 882fae78ad58f37e64ebe7268392ad78d06db102 Mon Sep 17 00:00:00 2001 From: R Searls Date: Mon, 26 Aug 2024 11:17:17 -0400 Subject: [PATCH 188/205] [ELY-2797] check for null Boolean and return boolean --- .../http/oidc/OidcProviderMetadata.java | 24 +- .../http/oidc/OidcProviderMetadataTest.java | 378 ++++++++++++++++++ 2 files changed, 390 insertions(+), 12 deletions(-) create mode 100644 http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java index 6c964dbfe1b..7619a89b4b0 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcProviderMetadata.java @@ -329,8 +329,8 @@ public void setClaimTypesSupported(List claimTypesSupported) { this.claimTypesSupported = claimTypesSupported; } - public Boolean getClaimsParameterSupported() { - return claimsParameterSupported; + public boolean getClaimsParameterSupported() { + return claimsParameterSupported == null ? false : claimsParameterSupported; } public void setClaimsParameterSupported(Boolean claimsParameterSupported) { @@ -345,16 +345,16 @@ public void setScopesSupported(List scopesSupported) { this.scopesSupported = scopesSupported; } - public Boolean getRequestParameterSupported() { - return requestParameterSupported; + public boolean getRequestParameterSupported() { + return requestParameterSupported == null ? false : requestParameterSupported; } public void setRequestParameterSupported(Boolean requestParameterSupported) { this.requestParameterSupported = requestParameterSupported; } - public Boolean getRequestUriParameterSupported() { - return requestUriParameterSupported; + public boolean getRequestUriParameterSupported() { + return requestUriParameterSupported == null ? false : requestUriParameterSupported; } public void setRequestUriParameterSupported(Boolean requestUriParameterSupported) { @@ -393,12 +393,12 @@ public void setRevocationEndpointAuthSigningAlgValuesSupported(List revo this.revocationEndpointAuthSigningAlgValuesSupported = revocationEndpointAuthSigningAlgValuesSupported; } - public Boolean getBackchannelLogoutSupported() { - return backchannelLogoutSupported; + public boolean getBackchannelLogoutSupported() { + return backchannelLogoutSupported == null ? false : backchannelLogoutSupported; } - public Boolean getBackchannelLogoutSessionSupported() { - return backchannelLogoutSessionSupported; + public boolean getBackchannelLogoutSessionSupported() { + return backchannelLogoutSessionSupported == null ? false : backchannelLogoutSessionSupported; } public void setBackchannelLogoutSessionSupported(Boolean backchannelLogoutSessionSupported) { @@ -416,8 +416,8 @@ public List getCodeChallengeMethodsSupported() { // KEYCLOAK-6771 Certificate Bound Token // https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.2 - public Boolean getTlsClientCertificateBoundAccessTokens() { - return tlsClientCertificateBoundAccessTokens; + public boolean getTlsClientCertificateBoundAccessTokens() { + return tlsClientCertificateBoundAccessTokens == null ? false : tlsClientCertificateBoundAccessTokens; } public List getRequestObjectEncryptionAlgValuesSupported() { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java new file mode 100644 index 00000000000..3773451f682 --- /dev/null +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java @@ -0,0 +1,378 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.http.oidc; + +import org.wildfly.security.jose.util.JsonSerialization; + +import org.junit.BeforeClass; +import org.junit.Test; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.List; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +/** + * Test OIDC json config class to return of values. + */ +public class OidcProviderMetadataTest { + private static OidcProviderMetadata oidcProviderMetadata; + private static OidcProviderMetadata emptyOidcProviderMetadata; + private static OidcProviderMetadata withoutOptionalsOidcProviderMetadata; + + @BeforeClass + public static void setUp() throws IOException { + // load the control data + ByteArrayInputStream is = new ByteArrayInputStream(providerMetaData.getBytes()); + oidcProviderMetadata = JsonSerialization.readValue(is, OidcProviderMetadata.class); + is.close(); + + // control data to check variable inits in OidcProviderMetadata + is = new ByteArrayInputStream(emptyProviderMetaData.getBytes()); + emptyOidcProviderMetadata = JsonSerialization.readValue(is, OidcProviderMetadata.class); + is.close(); + + is = new ByteArrayInputStream(withoutOptionalsProviderMetaData.getBytes()); + withoutOptionalsOidcProviderMetadata = JsonSerialization.readValue(is, OidcProviderMetadata.class); + is.close(); + } + + @Test + public void testIssuer() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm".equals(oidcProviderMetadata.getIssuer())); + assertTrue("http://localhost:8080/realms/myrealm".equals(withoutOptionalsOidcProviderMetadata.getIssuer())); + assertNull(emptyOidcProviderMetadata.getIssuer()); + } + + @Test + public void testAuthorizationEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/auth".equals(oidcProviderMetadata.getAuthorizationEndpoint())); + assertTrue("http://localhost:8080/auth".equals(withoutOptionalsOidcProviderMetadata.getAuthorizationEndpoint())); + assertNull(emptyOidcProviderMetadata.getAuthorizationEndpoint()); + } + + @Test + public void testTokenEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/token".equals(oidcProviderMetadata.getTokenEndpoint())); + assertTrue("http://localhost:8080/token".equals(withoutOptionalsOidcProviderMetadata.getTokenEndpoint())); + assertNull(emptyOidcProviderMetadata.getTokenEndpoint()); + } + + @Test + public void testIntrospectionEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/token/introspect".equals(oidcProviderMetadata.getIntrospectionEndpoint())); + assertTrue("http://localhost:8080/introspect".equals(withoutOptionalsOidcProviderMetadata.getIntrospectionEndpoint())); + assertNull(emptyOidcProviderMetadata.getIntrospectionEndpoint()); + } + + @Test + public void testUserinfoEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/userinfo".equals(oidcProviderMetadata.getUserinfoEndpoint())); + assertTrue("http://localhost:8080/userinfo".equals(withoutOptionalsOidcProviderMetadata.getUserinfoEndpoint())); + assertNull(emptyOidcProviderMetadata.getUserinfoEndpoint()); + } + + @Test + public void testLogoutEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/logout".equals(oidcProviderMetadata.getLogoutEndpoint())); + assertTrue("http://localhost:8080/logout".equals(withoutOptionalsOidcProviderMetadata.getLogoutEndpoint())); + assertNull(emptyOidcProviderMetadata.getLogoutEndpoint()); + } + + @Test + public void testJwksUri() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/certs".equals(oidcProviderMetadata.getJwksUri())); + assertTrue("http://localhost:8080/certs".equals(withoutOptionalsOidcProviderMetadata.getJwksUri())); + assertNull(emptyOidcProviderMetadata.getJwksUri()); + } + + @Test + public void testCheckSessionIframe() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/login-status-iframe.html".equals(oidcProviderMetadata.getCheckSessionIframe())); + assertTrue("http://localhost:8080/login-status-iframe.html".equals(withoutOptionalsOidcProviderMetadata.getCheckSessionIframe())); + assertNull(emptyOidcProviderMetadata.getCheckSessionIframe()); + } + + @Test + public void testGrantTypesSupported() throws Exception { + List l = oidcProviderMetadata.getGrantTypesSupported(); + assertTrue(l.contains("refresh_token")); + assertNull(emptyOidcProviderMetadata.getGrantTypesSupported()); + } + + @Test + public void testResponseTypesSupported() throws Exception { + List l = oidcProviderMetadata.getResponseTypesSupported(); + assertTrue(l.contains("code id_token")); + assertNull(emptyOidcProviderMetadata.getResponseTypesSupported()); + } + + @Test + public void testSubjectTypesSupported() throws Exception { + List l = oidcProviderMetadata.getSubjectTypesSupported(); + assertTrue(l.contains("pairwise")); + assertNull(emptyOidcProviderMetadata.getSubjectTypesSupported()); + } + + @Test + public void testIdTokenSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getIdTokenSigningAlgValuesSupported(); + assertTrue(l.contains("HS256")); + assertNull(emptyOidcProviderMetadata.getIdTokenSigningAlgValuesSupported()); + } + + @Test + public void testIdTokenEncryptionAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getIdTokenEncryptionAlgValuesSupported(); + assertTrue(l.contains("RSA1_5")); + assertNull(emptyOidcProviderMetadata.getIdTokenEncryptionAlgValuesSupported()); + } + + @Test + public void testIdTokenEncryptionEncValuesSupported() throws Exception { + List l = oidcProviderMetadata.getIdTokenEncryptionEncValuesSupported(); + assertTrue(l.contains("A128CBC-HS256")); + assertNull(emptyOidcProviderMetadata.getIdTokenEncryptionEncValuesSupported()); + } + + @Test + public void testUserInfoSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getUserInfoSigningAlgValuesSupported(); + assertTrue(l.contains("EdDSA")); + assertNull(emptyOidcProviderMetadata.getUserInfoSigningAlgValuesSupported()); + } + + @Test + public void testRequestObjectSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRequestObjectSigningAlgValuesSupported(); + assertTrue(l.contains("RS384")); + assertNull(emptyOidcProviderMetadata.getRequestObjectSigningAlgValuesSupported()); + assertNull(withoutOptionalsOidcProviderMetadata.getRequestObjectSigningAlgValuesSupported()); + } + + @Test + public void testResponseModesSupported() throws Exception { + List l = oidcProviderMetadata.getResponseModesSupported(); + assertTrue(l.contains("query.jwt")); + assertNull(emptyOidcProviderMetadata.getResponseModesSupported()); + } + + @Test + public void testRegistrationEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/clients-registrations/openid-connect".equals(oidcProviderMetadata.getRegistrationEndpoint())); + assertTrue("http://localhost:8080/openid-connect".equals(withoutOptionalsOidcProviderMetadata.getRegistrationEndpoint())); + assertNull(emptyOidcProviderMetadata.getRegistrationEndpoint()); + } + + @Test + public void testTokenEndpointAuthMethodsSupported() throws Exception { + List l = oidcProviderMetadata.getTokenEndpointAuthMethodsSupported(); + assertTrue(l.contains("client_secret_basic")); + assertNull(emptyOidcProviderMetadata.getTokenEndpointAuthMethodsSupported()); + } + + @Test + public void testTokenEndpointAuthSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getTokenEndpointAuthSigningAlgValuesSupported(); + assertTrue(l.contains("PS384")); + assertNull(emptyOidcProviderMetadata.getTokenEndpointAuthSigningAlgValuesSupported()); + } + + @Test + public void testClaimsSupported() throws Exception { + List l = oidcProviderMetadata.getClaimsSupported(); + assertTrue(l.contains("given_name")); + assertNull(emptyOidcProviderMetadata.getClaimsSupported()); + } + + @Test + public void testClaimTypesSupported() throws Exception { + List l = oidcProviderMetadata.getClaimTypesSupported(); + assertTrue(l.contains("normal")); + assertNull(emptyOidcProviderMetadata.getClaimTypesSupported()); + } + + @Test + public void testClaimsParameterSupported() throws Exception { + assertTrue(oidcProviderMetadata.getClaimsParameterSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getClaimsParameterSupported()); + } + + @Test + public void testScopesSupported() throws Exception { + List l = oidcProviderMetadata.getScopesSupported(); + assertTrue(l.contains("offline_access")); + assertNull(emptyOidcProviderMetadata.getScopesSupported()); + } + + @Test + public void testRequestParameterSupported() throws Exception { + assertTrue(oidcProviderMetadata.getRequestParameterSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getRequestParameterSupported()); + } + + @Test + public void testRequestUriParameterSupported() throws Exception { + assertTrue(oidcProviderMetadata.getRequestUriParameterSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getRequestUriParameterSupported()); + } + + @Test + public void testPushedAuthorizationRequestEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/ext/par/request".equals(oidcProviderMetadata.getPushedAuthorizationRequestEndpoint())); + assertNull(emptyOidcProviderMetadata.getPushedAuthorizationRequestEndpoint()); + assertNull(withoutOptionalsOidcProviderMetadata.getPushedAuthorizationRequestEndpoint()); + } + + @Test + public void testRevocationEndpoint() throws Exception { + assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/revoke".equals(oidcProviderMetadata.getRevocationEndpoint())); + assertTrue("http://localhost:8080/revoke".equals(withoutOptionalsOidcProviderMetadata.getRevocationEndpoint())); + assertNull(emptyOidcProviderMetadata.getRevocationEndpoint()); + } + + @Test + public void testRevocationEndpointAuthMethodsSupported() throws Exception { + List l = oidcProviderMetadata.getRevocationEndpointAuthMethodsSupported(); + assertTrue(l.contains("client_secret_basic")); + assertNull(emptyOidcProviderMetadata.getRevocationEndpointAuthMethodsSupported()); + } + + @Test + public void testRevocationEndpointAuthSigningAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRevocationEndpointAuthSigningAlgValuesSupported(); + assertTrue(l.contains("RS384")); + assertNull(emptyOidcProviderMetadata.getRevocationEndpointAuthSigningAlgValuesSupported()); + } + + @Test + public void testBackchannelLogoutSupported() throws Exception { + assertTrue(oidcProviderMetadata.getBackchannelLogoutSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getBackchannelLogoutSupported()); + } + + @Test + public void testBackchannelLogoutSessionSupported() throws Exception { + assertTrue(oidcProviderMetadata.getBackchannelLogoutSessionSupported()); + assertFalse(withoutOptionalsOidcProviderMetadata.getBackchannelLogoutSessionSupported()); + } + + @Test + public void testCodeChallengeMethodsSupported() throws Exception { + List l = oidcProviderMetadata.getCodeChallengeMethodsSupported(); + assertTrue(l.contains("S256")); + assertNull(emptyOidcProviderMetadata.getCodeChallengeMethodsSupported()); + } + + @Test + public void testTlsClientCertificateBoundAccessTokens() throws Exception { + assertTrue(oidcProviderMetadata.getTlsClientCertificateBoundAccessTokens()); + assertFalse(withoutOptionalsOidcProviderMetadata.getTlsClientCertificateBoundAccessTokens()); + } + + @Test + public void testRequestObjectEncryptionEncValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported(); + assertTrue(l.contains("A192GCM")); + assertNull(emptyOidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported()); + assertNull(withoutOptionalsOidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported()); + } + + @Test + public void testRequestObjectEncryptionAlgValuesSupported() throws Exception { + List l = oidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported(); + assertTrue(l.contains("RSA1_5")); + assertNull(emptyOidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported()); + assertNull(withoutOptionalsOidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported()); + } + + // Control data taken from keycloak + private static final String providerMetaData = "{\n" + + "\"issuer\":\"http://localhost:8080/realms/myrealm\"\n" + + ",\"authorization_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/auth\"\n" + + ",\"token_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/token\"\n" + + ",\"introspection_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/token/introspect\"\n" + + ",\"userinfo_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/userinfo\"\n" + + ",\"end_session_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/logout\"\n" + + ",\"jwks_uri\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/certs\"\n" + + ",\"check_session_iframe\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/login-status-iframe.html\"\n" + + ",\"grant_types_supported\":[\"authorization_code\",\"implicit\",\"refresh_token\",\"password\",\"client_credentials\",\"urn:openid:params:grant-type:ciba\",\"urn:ietf:params:oauth:grant-type:device_code\"]\n" + + ",\"response_types_supported\":[\"code\",\"none\",\"id_token\",\"token\",\"id_token token\",\"code id_token\",\"code token\",\"code id_token token\"]\n" + + ",\"subject_types_supported\":[\"public\",\"pairwise\"]\n" + + ",\"id_token_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]\n" + + ",\"id_token_encryption_alg_values_supported\":[\"RSA-OAEP\",\"RSA-OAEP-256\",\"RSA1_5\"]\n" + + ",\"id_token_encryption_enc_values_supported\":[\"A256GCM\",\"A192GCM\",\"A128GCM\",\"A128CBC-HS256\",\"A192CBC-HS384\",\"A256CBC-HS512\"]\n" + + ",\"userinfo_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\",\"none\"]\n" + + ",\"request_object_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\",\"none\"]\n" + + ",\"response_modes_supported\":[\"query\",\"fragment\",\"form_post\",\"query.jwt\",\"fragment.jwt\",\"form_post.jwt\",\"jwt\"]\n" + + ",\"registration_endpoint\":\"http://localhost:8080/realms/myrealm/clients-registrations/openid-connect\"\n" + + ",\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\",\"tls_client_auth\",\"client_secret_jwt\"]\n" + + ",\"token_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]\n" + + ",\"claims_supported\":[\"aud\",\"sub\",\"iss\",\"auth_time\",\"name\",\"given_name\",\"family_name\",\"preferred_username\",\"email\",\"acr\"]\n" + + ",\"claim_types_supported\":[\"normal\"]\n" + + ",\"claims_parameter_supported\":true\n" + + ",\"scopes_supported\":[\"openid\",\"address\",\"profile\",\"offline_access\",\"microprofile-jwt\",\"acr\",\"web-origins\",\"basic\",\"email\",\"roles\",\"phone\"]\n" + + ",\"request_parameter_supported\":true\n" + + ",\"request_uri_parameter_supported\":true\n" + + ",\"pushed_authorization_request_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/ext/par/request\"\n" + + ",\"revocation_endpoint\":\"http://localhost:8080/realms/myrealm/protocol/openid-connect/revoke\"\n" + + ",\"revocation_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\",\"tls_client_auth\",\"client_secret_jwt\"]\n" + + ",\"revocation_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\",\"ES384\",\"HS256\",\"HS512\",\"ES256\",\"RS256\",\"HS384\",\"ES512\",\"PS256\",\"PS512\",\"RS512\"]\n" + + ",\"backchannel_logout_supported\":true\n" + + ",\"backchannel_logout_session_supported\":true\n" + + ",\"code_challenge_methods_supported\":[\"plain\",\"S256\"]\n" + + ",\"tls_client_certificate_bound_access_tokens\":true\n" + + ",\"request_object_encryption_enc_values_supported\":[\"A256GCM\",\"A192GCM\",\"A128GCM\",\"A128CBC-HS256\",\"A192CBC-HS384\",\"A256CBC-HS512\"]\n" + + ",\"request_object_encryption_alg_values_supported\":[\"RSA-OAEP\",\"RSA-OAEP-256\",\"RSA1_5\"]\n" + + "}"; + + private static final String emptyProviderMetaData = "{}"; + + private static final String withoutOptionalsProviderMetaData = "{\n" + + "\"issuer\":\"http://localhost:8080/realms/myrealm\"\n" + + ",\"authorization_endpoint\":\"http://localhost:8080/auth\"\n" + + ",\"token_endpoint\":\"http://localhost:8080/token\"\n" + + ",\"introspection_endpoint\":\"http://localhost:8080/introspect\"\n" + + ",\"userinfo_endpoint\":\"http://localhost:8080/userinfo\"\n" + + ",\"end_session_endpoint\":\"http://localhost:8080/logout\"\n" + + ",\"jwks_uri\":\"http://localhost:8080/certs\"\n" + + ",\"check_session_iframe\":\"http://localhost:8080/login-status-iframe.html\"\n" + + ",\"grant_types_supported\":[\"authorization_code\",\"implicit\"]\n" + + ",\"response_types_supported\":[\"code\",\"none\",\"id_token\",\"token\"]\n" + + ",\"subject_types_supported\":[\"public\",\"pairwise\"]\n" + + ",\"id_token_signing_alg_values_supported\":[\"PS384\"]\n" + + ",\"id_token_encryption_alg_values_supported\":[\"RSA-OAEP\",\"RSA-OAEP-256\",\"RSA1_5\"]\n" + + ",\"id_token_encryption_enc_values_supported\":[\"A256GCM\"]\n" + + ",\"userinfo_signing_alg_values_supported\":[\"PS384\",\"none\"]\n" + + ",\"response_modes_supported\":[\"query\",\"fragment\",\"form_post.jwt\",\"jwt\"]\n" + + ",\"registration_endpoint\":\"http://localhost:8080/openid-connect\"\n" + + ",\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\"]\n" + + ",\"token_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\"]\n" + + ",\"claims_supported\":[\"aud\",\"sub\"]\n" + + ",\"claim_types_supported\":[\"normal\"]\n" + + ",\"scopes_supported\":[\"openid\",\"address\",\"profile\"]\n" + + ",\"revocation_endpoint\":\"http://localhost:8080/revoke\"\n" + + ",\"revocation_endpoint_auth_methods_supported\":[\"private_key_jwt\"]\n" + + ",\"revocation_endpoint_auth_signing_alg_values_supported\":[\"PS384\",\"RS384\",\"EdDSA\"]\n" + + ",\"code_challenge_methods_supported\":[\"plain\",\"S256\"]\n" + + "}"; +} From 5ed42fd628815a297bc154d26bcbbd4d9886a56b Mon Sep 17 00:00:00 2001 From: petrberan Date: Fri, 3 Jun 2022 14:17:43 +0200 Subject: [PATCH 189/205] [ELY-2082] Optimise Tool Help Text --- pom.xml | 6 + tool/pom.xml | 4 + .../security/tool/CredentialStoreCommand.java | 21 +-- .../wildfly/security/tool/ElytronTool.java | 37 ++++-- .../security/tool/ElytronToolMessages.java | 35 ++--- .../tool/FileSystemEncryptRealmCommand.java | 21 +-- .../security/tool/FileSystemRealmCommand.java | 21 +-- .../tool/FileSystemRealmIntegrityCommand.java | 21 +-- .../wildfly/security/tool/MaskCommand.java | 21 +-- .../wildfly/security/tool/VaultCommand.java | 21 +-- .../security/tool/help/CommandsSection.java | 114 ++++++++++++++++ .../tool/help/DescriptionSection.java | 43 ++++++ .../security/tool/help/HelpCommand.java | 115 +++++++++++++++++ .../security/tool/help/HelpSection.java | 122 ++++++++++++++++++ .../security/tool/help/OptionsSection.java | 55 ++++++++ .../security/tool/help/UsageSection.java | 56 ++++++++ 16 files changed, 641 insertions(+), 72 deletions(-) create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java create mode 100644 tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java diff --git a/pom.xml b/pom.xml index f3fdca5b17d..a8777581051 100644 --- a/pom.xml +++ b/pom.xml @@ -100,6 +100,7 @@ 2.40.0 2.3.0 3.1.0.Final + 2.7 INFO @@ -1001,6 +1002,11 @@ jose4j ${version.org.bitbucket.b_c.jose4j} + + org.aesh + aesh + ${version.org.aesh} + diff --git a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java index 493d5df134c..3f6d765d73a 100644 --- a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java @@ -46,7 +46,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; @@ -69,6 +68,10 @@ import org.wildfly.security.password.interfaces.ClearPassword; import org.wildfly.security.pem.Pem; import org.wildfly.security.ssh.util.SshUtil; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import static org.wildfly.security.tool.Params.ALIAS_PARAM; import static org.wildfly.security.tool.Params.CREATE_CREDENTIAL_STORE_PARAM; @@ -959,13 +962,15 @@ protected Set aliases() { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), CREDENTIAL_STORE_COMMAND), - ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(CREDENTIAL_STORE_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } static Map parseCredentialStoreProperties(final String attributeString) { diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java b/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java index 2cae692d978..1111c9ad6af 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronTool.java @@ -20,10 +20,17 @@ import org.apache.commons.cli.AlreadySelectedException; import org.apache.commons.cli.Option; import org.wildfly.security.WildFlyElytronProvider; +import org.wildfly.security.tool.help.CommandsSection; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import java.security.Security; import java.util.HashMap; import java.util.Map; +import java.util.SortedMap; +import java.util.TreeMap; /** * Elytron Tool main class which drives all registered commands. @@ -131,15 +138,27 @@ private static void configureLogManager() { } private void generalHelp() { - System.out.print(ElytronToolMessages.msg.generalHelpTitle()); - System.out.println(); - for (Command c: commandRegistry.values()) { - if (scriptName != null) { - c.setToolCommand(scriptName); - } - c.help(); - System.out.println(); - } + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdElytronToolDescription()); + UsageSection usageSection = new UsageSection(null, null); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.generalHelpOptionsOpening(), null); + + // Using SortedMap so commands are in alphabetical order + SortedMap commandsMap = new TreeMap<>(); + commandsMap.put(CredentialStoreCommand.CREDENTIAL_STORE_COMMAND, ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader()); + commandsMap.put(VaultCommand.VAULT_COMMAND, ElytronToolMessages.msg.cmdVaultHelpHeader()); + commandsMap.put(FileSystemRealmCommand.FILE_SYSTEM_REALM_COMMAND, ElytronToolMessages.msg.cmdFileSystemRealmHelpHeader()); + commandsMap.put(FileSystemEncryptRealmCommand.FILE_SYSTEM_ENCRYPT_COMMAND, ElytronToolMessages.msg.cmdFileSystemEncryptHelpHeader()); + commandsMap.put(MaskCommand.MASK_COMMAND, ElytronToolMessages.msg.cmdMaskHelpHeader()); + commandsMap.put(FileSystemRealmIntegrityCommand.FILE_SYSTEM_REALM_INTEGRITY_COMMAND, ElytronToolMessages.msg.cmdFileSystemIntegrityHelpHeader()); + CommandsSection commandsSection = new CommandsSection(commandsMap); + + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .commands(commandsSection) + .build(); + helpCommand.printHelp(); } Command findCommand(String commandName) { diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java index 6a023c4f1d2..4b876d33b25 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java @@ -105,25 +105,25 @@ public interface ElytronToolMessages extends BasicLogger { "Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.") String cmdLineCustomCredentialStoreProviderDesc(); - @Message(id = NONE, value = "Create credential store (Action)") + @Message(id = NONE, value = "* Create credential store") String cmdLineCreateCredentialStoreDesc(); @Message(id = NONE, value = "Credential store type") String cmdLineCredentialStoreTypeDesc(); - @Message(id = NONE, value = "Add new alias to the credential store (Action)") + @Message(id = NONE, value = "* Add new alias to the credential store") String cmdLineAddAliasDesc(); - @Message(id = NONE, value = "Remove alias from the credential store (Action)") + @Message(id = NONE, value = "* Remove alias from the credential store") String cmdLineRemoveAliasDesc(); - @Message(id = NONE, value = "Check if alias exists within the credential store (Action)") + @Message(id = NONE, value = "* Check if alias exists within the credential store") String cmdLineCheckAliasDesc(); - @Message(id = NONE, value = "Display all aliases (Action)") + @Message(id = NONE, value = "* Display all aliases") String cmdLineAliasesDesc(); - @Message(id = NONE, value = "Display all types of stored credentials for given alias (Action)") + @Message(id = NONE, value = "* Display all types of stored credentials for given alias") String cmdLineAliasTypes(); @Message(id = NONE, value = "Generate private and public key pair and store them as a KeyPairCredential") @@ -159,7 +159,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Print summary, especially command how to create this credential store") String cmdLinePrintSummary(); - @Message(id = NONE, value = "Get help with usage of this command (Action)") + @Message(id = NONE, value = "* Get help with usage of this command") String cmdLineHelp(); @Message(id = NONE, value = "Alias \"%s\" exists") @@ -281,7 +281,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "CLI command to add new credential store:%n") String cliCommandToNewCredentialStore(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. All options have no default value and should be set in the file. (Action)%n" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. All options have no default value and should be set in the file.%n" + "All options are required with the exceptions:%n" + " - \"properties\" option%n - \"type\" option (defaults to \"KeyStoreCredentialStore\")%n - \"credential-store-provider\" option%n - \"other-providers\" option%n" + " - \"salt\" and \"iteration\" options can be omitted when plain-text password is used%n" + @@ -406,7 +406,7 @@ public interface ElytronToolMessages extends BasicLogger { String longOptionDescription(String option, String longOption); // filesystem-realm command - @Message(id = NONE, value = "'FileSystemRealm' command is used to convert legacy properties files and scripts to an Elytron FileSystemRealm.") + @Message(id = NONE, value = "\"filesystem-realm\" command is used to convert legacy properties files and scripts to an Elytron FileSystemRealm.") String cmdFileSystemRealmHelpHeader(); @Message(id = NONE, value = "The relative or absolute path to the users file.") @@ -489,7 +489,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Name of the security-domain to be configured.") String cmdFileSystemRealmSecurityDomainNameDesc(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %n" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. Optional options have default values, required options do not.%n" + "The options fileSystemRealmName and securityDomainName are optional. %n" + "These optional options have default values of: converted-properties-filesystem-realm and converted-properties-security-domain. %n" + "Values are required for the following options: users-file, roles-file, and output-location. %n" + @@ -498,7 +498,7 @@ public interface ElytronToolMessages extends BasicLogger { "Blocks of options must be separated by a blank line.") String cmdFileSystemRealmBulkConvertDesc(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %n" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. Optional options have default values, required options do not. %n" + "The options realm-name, hash-encoding, levels, secret-key, create, populate, keystore, type, password, password-env, and key-pair are optional. %n" + "Values are required for the following options: input-location, output-location, and credential-store. %n" + "The default values of realm-name, hash-encoding, hash-charset, levels, secret-key, create, and populate are encrypted-filesystem-realm, BASE64, UTF-8, 2, key, true, and true respectively. %n" + @@ -508,7 +508,7 @@ public interface ElytronToolMessages extends BasicLogger { "Blocks of options must be separated by a blank line.") String cmdFileSystemRealmEncryptBulkConvertDesc(); - @Message(id = NONE, value = "Bulk conversion with options listed in description file. (Action)" + + @Message(id = NONE, value = "* Bulk conversion with options listed in description file. " + "Optional options have defaults and can be skipped ([type, default_or_NULL]), required options do not (). %n" + "One of either password or password-env is required. %n" + "Blocks of options must be separated by a blank line; order is not important. Syntax: %n" + @@ -519,7 +519,7 @@ public interface ElytronToolMessages extends BasicLogger { String cmdFileSystemRealmIntegrityBulkConvertDesc(); // filesystem-realm encrypt command - @Message(id = NONE, value = "'FileSystemRealmEncrypt' command is used to convert non-empty, un-encrypted FileSystemSecurityRealm(s) to encrypted FileSystemSecurityRealm(s) with a SecretKey.") + @Message(id = NONE, value = "\"filesystem-realm-encrypt\" command is used to convert non-empty, un-encrypted FileSystemSecurityRealm(s) to encrypted FileSystemSecurityRealm(s) with a SecretKey.") String cmdFileSystemEncryptHelpHeader(); @Message(id = NONE, value = "Secret Key was not found in the Credential Store at %s, and populate option was not set. Skipping descriptor file block number %d.") @@ -669,7 +669,7 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Should file %s be overwritten? (y/n) ") String shouldFileBeOverwritten(String file); - @Message(id = NONE, value = "\nSome of the parameters below are mutually exclusive actions which are marked with (Action) in the description.") + @Message(id = NONE, value = "Some of the parameters below are mutually exclusive actions which are marked with * in the description.") String cmdLineActionsHelpHeader(); @Message(id = NONE, value = "Key size (bits).") @@ -738,8 +738,13 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "No Credential Store location or Secret Key Alias specified.") MissingOptionException missingCredentialStoreSecretKey(); + @Message(id = NONE, value = "To get list of options for a specific command, please specify the command by using ./elytron-tool.sh [command] --help") + String generalHelpOptionsOpening(); + + @Message(id = NONE, value = "A tool that assists with Elytron configuration") + String cmdElytronToolDescription(); + // Numeric Errors @Message(id = 35, value = "Only one of '%s' and '%s' can be specified at the same time") IllegalArgumentException mutuallyExclusiveOptions(String first, String second); - } diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java index c5e858827a4..844332d76de 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java @@ -65,7 +65,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; @@ -73,6 +72,10 @@ import org.wildfly.security.auth.realm.FileSystemSecurityRealm; import org.wildfly.security.auth.realm.FileSystemSecurityRealmBuilder; import org.wildfly.security.password.spec.Encoding; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; /** * Elytron-Tool command to convert un-encrypted FileSystemRealms into an encrypted realm with the use of a SecretKey. @@ -576,13 +579,15 @@ public void execute(String[] args) throws Exception { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), FILE_SYSTEM_ENCRYPT_COMMAND), - ElytronToolMessages.msg.cmdFileSystemEncryptHelpHeader(), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(FILE_SYSTEM_ENCRYPT_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdFileSystemEncryptHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } /** diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java index 2bf21d4e484..aff167ece0b 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmCommand.java @@ -48,7 +48,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.lang3.ArrayUtils; @@ -63,6 +62,10 @@ import org.wildfly.security.password.interfaces.DigestPassword; import org.wildfly.security.password.spec.DigestPasswordSpec; import org.wildfly.security.password.spec.PasswordSpec; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; /** * Elytron-Tool command to convert legacy properties file into a FileSystemRealm. @@ -298,13 +301,15 @@ public void execute(String[] args) throws Exception { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), FILE_SYSTEM_REALM_COMMAND), - ElytronToolMessages.msg.cmdFileSystemRealmHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(FILE_SYSTEM_REALM_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdFileSystemRealmHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } @Override diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java index 176b824dfd1..33de909669f 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java @@ -72,7 +72,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; @@ -80,6 +79,10 @@ import org.wildfly.security.auth.realm.FileSystemSecurityRealm; import org.wildfly.security.auth.realm.FileSystemSecurityRealmBuilder; import org.wildfly.security.password.spec.Encoding; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; /** * Elytron Tool command to enable integrity checking in filesystem realms that previously did not have it enabled. If @@ -610,13 +613,15 @@ public void execute(String[] args) throws Exception { /** Displays the help screen for the command */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), FILE_SYSTEM_REALM_INTEGRITY_COMMAND), - ElytronToolMessages.msg.cmdFileSystemIntegrityHelpHeader(), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(FILE_SYSTEM_REALM_INTEGRITY_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdFileSystemIntegrityHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } /** diff --git a/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java b/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java index bf029f0e6ee..154a95d9582 100644 --- a/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/MaskCommand.java @@ -23,9 +23,12 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import org.wildfly.security.util.PasswordBasedEncryptionUtil; import static org.wildfly.security.tool.Params.DEBUG_PARAM; @@ -158,12 +161,14 @@ static char[] decryptMasked(String maskedPassword) throws GeneralSecurityExcepti */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), MASK_COMMAND), - ElytronToolMessages.msg.cmdMaskHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(MASK_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdMaskHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } } diff --git a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java index edf7fb18acb..3637c9ba667 100644 --- a/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/VaultCommand.java @@ -54,7 +54,6 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; -import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.wildfly.security.auth.SupportLevel; @@ -67,6 +66,10 @@ import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore; import org.wildfly.security.credential.store.impl.VaultCredentialStore; import org.wildfly.security.password.interfaces.ClearPassword; +import org.wildfly.security.tool.help.DescriptionSection; +import org.wildfly.security.tool.help.HelpCommand; +import org.wildfly.security.tool.help.OptionsSection; +import org.wildfly.security.tool.help.UsageSection; import org.wildfly.security.util.PasswordBasedEncryptionUtil; /** @@ -245,13 +248,15 @@ private void checkInvalidOptions(String... invalidOptions) throws Exception { */ @Override public void help() { - HelpFormatter help = new HelpFormatter(); - help.setWidth(WIDTH); - help.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), VAULT_COMMAND), - ElytronToolMessages.msg.cmdVaultHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), - options, - "", - true); + OptionsSection optionsSection = new OptionsSection(ElytronToolMessages.msg.cmdLineActionsHelpHeader(), options); + UsageSection usageSection = new UsageSection(VAULT_COMMAND, null); + DescriptionSection descriptionSection = new DescriptionSection(ElytronToolMessages.msg.cmdVaultHelpHeader()); + HelpCommand helpCommand = HelpCommand.HelpCommandBuilder.builder() + .description(descriptionSection) + .usage(usageSection) + .options(optionsSection) + .build(); + helpCommand.printHelp(); } private String convertedStoreName(String encryptionDirectory, Map implProps) { diff --git a/tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java b/tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java new file mode 100644 index 00000000000..46fa6086c9c --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/CommandsSection.java @@ -0,0 +1,114 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import java.util.Map; + +/** + * Command section of Elytron help command + * + * @author Petr Beran + */ +public class CommandsSection extends HelpSection { + + private final String sectionTitle; + private final Map sectionContent; + + public CommandsSection(Map commands) { + this.sectionTitle = "Commands"; + this.sectionContent = commands; + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + if (sectionContent != null) { + + // Find the longest commandName + // This is needed to make sure that all descriptions start at the same index + int longestCommand = 0; + for (String command : sectionContent.keySet()) { + if (command.length() > longestCommand) { + longestCommand = command.length(); + } + } + for (Map.Entry command : sectionContent.entrySet()) { + formatAndPrintCommand(command.getKey(), command.getValue(), longestCommand); + } + } + } + + /** + * Formats and prints command and it's respective description + * + * @param commandName Command's name + * @param commandDescription Command's description + * @param longestCommand Length of the longest commands. Ensures that all descriptions start at the same column + */ + protected void formatAndPrintCommand(String commandName, final CharSequence commandDescription, final int longestCommand) { + CharSequence descriptionText = commandDescription; + final StringBuilder stringBuilder = new StringBuilder(); + + int minCommandAndDescGap = 4; // Gap between the longest commandName and its commandDescription + int commandDescriptionStartingIndex = longestCommand + minCommandAndDescGap + leftPadding; // Starting index of all commandDescriptions in the map + int commandDescriptionLength = lineWidth - commandDescriptionStartingIndex; + + appendGap(stringBuilder, leftPadding); + stringBuilder.append(commandName); + + // Append a gap so that all commandDescriptions in the map start at the same index + int realGap = commandDescriptionStartingIndex - leftPadding - commandName.length(); + appendGap(stringBuilder, realGap); + + // If the commandDescription fits one line, simply append it + if (descriptionText.length() <= commandDescriptionLength) { + stringBuilder.append(descriptionText); + stringBuilder.append(System.lineSeparator()); + } + else { + int lineIndex = checkForWhitespaceIndex(descriptionText, commandDescriptionLength); + + // Append the commandDescription that fits on a single line and remove it from the descriptionText + stringBuilder.append(descriptionText.subSequence(0,lineIndex)); + descriptionText = descriptionText.subSequence(lineIndex+1, descriptionText.length()); + stringBuilder.append(System.lineSeparator()); + + // Appends commandDescriptions from second row onward + while(0 < descriptionText.length()) { + + // Append a gap so that all commandDescriptions in the map start at the same index + appendGap(stringBuilder, commandDescriptionStartingIndex); + + // If the commandDescription fits one line, simply append it and end the while loop + if (descriptionText.length() <= commandDescriptionLength) { + stringBuilder.append(descriptionText); + stringBuilder.append(System.lineSeparator()); + break; + } + + lineIndex = checkForWhitespaceIndex(descriptionText, commandDescriptionLength); + + // Append the commandDescription that fits on a single line and remove it from the descriptionText + stringBuilder.append(descriptionText.subSequence(0,lineIndex)); + descriptionText = descriptionText.subSequence(lineIndex+1, descriptionText.length()); + stringBuilder.append(System.lineSeparator()); + } + } + printText(stringBuilder.toString()); + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java b/tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java new file mode 100644 index 00000000000..8721093e15f --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/DescriptionSection.java @@ -0,0 +1,43 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +/** + * Description section of Elytron help command + * + * @author Petr Beran + */ +public class DescriptionSection extends HelpSection { + + private final String sectionTitle; + private final String sectionContent; + + + public DescriptionSection(String sectionContent) { + this.sectionTitle = "Description"; + this.sectionContent = sectionContent; + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + if (sectionContent != null) { + formatAndPrintSectionContext(sectionContent); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java b/tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java new file mode 100644 index 00000000000..342cd2457af --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/HelpCommand.java @@ -0,0 +1,115 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import org.aesh.readline.tty.terminal.TerminalConnection; + +import java.io.IOException; +import java.nio.charset.Charset; +import java.util.ArrayList; +import java.util.List; + +/** + * Provides help for the Elytron Tool command + * + * @author Petr Beran + */ +public class HelpCommand { + + private final List helpSections; + private static TerminalConnection terminalConnection; + + private HelpCommand(HelpCommandBuilder helpCommandBuilder) { + this.helpSections = helpCommandBuilder.helpSections; + } + + /** + * Displays all sections for the help command + */ + public void printHelp() { + if (terminalConnection == null) { + try { + terminalConnection = new TerminalConnection(Charset.defaultCharset(), System.in, System.out); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + terminalConnection.write(System.lineSeparator()); + for (HelpSection helpSection : helpSections){ + helpSection.printHelp(); + } + terminalConnection.close(); + } + + public static TerminalConnection getTerminal() { + return terminalConnection; + } + + public static class HelpCommandBuilder { + + private UsageSection usageSection; + private DescriptionSection descriptionSection; + private CommandsSection commandsSection; + private OptionsSection optionsSection; + + private final List helpSections = new ArrayList<>(); + + private HelpCommandBuilder() {} + + public static HelpCommandBuilder builder() { + return new HelpCommandBuilder(); + } + + public HelpCommandBuilder usage(UsageSection usageSection) { + this.usageSection = usageSection; + return this; + } + + public HelpCommandBuilder description(DescriptionSection descriptionSection) { + this.descriptionSection = descriptionSection; + return this; + } + + public HelpCommandBuilder commands(CommandsSection commandsSection) { + this.commandsSection = commandsSection; + return this; + } + + public HelpCommandBuilder options(OptionsSection optionsSection) { + this.optionsSection = optionsSection; + return this; + } + + public HelpCommand build() { + // Ensures that all sections are in specific order and the order cannot be tampered with + if (descriptionSection != null) { + helpSections.add(descriptionSection); + } + if (usageSection != null) { + helpSections.add(usageSection); + } + if (commandsSection != null) { + helpSections.add(commandsSection); + } + if (optionsSection != null) { + helpSections.add(optionsSection); + } + return new HelpCommand(this); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java b/tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java new file mode 100644 index 00000000000..a6f5a6727f4 --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/HelpSection.java @@ -0,0 +1,122 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import org.aesh.readline.terminal.formatting.CharacterType; +import org.aesh.readline.terminal.formatting.Color; +import org.aesh.readline.terminal.formatting.TerminalColor; +import org.aesh.readline.terminal.formatting.TerminalString; +import org.aesh.readline.terminal.formatting.TerminalTextStyle; +import org.aesh.readline.tty.terminal.TerminalConnection; + +/** + * General section of Elytron help command + * All Elytron help command sections should extend this one + * + * @author Petr Beran + */ +public abstract class HelpSection { + + final int leftPadding = 4; + final int lineWidth = 120; + final int textWidth = lineWidth - leftPadding; + + /** + * Displays help of specific section + */ + public abstract void printHelp(); + + /** + * Formats and prints a simple block of text + * For printing commands see {@link CommandsSection} + * + * @param text Text to print + */ + protected void formatAndPrintSectionContext(final CharSequence text) { + final StringBuilder stringBuilder = new StringBuilder(); + CharSequence contentText = text; + while(0 < contentText.length()) { + appendGap(stringBuilder, leftPadding); + // If the text fits one line, simply append it and end the while loop + if (contentText.length() <= textWidth) { + stringBuilder.append(contentText); + stringBuilder.append(System.lineSeparator()); + break; + } + int lineIndex = checkForWhitespaceIndex(contentText, textWidth); + // Append the text that fits on a single line and remove it from the contentText + stringBuilder.append(contentText.subSequence(0,lineIndex)); + contentText = contentText.subSequence(lineIndex+1, contentText.length()); + stringBuilder.append(System.lineSeparator()); + } + printText(stringBuilder.toString()); + } + + /** + * Formats and prints headers across all sections + * + * @param sectionTitle Title to format and print + */ + protected void formatAndPrintTitle(String sectionTitle) { + String titleText = new TerminalString(sectionTitle.toUpperCase(), + new TerminalColor(Color.CYAN, Color.DEFAULT, Color.Intensity.BRIGHT), + new TerminalTextStyle(CharacterType.BOLD)).toString(); + printText(titleText); + System.out.print(System.lineSeparator()); + } + + /** + * Finds the index of text that still fits on a single line and is a whitespace. + * We don't want to break words at the end of the line + * + * @param text Text to iterate + * @param maxWidth Max width of the line, start of the iteration + * @return Last whitespace index before the end of the line + */ + protected int checkForWhitespaceIndex(CharSequence text, int maxWidth) { + int lastWhitespaceIndex = maxWidth; + while (0 <= lastWhitespaceIndex && !Character.isWhitespace(text.charAt(lastWhitespaceIndex))) { + lastWhitespaceIndex--; + } + return lastWhitespaceIndex; + } + + /** + * Appends a gap of certain width + * + * @param text Text to which the gap should be appended + * @param gapWidth Width of the gap + */ + protected void appendGap(StringBuilder text, int gapWidth) { + for (int i = 0; i < gapWidth; i++){ + text.append(' '); + } + } + + /** + * Prints the text via system terminal and adds a line separator at the end. Doesn't add any formatting. + * + * @param text Text to print. Leave {@code null} for just a line separator. + */ + void printText(String text) { + TerminalConnection terminalConnection = HelpCommand.getTerminal(); + if (text != null) { + terminalConnection.write(text); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java b/tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java new file mode 100644 index 00000000000..d82f0186619 --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/OptionsSection.java @@ -0,0 +1,55 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Options; +import org.wildfly.security.tool.ElytronToolMessages; + +/** + * Options section of Elytron help tool + * @author Petr Beran + */ +public class OptionsSection extends HelpSection { + + private final String sectionTitle; + private final String sectionHeader; + private final Options sectionContent; + + public OptionsSection(String sectionHeader, Options options) { + this.sectionTitle = "Options"; + this.sectionHeader = sectionHeader; + this.sectionContent = options; + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + if (sectionHeader != null) { + formatAndPrintSectionContext(sectionHeader); + } + if (sectionContent != null) { + HelpFormatter help = new HelpFormatter(); + help.setSyntaxPrefix(""); + help.setLeftPadding(4); + help.setWidth(120); + help.printHelp(ElytronToolMessages.msg.cmdHelp("", ""), sectionContent); + printText(null); + } + } +} diff --git a/tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java b/tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java new file mode 100644 index 00000000000..01c235c318d --- /dev/null +++ b/tool/src/main/java/org/wildfly/security/tool/help/UsageSection.java @@ -0,0 +1,56 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.tool.help; + +/** + * Usage section of Elytron help command + * + * @author Petr Beran + */ +public class UsageSection extends HelpSection { + + private final String sectionTitle; + private final String sectionContent; + + public UsageSection(String command, String option) { + StringBuilder stringBuilder = new StringBuilder(); + stringBuilder.append("./elytron-tool.sh"); + + if (command != null) { + stringBuilder.append(" " + command); + } + else { + stringBuilder.append(" [command]"); + } + + if (option != null) { + stringBuilder.append(" " + option); + } + else { + stringBuilder.append(" [options]"); + } + this.sectionTitle = "Usage"; + this.sectionContent = stringBuilder.toString(); + } + + @Override + public void printHelp() { + formatAndPrintTitle(sectionTitle); + formatAndPrintSectionContext(sectionContent); + } +} From 93995758e8ee1a3380e397057b28ef12bf505335 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 29 Aug 2024 11:42:22 -0400 Subject: [PATCH 190/205] [ELY-2799] Release WildFly Elytron 2.5.2.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 1eefb6c1f3f..44d5ea39e3a 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index d4f6c840eda..a8fd1ebebd4 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 0661646ab8b..9cd2b308e2c 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 2ab12bd36ca..1289f95ae0f 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 6cd31e3a957..9fbe39742a7 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 6e48afe2a25..5c3df719c39 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 2243df70dfd..cbeae3cd62f 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index c691385b5e9..6adcc780294 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index a63d8942f3f..62ad32cf2cf 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index a30057a6abc..d2a6c26f6c5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index bafda60cf0b..12c9f8269ba 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 58ce9bfc75e..cc6e38f0966 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index df27ef751ed..29994a024e2 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 50ec88ea27a..8591373d435 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 7c1976839e1..2b9659962ec 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 8f6938ab3fa..1e083353393 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 5be0f3844b4..61bbc03ecf4 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 53f6d726221..81ddc52dc7f 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 6005943ae52..81ced414552 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 98618df9ef8..d966937dc16 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 193f81c319d..303b699b807 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 06370d1c6d3..73af6cddc17 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 3690a681977..4f95f98393b 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 29b5f908d29..a85d5078387 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index e5fe1afd830..124838304fe 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 4cb7fa865c5..3f89343ae99 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 187158d2dee..177cbf5ebfe 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index fdf26ca42f8..c41e7efe829 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index 6703cc6e6c7..b61fc5676af 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 0d98cb9cdae..1a192fb0ed7 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index e8e9ae7dfaa..b2afa96dfb8 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 56c9713ff77..5dc26e2e402 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index 7844474a2cf..fe46990b1c2 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 92c37b726d3..7aa9ae4c0eb 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index b85827d9283..abfb5e668be 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index e5321b18071..705c3268ab3 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 8ad8fe59a16..7b191e574cd 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 6729d438516..18de685fe28 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index f6d2e42def8..6536e1f5153 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 915c5814f25..53b19a08d7b 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 8603e2d2e7d..ae3c3b76336 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index d8a70b5a869..ac11533f799 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 3d34c66ede4..5b16a8f0b49 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 64a8c725123..270257557a2 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 10ae56f74c3..71c423ea83b 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index e0cd26073b1..37c0d82846d 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index 53bc46cdd76..bb2698bc9de 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 24e307ac07c..f5231c6b465 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/pom.xml b/pom.xml index f3fdca5b17d..9132ac4d159 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 7620c98e1ab..23333fec84e 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index c6f5056e9de..6b3fb368505 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 72ffdfcd601..4650c10d9f9 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 7e4a99222d5..5fec010fc08 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 6b090270a67..3b54d9d423b 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index fa455c4aac5..9096b077830 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 8d02e4ee250..31c904d677d 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index e7382a254d1..e00919e13af 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 92a0f0126be..89557a0744d 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index f9404532ffe..6b6a896e878 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index ed2f8cfc933..225c3069056 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 6d5ac6fe7fa..436335dcc9c 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 707ddb548a1..80707d584ca 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index d6ffd8f95a7..55bb5a6fe33 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 95cee45589d..cc688728338 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index f935d139e37..302ae0e0b4e 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 59a5ccff1b9..278f1148fce 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 81bacad327a..c880d73ee58 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 2406ce66298..c6e55a643ae 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index eae2363ffc1..41a75180c71 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 5c4ad863994..c0d3e5758f5 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index c4428245d15..1dae7e0c834 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index b0b912c4974..8de769d66bb 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 11e6eaf787c..b81cc1c8183 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 0a5baf9a738..9f607fed626 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 536305499c0..ae9a99f6a2e 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index f93de8dea27..88bd9738232 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index caf08adca64..6dcb61f8cea 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.CR1-SNAPSHOT + 2.5.2.Final ../../pom.xml From 369233908b0f4f28fcbfd18c7321e5405aaebbb2 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 29 Aug 2024 11:43:11 -0400 Subject: [PATCH 191/205] Next is 2.5.3 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index 44d5ea39e3a..d32e1c5e9b1 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index a8fd1ebebd4..5ec36c76f84 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index 9cd2b308e2c..ccc48a6e164 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 1289f95ae0f..0065663bcb8 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 9fbe39742a7..43236bc18d6 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 5c3df719c39..8b4ff83135a 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index cbeae3cd62f..aa1220dd8c4 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index 6adcc780294..9193e7faeba 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index 62ad32cf2cf..e60743f492f 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index d2a6c26f6c5..f383afe00a8 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index 12c9f8269ba..a000994a7c9 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index cc6e38f0966..fc66a12e511 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 29994a024e2..9269e6cf515 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index 8591373d435..af8295c93be 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 2b9659962ec..b4f61ba2b2c 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 1e083353393..c1c32fe439d 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 61bbc03ecf4..0029ab0f026 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 81ddc52dc7f..a7703d47302 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 81ced414552..c9c0586cc57 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index d966937dc16..ebca916a974 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 303b699b807..46f30a4e892 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 73af6cddc17..47633b7b43a 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 4f95f98393b..b05e5d82a3b 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index a85d5078387..b5815c1037f 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index 124838304fe..f225ac4367e 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 3f89343ae99..acad9484258 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 177cbf5ebfe..8694401c3af 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index c41e7efe829..0aa29176cbe 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index b61fc5676af..a33ef70519f 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 1a192fb0ed7..2f065d67215 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index b2afa96dfb8..6637658a12b 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index 5dc26e2e402..a4ade354696 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index fe46990b1c2..a7e83bd85d2 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 7aa9ae4c0eb..0b388b19dc9 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index abfb5e668be..43ef025c195 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 705c3268ab3..58dcbd4bb03 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 7b191e574cd..c521191e659 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 18de685fe28..c6f6ec47058 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 6536e1f5153..1aeb2229ff7 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 53b19a08d7b..cf0b3a738b7 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index ae3c3b76336..9e1b9a0ddd5 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index ac11533f799..e19dd5d25da 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 5b16a8f0b49..99a7feac7a4 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 270257557a2..43cbaf90d25 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 71c423ea83b..447611b30cc 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 37c0d82846d..1c825d1cd04 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index bb2698bc9de..e2c4ffa4b4a 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index f5231c6b465..ad959fe7327 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 9132ac4d159..5ad20cb88ca 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 23333fec84e..aec357e1f6a 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 6b3fb368505..7e4f7aacff7 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 4650c10d9f9..6840642e603 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 5fec010fc08..4e3cf94e504 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 3b54d9d423b..60c74bd4e6c 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 9096b077830..8757135ad62 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 31c904d677d..75a673a53d8 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index e00919e13af..ca807f73bc4 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 89557a0744d..9a47f463fde 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 6b6a896e878..8439267dd75 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index 225c3069056..f059b7f75da 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 436335dcc9c..23948779801 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 80707d584ca..05f8b24236e 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 55bb5a6fe33..cb931c966d7 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index cc688728338..d264605b5fc 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index 302ae0e0b4e..a602fa5157d 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index 278f1148fce..ca01f34fa0a 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index c880d73ee58..0b1926b1074 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index c6e55a643ae..b09dc85170d 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 41a75180c71..0ac20115571 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index c0d3e5758f5..7ddf47449ce 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 1dae7e0c834..ae1be67fb33 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 8de769d66bb..e451eb0108b 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index b81cc1c8183..e207b03edda 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 9f607fed626..8e714784e8f 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index ae9a99f6a2e..530c5ae6586 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 88bd9738232..45851a01a43 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 6dcb61f8cea..3ed4d80fa13 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.2.Final + 2.5.3.CR1-SNAPSHOT ../../pom.xml From 62634b2f95cb930f9bd8a27e3dde933ae37079c5 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 29 Aug 2024 12:03:26 -0400 Subject: [PATCH 192/205] [ELY-2799] Perform API check against 2.5.2.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index ae1be67fb33..a9f39f0c20b 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.5.1.Final + 2.5.2.Final jar From 6917c625ecd29d50134f805635a97bf1ab1ac9b4 Mon Sep 17 00:00:00 2001 From: Tomas Hofman Date: Mon, 18 Mar 2024 16:21:33 +0100 Subject: [PATCH 193/205] ELY-2731 Use SecureRandom instead of ThreadLocalRandom --- .../impl/BSDUnixDESCryptPasswordImpl.java | 7 ++-- .../security/password/impl/PasswordUtil.java | 21 ++++++++++-- .../impl/ThreadLocalSecureRandom.java | 32 +++++++++++++++++++ .../impl/UnixDESCryptPasswordImpl.java | 5 ++- .../password/impl/PasswordUtilTest.java | 32 +++++++++++++++++++ 5 files changed, 88 insertions(+), 9 deletions(-) create mode 100644 password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java create mode 100644 password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java b/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java index cb918d2ebe6..c7fb6a44b5b 100644 --- a/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/BSDUnixDESCryptPasswordImpl.java @@ -30,7 +30,6 @@ import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import java.util.Arrays; -import java.util.concurrent.ThreadLocalRandom; import org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword; import org.wildfly.security.password.spec.ClearPasswordSpec; @@ -72,11 +71,11 @@ class BSDUnixDESCryptPasswordImpl extends AbstractPasswordImpl implements BSDUni } BSDUnixDESCryptPasswordImpl(final ClearPasswordSpec passwordSpec) throws InvalidKeySpecException { - this(passwordSpec.getEncodedPassword(), ThreadLocalRandom.current().nextInt() & 0xffffff, DEFAULT_ITERATION_COUNT); + this(passwordSpec.getEncodedPassword(), PasswordUtil.generateRandomSaltInt() & 0xffffff, DEFAULT_ITERATION_COUNT); } BSDUnixDESCryptPasswordImpl(final char[] password, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { - this(password, ThreadLocalRandom.current().nextInt() & 0xffffff, DEFAULT_ITERATION_COUNT, hashCharset); + this(password, PasswordUtil.generateRandomSaltInt() & 0xffffff, DEFAULT_ITERATION_COUNT, hashCharset); } BSDUnixDESCryptPasswordImpl(final char[] password, final IteratedSaltedPasswordAlgorithmSpec spec, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { @@ -84,7 +83,7 @@ class BSDUnixDESCryptPasswordImpl extends AbstractPasswordImpl implements BSDUni } BSDUnixDESCryptPasswordImpl(final char[] password, final IteratedPasswordAlgorithmSpec spec, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { - this(password, ThreadLocalRandom.current().nextInt() & 0xffffff, spec.getIterationCount(), hashCharset); + this(password, PasswordUtil.generateRandomSaltInt() & 0xffffff, spec.getIterationCount(), hashCharset); } BSDUnixDESCryptPasswordImpl(final char[] password, final SaltedPasswordAlgorithmSpec spec, final Charset hashCharset) throws InvalidKeySpecException, InvalidParameterSpecException { diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java b/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java index 21e1f8a58f1..9327f4b5ac0 100644 --- a/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/PasswordUtil.java @@ -17,7 +17,7 @@ */ package org.wildfly.security.password.impl; -import java.util.concurrent.ThreadLocalRandom; +import org.wildfly.common.Assert; /** * Helper utility methods for operations on passwords. @@ -27,6 +27,8 @@ */ final class PasswordUtil { + private static final ThreadLocalSecureRandom THREAD_LOCAL_SECURE_RANDOM = new ThreadLocalSecureRandom(); + /** * Generate a random salt as byte array. * @@ -35,7 +37,22 @@ final class PasswordUtil { */ public static byte[] generateRandomSalt(int saltSize) { byte[] randomSalt = new byte[saltSize]; - ThreadLocalRandom.current().nextBytes(randomSalt); + THREAD_LOCAL_SECURE_RANDOM.get().nextBytes(randomSalt); return randomSalt; } + + /** + * Generate a random salt as int. + * + * @return a byte array representing the random salt + */ + static int generateRandomSaltInt() { + byte[] saltBytes = generateRandomSalt(4); + return convertBytesToInt(saltBytes); + } + + static int convertBytesToInt(byte[] saltBytes) { + Assert.assertTrue(saltBytes.length == 4); + return (saltBytes[0] & 0xff) << 24 | (saltBytes[1] & 0xff) << 16 | (saltBytes[2] & 0xff) << 8 | saltBytes[3] & 0xff; + } } diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java b/password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java new file mode 100644 index 00000000000..5a99da754e8 --- /dev/null +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/ThreadLocalSecureRandom.java @@ -0,0 +1,32 @@ +/* + * JBoss, Home of Professional Open Source + * + * Copyright 2024 Red Hat, Inc. and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.password.impl; + +import java.security.SecureRandom; +import java.util.function.Supplier; + +class ThreadLocalSecureRandom implements Supplier { + final ThreadLocal localInstance = new ThreadLocal<>(); + + public SecureRandom get() { + if (localInstance.get() == null) { + localInstance.set(new SecureRandom()); + } + return localInstance.get(); + } +} diff --git a/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java b/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java index 00ad94110da..267dfd70200 100644 --- a/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java +++ b/password/impl/src/main/java/org/wildfly/security/password/impl/UnixDESCryptPasswordImpl.java @@ -31,7 +31,6 @@ import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import java.util.Arrays; -import java.util.concurrent.ThreadLocalRandom; import org.wildfly.security.password.interfaces.UnixDESCryptPassword; import org.wildfly.security.password.spec.ClearPasswordSpec; @@ -68,11 +67,11 @@ class UnixDESCryptPasswordImpl extends AbstractPasswordImpl implements UnixDESCr } UnixDESCryptPasswordImpl(final ClearPasswordSpec spec) throws InvalidKeySpecException, InvalidKeyException { - this((short) (ThreadLocalRandom.current().nextInt() & 0xfff), spec.getEncodedPassword()); + this((short) (PasswordUtil.generateRandomSaltInt() & 0xfff), spec.getEncodedPassword()); } UnixDESCryptPasswordImpl(final char[] passwordChars, final Charset hashCharset) throws InvalidKeyException { - this((short) (ThreadLocalRandom.current().nextInt() & 0xfff), passwordChars, hashCharset); + this((short) (PasswordUtil.generateRandomSaltInt() & 0xfff), passwordChars, hashCharset); } UnixDESCryptPasswordImpl(final char[] passwordChars, SaltedPasswordAlgorithmSpec algorithmSpec, final Charset hashCharset) throws InvalidParameterSpecException, InvalidKeyException { diff --git a/password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java b/password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java new file mode 100644 index 00000000000..ace17e04677 --- /dev/null +++ b/password/impl/src/test/java/org/wildfly/security/password/impl/PasswordUtilTest.java @@ -0,0 +1,32 @@ +/* + * JBoss, Home of Professional Open Source + * + * Copyright 2024 Red Hat, Inc. and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wildfly.security.password.impl; + +import org.junit.Assert; +import org.junit.Test; + +public class PasswordUtilTest { + + @Test + public void testConvertBytesToInt() { + Assert.assertEquals(0, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00})); + Assert.assertEquals(Integer.MAX_VALUE, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff})); + Assert.assertEquals(Integer.MIN_VALUE, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0x80, (byte) 0x00, (byte) 0x00, (byte) 0x00})); + Assert.assertEquals(-1, PasswordUtil.convertBytesToInt(new byte[] {(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff})); + } +} From 421a8002d4dbfb74d4f7e8013b794bc88278955a Mon Sep 17 00:00:00 2001 From: lvydra Date: Wed, 14 Aug 2024 15:36:03 +0200 Subject: [PATCH 194/205] [ELY-2780] Logging in aggregaterealm changes authentication and authorization flow --- .../auth/realm/AggregateSecurityRealm.java | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java index dde13678819..198c5e8331c 100644 --- a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java +++ b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/AggregateSecurityRealm.java @@ -79,18 +79,14 @@ public AggregateSecurityRealm(final SecurityRealm authenticationRealm, Function< public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnavailableException { boolean ok = false; final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(evidence); - if (authenticationIdentity.exists()) { - log.tracef("Authentication identity for principal [%s] found.", evidence.getDecodedPrincipal()); - } + log.tracef("Authentication identity for principal [%s] obtained.", evidence.getDecodedPrincipal()); final RealmIdentity[] authorizationIdentities = new RealmIdentity[authorizationRealms.length]; try { for (int i = 0; i < authorizationIdentities.length; i++) { SecurityRealm authorizationRealm = authorizationRealms[i]; authorizationIdentities[i] = (authorizationRealm == authenticationRealm) ? authenticationIdentity : getAuthorizationIdentity(authorizationRealm, evidence, principalTransformer, authenticationIdentity); - if (authorizationIdentities[i].exists()) { - log.tracef("Authorization identity for principal [%s] found.", evidence.getDecodedPrincipal()); - } + log.tracef("Authorization identity for principal [%s] obtained.", evidence.getDecodedPrincipal()); } final Identity identity = new Identity(authenticationIdentity, authorizationIdentities); @@ -111,9 +107,7 @@ public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnava public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException { boolean ok = false; final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(principal); - if (authenticationIdentity.exists()) { - log.tracef("Authentication identity for principal [%s] found.", principal); - } + log.tracef("Authentication identity for principal [%s] obtained.", principal); Principal authorizationPrincipal = principal; if (principalTransformer != null) { authorizationPrincipal = principalTransformer.apply(authorizationPrincipal); @@ -125,9 +119,7 @@ public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUna for (int i = 0; i < authorizationIdentities.length; i++) { SecurityRealm authorizationRealm = authorizationRealms[i]; authorizationIdentities[i] = (authorizationRealm == authenticationRealm) && (principalTransformer == null) ? authenticationIdentity : authorizationRealm.getRealmIdentity(authorizationPrincipal); - if (authorizationIdentities[i].exists()) { - log.tracef("Authorization identity for principal [%s] found.", principal); - } + log.tracef("Authorization identity for principal [%s] obtained.", principal); } final Identity identity = new Identity(authenticationIdentity, authorizationIdentities); From 4e58f8d5cc8c36881c5f26d3101aba2635c3add4 Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Tue, 17 Sep 2024 13:14:36 +0100 Subject: [PATCH 195/205] [ELY-2805] Revert "[ELY-2547] Add Elytron Tool option to overwrite CLI script" This reverts commit 7242ebe048d4b5bbe114dd61db3a10b4d4fe2d74. --- .../org/wildfly/security/tool/Command.java | 1 - .../security/tool/ElytronToolMessages.java | 3 - .../tool/FileSystemEncryptRealmCommand.java | 45 +++------- .../tool/FileSystemRealmIntegrityCommand.java | 42 +++------ .../FileSystemEncryptRealmCommandTest.java | 50 ----------- .../FileSystemRealmIntegrityCommandTest.java | 86 ------------------- .../fsRealmAl/a/l/alice-MFWGSY3F.xml | 8 -- 7 files changed, 20 insertions(+), 215 deletions(-) delete mode 100644 tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml diff --git a/tool/src/main/java/org/wildfly/security/tool/Command.java b/tool/src/main/java/org/wildfly/security/tool/Command.java index 4f06b917fe7..4b29a26b881 100644 --- a/tool/src/main/java/org/wildfly/security/tool/Command.java +++ b/tool/src/main/java/org/wildfly/security/tool/Command.java @@ -498,7 +498,6 @@ class Params { static final String SILENT_PARAM = "silent"; static final String STORE_LOCATION_PARAM = "location"; static final String SUMMARY_PARAM = "summary"; - static final String OVERWRITE_SCRIPT_FILE = "overwrite-script-file"; // Other constants static final Pattern BOOLEAN_ARG_REGEX = Pattern.compile("(true|false)", Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE); diff --git a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java index 7d4bc482527..4b876d33b25 100644 --- a/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java +++ b/tool/src/main/java/org/wildfly/security/tool/ElytronToolMessages.java @@ -589,9 +589,6 @@ public interface ElytronToolMessages extends BasicLogger { @Message(id = NONE, value = "Provides a detailed summary of all operations performed, once the command finishes.") String cmdFileSystemRealmSummaryDesc(); - @Message(id = NONE, value = "Whether the cli script file will be overwritten, if attempting to write to an existing file.") - String cmdFileSystemRealmOverwriteCliScriptFileDesc(); - @Message(id = NONE, value = "No users file specified. Please use either --bulk-convert or specify a users file using --users-file ") MissingOptionException missingUsersFile(); diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java index 76a76d95e9d..844332d76de 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemEncryptRealmCommand.java @@ -17,7 +17,6 @@ */ package org.wildfly.security.tool; -import static org.wildfly.security.tool.Params.BOOLEAN_PARAM; import static org.wildfly.security.tool.Params.BULK_CONVERT_PARAM; import static org.wildfly.security.tool.Params.CREATE_CREDENTIAL_STORE_PARAM; import static org.wildfly.security.tool.Params.CREDENTIAL_STORE_LOCATION_PARAM; @@ -39,7 +38,6 @@ import static org.wildfly.security.tool.Params.LINE_SEPARATOR; import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; -import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -178,10 +176,6 @@ class FileSystemEncryptRealmCommand extends Command { option.setArgName(FILE_PARAM); options.addOption(option); - option = new Option("w", OVERWRITE_SCRIPT_FILE, true, ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()); - option.setArgName(BOOLEAN_PARAM); - options.addOption(option); - option = Option.builder().longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()).build(); options.addOption(option); @@ -214,7 +208,6 @@ private static final class Descriptor { private Boolean encoded; private Boolean createCredentialStore; private Boolean populate; - private Boolean overwriteScriptFile; Descriptor() { } @@ -237,7 +230,6 @@ private static final class Descriptor { this.createCredentialStore = descriptor.createCredentialStore; this.secretKeyAlias = descriptor.secretKeyAlias; this.populate = descriptor.populate; - this.overwriteScriptFile = descriptor.overwriteScriptFile; } public Encoding getHashEncoding() { @@ -370,14 +362,6 @@ void setKeyPairAlias(String keyPairAlias) { this.keyPairAlias = keyPairAlias; } - public Boolean getOverwriteScriptFile() { - return overwriteScriptFile; - } - - public void setOverwriteScriptFile(Boolean overwriteScriptFile) { - this.overwriteScriptFile = overwriteScriptFile; - } - void reset() { this.inputRealmLocation = null; this.outputRealmLocation = null; @@ -395,7 +379,6 @@ void reset() { this.encoded = null; this.levels = null; this.populate = null; - this.overwriteScriptFile = null; } } @@ -441,7 +424,6 @@ public void execute(String[] args) throws Exception { String encodedOption = cmdLine.getOptionValue("f"); String bulkConvert = cmdLine.getOptionValue("b"); String populateOption = cmdLine.getOptionValue("p"); - String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvert == null) { if (realmNameOption == null) { @@ -491,9 +473,6 @@ public void execute(String[] args) throws Exception { } else { descriptor.setPopulate(Boolean.valueOf(populateOption)); } - if (overwriteScriptFileOption != null) { - descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); - } if (levelsOption == null) { descriptor.setLevels(DEFAULT_LEVELS); @@ -949,7 +928,6 @@ private void createWildFlyScript() throws Exception { String keyStoreType = descriptor.getKeyStoreType(); char[] password = descriptor.getPassword(); String keyPairAlias = descriptor.getKeyPairAlias(); - Boolean overwriteScript = descriptor.getOverwriteScriptFile(); if (hashCharset == null) { hashCharset = StandardCharsets.UTF_8; @@ -964,20 +942,17 @@ private void createWildFlyScript() throws Exception { Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmLocation, fileSystemRealmName)); - if (overwriteScript == null) { - if (scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; - } - - overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); + if (scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; } + boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { // Generate a random file for the CLI script do { scriptPath = Paths.get(String.format("%s/%s.cli", @@ -1031,7 +1006,7 @@ private void createWildFlyScript() throws Exception { if (overwriteScript) { // Create a new script file, or overwrite the existing one Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); } else { - Files.write(scriptPath, scriptLines, StandardOpenOption.CREATE); + Files.write(scriptPath, scriptLines, StandardOpenOption.APPEND); } counter++; } diff --git a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java index 9e9225ba370..33de909669f 100644 --- a/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommand.java @@ -39,7 +39,6 @@ import static org.wildfly.security.tool.Params.NAME_PARAM; import static org.wildfly.security.tool.Params.NUMBER_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; -import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -161,9 +160,6 @@ public class FileSystemRealmIntegrityCommand extends Command { options.addOption(Option.builder("b").longOpt(BULK_CONVERT_PARAM).desc(ElytronToolMessages.msg.cmdFileSystemRealmIntegrityBulkConvertDesc()) .hasArg().argName(FILE_PARAM) .build()); - options.addOption(Option.builder("w").longOpt(OVERWRITE_SCRIPT_FILE).desc(ElytronToolMessages.msg.cmdFileSystemRealmOverwriteCliScriptFileDesc()) - .hasArg().argName(BOOLEAN_PARAM) - .build()); // General options options.addOption(Option.builder("h").longOpt(HELP_PARAM).desc(ElytronToolMessages.msg.cmdLineHelp()) @@ -192,7 +188,6 @@ private static final class Descriptor { private Encoding hashEncoding; private Charset hashCharset; private Boolean encoded; - private Boolean overwriteScriptFile; private Boolean upgradeInPlace; private Boolean missingRequiredValue; @@ -220,7 +215,6 @@ private static final class Descriptor { this.hashEncoding = descriptor.hashEncoding; this.hashCharset = descriptor.hashCharset; this.encoded = descriptor.encoded; - this.overwriteScriptFile = descriptor.overwriteScriptFile; this.upgradeInPlace = descriptor.upgradeInPlace; this.missingRequiredValue = descriptor.missingRequiredValue; @@ -331,9 +325,6 @@ public Boolean getMissingRequiredValue() { public Boolean getRealmUpgraded() { return realmUpgraded; } - public Boolean getOverwriteScriptFile() { - return overwriteScriptFile; - } public void setInputRealmPath(String inputRealmPath) { setInputRealmPath(Paths.get(inputRealmPath).normalize().toAbsolutePath()); @@ -422,9 +413,6 @@ public void setMissingRequiredValue() { public void setRealmUpgraded() { this.realmUpgraded = true; } - public void setOverwriteScriptFile(Boolean overwriteScriptFile) { - this.overwriteScriptFile = overwriteScriptFile; - } void reset(boolean resetMissingValues) { // Required values are set to null if contents are null, or equal "MISSING" @@ -443,7 +431,6 @@ void reset(boolean resetMissingValues) { hashEncoding = null; hashCharset = null; encoded = null; - overwriteScriptFile = null; upgradeInPlace = false; realmUpgraded = false; @@ -492,7 +479,6 @@ public void execute(String[] args) throws Exception { String hashCharsetOption = cmdLine.getOptionValue("u"); String encodedOption = cmdLine.getOptionValue("f"); String bulkConvertOption = cmdLine.getOptionValue("b"); - String overwriteScriptFileOption = cmdLine.getOptionValue("w"); if (bulkConvertOption == null) { if (summaryMode) { @@ -591,10 +577,6 @@ public void execute(String[] args) throws Exception { descriptor.setEncoded(Boolean.parseBoolean(encodedOption)); } - if (overwriteScriptFileOption != null) { - descriptor.setOverwriteScriptFile(Boolean.valueOf(overwriteScriptFileOption)); - } - descriptors.add(descriptor); findMissingRequiredValuesAndSetValues(0, descriptor); } else if (nonBulkConvertOptionSet(inputRealmPathOption, outputRealmPathOption, realmNameOption, keyStorePathOption, @@ -973,26 +955,22 @@ private void createWildFlyScript() throws Exception { String fileSystemRealmName = descriptor.getFileSystemRealmName(); Path outputRealmPath = descriptor.getOutputRealmPath(); boolean upgradeInPlace = descriptor.getUpgradeInPlace(); - Boolean overwriteScript = descriptor.getOverwriteScriptFile(); String createScriptCheck = ""; Path scriptPath = Paths.get(String.format("%s/%s.cli", outputRealmPath, fileSystemRealmName)); - if (overwriteScript == null) { - // Ask to overwrite CLI script, if already exists - if(scriptPath.toFile().exists()) { - createScriptCheck = prompt( - true, - ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), - false, - null - ); - if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; - } - - overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); + // Ask to overwrite CLI script, if already exists + if(scriptPath.toFile().exists()) { + createScriptCheck = prompt( + true, + ElytronToolMessages.msg.shouldFileBeOverwritten(scriptPath.toString()), + false, + null + ); + if (createScriptCheck.trim().isEmpty()) createScriptCheck = "n"; } + boolean overwriteScript = createScriptCheck.isEmpty() || createScriptCheck.toLowerCase().startsWith("y"); if (!overwriteScript) { do { scriptPath = Paths.get(String.format("%s/%s.cli", diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java index 910f78580f9..32ff3c29f2d 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemEncryptRealmCommandTest.java @@ -17,8 +17,6 @@ */ package org.wildfly.security.tool; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.ELYTRON_KS_PASS_PROVIDERS; @@ -68,12 +66,6 @@ private void runCommand(String inputLocation, String outputLocation, String file executeCommandAndCheckStatus(requiredArgs, expectedStatus); } - private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, String encoded, boolean create, int expectedStatus, boolean overwriteScriptFile) { - String[] requiredArgs; - requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH, "--overwrite-script-file", String.valueOf(overwriteScriptFile)}; - executeCommandAndCheckStatus(requiredArgs, expectedStatus); - } - private void runCommand(String inputLocation, String outputLocation, String fileSystemRealmName, int levels, String encoded, boolean create, int expectedStatus) { String[] requiredArgs; requiredArgs = new String[]{"--input-location", inputLocation, "--output-location", outputLocation, "--realm-name", fileSystemRealmName, "--levels", String.valueOf(levels), "--encoded", encoded, "--create", String.valueOf(create), "--credential-store", CREDENTIAL_STORE_PATH}; @@ -167,48 +159,6 @@ public void testSingleUser() throws Exception { } } - @Test - public void testOverwritingScriptFileTrue() throws Exception { - String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; - String fileSystemRealmName = "overwrite-script-true"; - String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-true.cli"; - - String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); - - assertTrue(fileExists(file)); - File scriptFile = new File(file); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, true); - - Long modifiedAfter = scriptFile.lastModified(); - - assertNotEquals(modifiedBefore, modifiedAfter); - } - - @Test - public void testOverwritingScriptFileFalse() throws Exception { - String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; - String fileSystemRealmName = "overwrite-script-false"; - String file = "target/test-classes/filesystem-encrypt/fs-encrypted-realms/overwrite-script-false.cli"; - - String inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user-with-role/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, 3, "false", true, 0); - - assertTrue(fileExists(file)); - File scriptFile = new File(file); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = RELATIVE_BASE_DIR + "fs-unencrypted-realms/single-user/"; - runCommand(inputLocation, outputLocation, fileSystemRealmName, "false", true, 0, false); - - Long modifiedAfter = scriptFile.lastModified(); - - assertEquals(modifiedBefore, modifiedAfter); - } - @Test public void testSingleUserMissingParam() throws Exception { String outputLocation = RELATIVE_BASE_DIR + "fs-encrypted-realms"; diff --git a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java index 7db8da89604..2d134d31d7f 100644 --- a/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/FileSystemRealmIntegrityCommandTest.java @@ -17,7 +17,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.wildfly.security.tool.Command.GENERAL_CONFIGURATION_ERROR; @@ -37,7 +36,6 @@ import static org.wildfly.security.tool.Params.KEY_PAIR_ALIAS_PARAM; import static org.wildfly.security.tool.Params.LEVELS_PARAM; import static org.wildfly.security.tool.Params.OUTPUT_LOCATION_PARAM; -import static org.wildfly.security.tool.Params.OVERWRITE_SCRIPT_FILE; import static org.wildfly.security.tool.Params.PASSWORD_ENV_PARAM; import static org.wildfly.security.tool.Params.PASSWORD_PARAM; import static org.wildfly.security.tool.Params.REALM_NAME_PARAM; @@ -118,90 +116,6 @@ public void testSingleUserRealmWithJCEKS() throws IOException { validateScript(params, FS_REALM_SIGNED_PATH.resolve(realmName + ".cli")); } - @Test - public void testScriptFileOverwriteFalse() throws IOException { - String realmName = "scriptOverwriteFalse"; - Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); - String keyStoreType = "JCEKS"; - String keyPairAlias = "curveKeyPair"; - - Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); - String[] firstRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD - }; - - runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); - - File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); - String[] secondRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, - "--" + OVERWRITE_SCRIPT_FILE, "false" - }; - - runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); - - Long modifiedAfter = scriptFile.lastModified(); - - assertEquals(modifiedBefore, modifiedAfter); - } - - @Test - public void testScriptFileOverwriteTrue() throws IOException { - String realmName = "scriptOverwriteTrue"; - Path keyStore = Paths.get(RELATIVE_BASE_DIR, "fsKeyStoreEC.jceks"); - String keyStoreType = "JCEKS"; - String keyPairAlias = "curveKeyPair"; - - Path inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmSingle"); - String[] firstRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD - }; - - runCommand(inputLocation, firstRealmArgs, ElytronToolExitStatus_OK); - - File scriptFile = FS_REALM_SIGNED_PATH.resolve(realmName + ".cli").toFile(); - Long modifiedBefore = scriptFile.lastModified(); - - inputLocation = Paths.get(RELATIVE_UNSIGNED_DIR, "fsRealmAl"); - String[] secondRealmArgs = { - "--" + INPUT_LOCATION_PARAM, inputLocation.toString(), - "--" + OUTPUT_LOCATION_PARAM, FS_REALM_SIGNED_PATH.toString(), - "--" + REALM_NAME_PARAM, realmName, - "--" + KEYSTORE_PARAM, keyStore.toString(), - "--" + KEYSTORE_TYPE_PARAM, keyStoreType, - "--" + KEY_PAIR_ALIAS_PARAM, keyPairAlias, - "--" + PASSWORD_PARAM, KEYSTORE_PASSWORD, - "--" + OVERWRITE_SCRIPT_FILE, "true" - }; - - runCommand(inputLocation, secondRealmArgs, ElytronToolExitStatus_OK); - - Long modifiedAfter = scriptFile.lastModified(); - - assertNotEquals(modifiedBefore, modifiedAfter); - } - @Test public void testMultiUserRealmWithSummary() throws IOException { String realmName = "fsRealmMultiUser"; diff --git a/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml b/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml deleted file mode 100644 index 3e94e6776f9..00000000000 --- a/tool/src/test/resources/filesystem-integrity/fs-unsigned-realms/fsRealmAl/a/l/alice-MFWGSY3F.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file From 350e06e20e23e010bb9d1f3f396856383793109f Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 18 Sep 2024 10:39:48 +0100 Subject: [PATCH 196/205] [ELY-2890] Upgrade XNIO to 3.8.16.Final --- pom.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 690b4eb68fc..43bb7a6c5d7 100644 --- a/pom.xml +++ b/pom.xml @@ -101,6 +101,7 @@ 2.3.0 23.0.7 2.7 + 3.8.16.Final INFO @@ -1138,7 +1139,7 @@ org.jboss.xnio xnio-api - 3.8.8.Final + ${version.org.xnio} test From 0855335947734824ab1c46a1a3af145f5e9808eb Mon Sep 17 00:00:00 2001 From: Darran Lofthouse Date: Wed, 18 Sep 2024 11:35:54 +0100 Subject: [PATCH 197/205] [ELY-2810] Upgrade com.nimbusds:nimbus-jose-jwt to 9.37.3 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 690b4eb68fc..01d1fdcd2d6 100644 --- a/pom.xml +++ b/pom.xml @@ -85,7 +85,7 @@ 1.34 2.7.1 2.4.9 - 9.31 + 9.37.3 3.8.1 1.0.8.Final 1.0.1.Final From 637dd3383b6f2bc4f0fac1d5a88d1308a3fb350c Mon Sep 17 00:00:00 2001 From: R Searls Date: Tue, 28 May 2024 17:32:56 -0400 Subject: [PATCH 198/205] [ELY-2738] creating X509Certificate using CAGenerationTool. --- dynamic-ssl/pom.xml | 5 + .../dynamic/ssl/DynamicSSLContextTest.java | 8 +- .../dynamic/ssl/DynamicSSLTestUtils.java | 91 +++++++------------ .../ssl/SSLServerSocketTestInstance.java | 2 +- ...ic-ssl-test-without-default-sslcontext.xml | 18 ++-- .../ssl/wildfly-config-dynamic-ssl-test.xml | 24 ++--- 6 files changed, 62 insertions(+), 86 deletions(-) diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index ebca916a974..c7f2ac19546 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -39,6 +39,11 @@ org.wildfly.security wildfly-elytron-client + + org.wildfly.security + wildfly-elytron-tests-common + test-jar + org.kohsuke.metainf-services metainf-services diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java index cd74cba609f..6c4378f34f6 100644 --- a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java @@ -330,7 +330,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep SSLSocketFactory socketFactory = dynamicSSLContext.getSocketFactory(); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10001), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 10001); checkOutputIsOK((SSLSocket) clientSslSocket); @@ -341,7 +341,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep }); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10002), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client2.keystore.jks", RESOURCES + "client2.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client2.keystore.jks", RESOURCES + "client2.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 10002); checkOutputIsOK((SSLSocket) clientSslSocket); @@ -352,7 +352,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep }); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10003), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client3.keystore.jks", RESOURCES + "client3.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client3.keystore.jks", RESOURCES + "client3.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 10003); checkOutputIsOK((SSLSocket) clientSslSocket); @@ -371,7 +371,7 @@ public void testThrowAnExceptionWhenLoop() throws NoSuchAlgorithmException { SSLContext previousDefaultSSLContext = SSLContext.getDefault(); SSLContext.setDefault(dynamicSSLContext); AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10000), () -> DynamicSSLTestUtils - .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> { + .createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "Elytron")).run(() -> { try { Socket clientSslSocket = socketFactory.createSocket("localhost", 12345); checkOutputIsOK((SSLSocket) clientSslSocket); diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java index 3f73dec2930..1f60cbdc64a 100644 --- a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java @@ -20,8 +20,6 @@ package org.wildfly.security.dynamic.ssl; import org.junit.Assert; -import org.wildfly.security.x500.cert.BasicConstraintsExtension; -import org.wildfly.security.x500.cert.X509CertificateBuilder; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; @@ -33,17 +31,15 @@ import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import org.wildfly.security.ssl.test.util.CAGenerationTool; +import org.wildfly.security.x500.cert.X509CertificateExtension; + /** * Utility class for DynamicSSLContextTest class. * @@ -54,10 +50,9 @@ public class DynamicSSLTestUtils { private static final String CLIENT_ALIAS = "client"; private static final String LOCALHOST_ALIAS = "localhost"; private static final String KEYSTORE_TYPE = "JKS"; - private static final String SHA_1_WITH_RSA = "SHA1withRSA"; private static final String TLS_PROTOCOL_VERSION = "TLSv1.2"; public static final String KEY_MANAGER_FACTORY_ALGORITHM = "SunX509"; - private static char[] PASSWORD = "secret".toCharArray(); + private static char[] PASSWORD = "Elytron".toCharArray(); private static File KEYSTORES_DIR = new File("./target/keystores"); private static String CLIENT1_KEYSTORE_FILENAME = "client1.keystore.jks"; @@ -92,6 +87,7 @@ static SSLContext createSSLContext(String keystorePath, String truststorePath, S KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE); trustStore.load(new FileInputStream(truststorePath), password.toCharArray()); + // Create trust manager TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); trustManagerFactory.init(trustStore); @@ -112,6 +108,7 @@ static void createKeystores() throws KeyStoreException, CertificateException, No if (!KEYSTORES_DIR.exists()) { KEYSTORES_DIR.mkdirs(); } + generateTwoWaySSLKeystoresAndTruststores(CLIENT1_KEYSTORE_FILENAME, SERVER1_KEYSTORE_FILENAME, CLIENT1_TRUSTSTORE_FILENAME, SERVER1_TRUSTSTORE_FILENAME); generateTwoWaySSLKeystoresAndTruststores(CLIENT2_KEYSTORE_FILENAME, SERVER2_KEYSTORE_FILENAME, CLIENT2_TRUSTSTORE_FILENAME, SERVER2_TRUSTSTORE_FILENAME); generateTwoWaySSLKeystoresAndTruststores(CLIENT3_KEYSTORE_FILENAME, SERVER3_KEYSTORE_FILENAME, CLIENT3_TRUSTSTORE_FILENAME, SERVER3_TRUSTSTORE_FILENAME); @@ -120,57 +117,30 @@ static void createKeystores() throws KeyStoreException, CertificateException, No private static void generateTwoWaySSLKeystoresAndTruststores(String clientKeystoreFilename, String serverKeystoreFilename, String clientTruststoreFilename, String serverTruststoreFilename) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - // Generates client certificate and keystore - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - KeyStore clientKeyStore = KeyStore.getInstance(KEYSTORE_TYPE); - clientKeyStore.load(null, null); - - KeyPair clientKeyPair = keyPairGenerator.generateKeyPair(); - PrivateKey signingKey = clientKeyPair.getPrivate(); - PublicKey publicKey = clientKeyPair.getPublic(); - - X500Principal testClient10DN = new X500Principal("CN=" + CLIENT_ALIAS); - X509Certificate clientCertificate = new X509CertificateBuilder() - .setIssuerDn(testClient10DN) - .setSubjectDn(new X500Principal("OU=Elytron")) - .setSignatureAlgorithmName(SHA_1_WITH_RSA) - .setSigningKey(signingKey) - .setPublicKey(publicKey) - .setSerialNumber(new BigInteger("3")) - .addExtension(new BasicConstraintsExtension(false, false, -1)) - .build(); - clientKeyStore.setKeyEntry(CLIENT_ALIAS, signingKey, PASSWORD, new X509Certificate[]{clientCertificate}); - - - // Generates server certificate and keystore - KeyStore serverKeyStore = KeyStore.getInstance(KEYSTORE_TYPE); - serverKeyStore.load(null, null); - - KeyPair serverKeyPair = keyPairGenerator.generateKeyPair(); - PrivateKey serverSigningKey = serverKeyPair.getPrivate(); - PublicKey serverPublicKey = serverKeyPair.getPublic(); - - X500Principal testServer10DN = new X500Principal("CN=" + LOCALHOST_ALIAS); - X509Certificate serverCertificate = new X509CertificateBuilder() - .setIssuerDn(testServer10DN) - .setSubjectDn(new X500Principal("OU=Elytron")) - .setSignatureAlgorithmName(SHA_1_WITH_RSA) - .setSigningKey(serverSigningKey) - .setPublicKey(serverPublicKey) - .setSerialNumber(new BigInteger("4")) - .addExtension(new BasicConstraintsExtension(false, false, -1)) - .build(); - serverKeyStore.setKeyEntry(LOCALHOST_ALIAS, serverSigningKey, PASSWORD, new X509Certificate[]{serverCertificate}); - - File clientKeystoreFile = new File(KEYSTORES_DIR, clientKeystoreFilename); - try (FileOutputStream clientStream = new FileOutputStream(clientKeystoreFile)) { - clientKeyStore.store(clientStream, PASSWORD); + CAGenerationTool caGenerationTool = null; + try { + caGenerationTool = CAGenerationTool.builder() + .setBaseDir(KEYSTORES_DIR.getCanonicalPath()) + .setRequestIdentities(CAGenerationTool.Identity.values()) + .build(); + } catch(Exception e) { + e.printStackTrace(); + Assert.fail(); } - File serverKeystoreFile = new File(KEYSTORES_DIR, serverKeystoreFilename); - try (FileOutputStream serverStream = new FileOutputStream(serverKeystoreFile)) { - serverKeyStore.store(serverStream, PASSWORD); - } + // Generates client certificate + X509Certificate clientCertificate = caGenerationTool.createIdentity(CLIENT_ALIAS, + new X500Principal("OU=Elytron"), + clientKeystoreFilename, + CAGenerationTool.Identity.CA, + new X509CertificateExtension[]{}); + + // Generates server certificate + X509Certificate serverCertificate = caGenerationTool.createIdentity(LOCALHOST_ALIAS, + new X500Principal("OU=Elytron"), + serverKeystoreFilename, + CAGenerationTool.Identity.CA, + new X509CertificateExtension[]{}); // create truststores KeyStore clientTrustStore = KeyStore.getInstance(KEYSTORE_TYPE); @@ -178,8 +148,9 @@ private static void generateTwoWaySSLKeystoresAndTruststores(String clientKeysto KeyStore serverTrustStore = KeyStore.getInstance(KEYSTORE_TYPE); serverTrustStore.load(null, null); - clientTrustStore.setCertificateEntry(LOCALHOST_ALIAS, serverKeyStore.getCertificate(LOCALHOST_ALIAS)); - serverTrustStore.setCertificateEntry(CLIENT_ALIAS, clientKeyStore.getCertificate(CLIENT_ALIAS) ); + + clientTrustStore.setCertificateEntry(LOCALHOST_ALIAS, serverCertificate); + serverTrustStore.setCertificateEntry(CLIENT_ALIAS, clientCertificate); File clientTrustFile = new File(KEYSTORES_DIR, clientTruststoreFilename); try (FileOutputStream clientStream = new FileOutputStream(clientTrustFile)) { diff --git a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java index e404fd3e622..b69715f1437 100644 --- a/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java +++ b/dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java @@ -59,7 +59,7 @@ void setConfiguredEnabledCipherSuites(String[] configuredEnabledCipherSuite) { } public void run() { - String password = "secret"; + String password = "Elytron"; SSLContext sslContext = DynamicSSLTestUtils.createSSLContext(this.keystorePath, this.truststorePath, password); try { SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); diff --git a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml index 07bfe16b243..4bfe9365125 100644 --- a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml +++ b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml @@ -22,27 +22,27 @@ - + - + - + - + - + - + @@ -52,7 +52,7 @@ - + @@ -61,7 +61,7 @@ - + @@ -70,7 +70,7 @@ - + diff --git a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml index 5e01db70445..e857cbb9d08 100644 --- a/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml +++ b/dynamic-ssl/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml @@ -22,38 +22,38 @@ - + - + - + - + - + - + - + - + @@ -63,7 +63,7 @@ - + @@ -72,7 +72,7 @@ - + @@ -81,7 +81,7 @@ - + @@ -90,7 +90,7 @@ - + From 5ecc563e2295cee8663721464652aaf6a1323835 Mon Sep 17 00:00:00 2001 From: R Searls Date: Fri, 21 Jun 2024 12:30:16 -0400 Subject: [PATCH 199/205] [ELY-2770] update javadoc's @link stmt to display fully qualified classname of deprecated classes. --- .../wildfly/security/auth/server/HttpAuthenticationFactory.java | 2 +- .../wildfly/security/auth/server/SaslAuthenticationFactory.java | 2 +- .../auth/server/SecurityIdentityServerMechanismFactory.java | 2 +- .../credential/source/CallbackHandlerCredentialSource.java | 2 +- .../security/credential/source/CommandCredentialSource.java | 2 +- .../credential/source/CredentialStoreCredentialSource.java | 2 +- .../security/credential/source/FactoryCredentialSource.java | 2 +- .../security/credential/source/KeyStoreCredentialSource.java | 2 +- .../credential/source/LocalKerberosCredentialSource.java | 2 +- .../http/util/sso/SingleSignOnServerMechanismFactory.java | 1 + .../main/java/org/wildfly/security/mechanism/MechanismUtil.java | 2 +- .../java/org/wildfly/security/permission/PermissionActions.java | 2 +- .../wildfly/security/sasl/util/UsernamePasswordHashUtil.java | 2 +- .../security/sasl/util/AuthenticationContextSaslClient.java | 2 +- .../sasl/util/AuthenticationContextSaslClientFactory.java | 2 +- .../security/sasl/util/AuthenticationContextSaslServer.java | 2 +- .../sasl/util/AuthenticationContextSaslServerFactory.java | 2 +- .../org/wildfly/security/ssl/X509CRLExtendedTrustManager.java | 2 +- .../wildfly/security/x500/X500AttributePrincipalDecoder.java | 2 +- 19 files changed, 19 insertions(+), 18 deletions(-) diff --git a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java index 403bc2f8696..c07a8a3ed03 100644 --- a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java +++ b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/HttpAuthenticationFactory.java @@ -46,7 +46,7 @@ * {@link HttpServerAuthenticationMechanismFactory} for obtaining configured mechanisms. * * @author Darran Lofthouse - * @deprecated Use {@link org.wildfly.security.auth.server.http.HttpAuthenticationFactory} instead + * @deprecated Use {@link org.wildfly.security.auth.server.http.HttpAuthenticationFactory org.wildfly.security.auth.server.http.HttpAuthenticationFactory} instead */ @Deprecated public final class HttpAuthenticationFactory extends AbstractMechanismAuthenticationFactory { diff --git a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java index 85636863d9b..e05351e9fcc 100644 --- a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java +++ b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SaslAuthenticationFactory.java @@ -48,7 +48,7 @@ * A SASL server factory configuration. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory} instead + * @deprecated Use {@link org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory} instead */ @Deprecated public final class SaslAuthenticationFactory extends AbstractMechanismAuthenticationFactory { diff --git a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java index 430340ec0c1..9f63571f861 100644 --- a/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java +++ b/auth/server/deprecated/src/main/java/org/wildfly/security/auth/server/SecurityIdentityServerMechanismFactory.java @@ -41,7 +41,7 @@ * the callback handler is returned instead. * * @author Darran Lofthouse - * @deprecated Use {@link org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory} instead + * @deprecated Use {@link org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory org.wildfly.security.auth.server.http.SecurityIdentityServerMechanismFactory} instead */ @Deprecated class SecurityIdentityServerMechanismFactory implements HttpServerAuthenticationMechanismFactory { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java index 509491c2252..deb676a58e8 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CallbackHandlerCredentialSource.java @@ -37,7 +37,7 @@ * A credential source which is backed by a callback handler. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource org.wildfly.security.credential.source.impl.CallbackHandlerCredentialSource} instead */ @Deprecated public final class CallbackHandlerCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java index b5914bda876..2265e3da231 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CommandCredentialSource.java @@ -52,7 +52,7 @@ * A credential source which acquires a credential from the command line. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.credential.source.impl.CommandCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.CommandCredentialSource org.wildfly.security.credential.source.impl.CommandCredentialSource} instead */ @Deprecated public final class CommandCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java index 76e35fd81f9..234b0d32d66 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/CredentialStoreCredentialSource.java @@ -37,7 +37,7 @@ * * @author David M. Lloyd * @author Peter Skopek - * @deprecated Use {@link org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource} instead */ @Deprecated public final class CredentialStoreCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java index 3e5944f3673..088ff37a36e 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/FactoryCredentialSource.java @@ -31,7 +31,7 @@ * A credential source which is backed by a credential security factory. * * @author Martin Mazanek - * @deprecated Use {@link org.wildfly.security.credential.source.impl.FactoryCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.FactoryCredentialSource org.wildfly.security.credential.source.impl.FactoryCredentialSource} instead */ @Deprecated public class FactoryCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java index 5b12588b703..40087d618b4 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/KeyStoreCredentialSource.java @@ -43,7 +43,7 @@ * A credential source which is backed by a key store entry. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.credential.source.impl.KeyStoreCredentialSource} instead + * @deprecated Use {@link org.wildfly.security.credential.source.impl.KeyStoreCredentialSource org.wildfly.security.credential.source.impl.KeyStoreCredentialSource} instead */ @Deprecated public final class KeyStoreCredentialSource implements CredentialSource { diff --git a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java index 11e521dc5ed..c27d20012b0 100644 --- a/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java +++ b/credential/source/deprecated/src/main/java/org/wildfly/security/credential/source/LocalKerberosCredentialSource.java @@ -40,7 +40,7 @@ * * Successful obtaining from cache requires set system property {@code javax.security.auth.useSubjectCredsOnly} to {@code false}. * - * @deprecated Kerberos based authentication mechanism obtains credential himself, see {@link org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource} to use with the new wildfly-elytron-credential-source-impl module + * @deprecated Kerberos based authentication mechanism obtains credential himself, see {@link org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource} to use with the new wildfly-elytron-credential-source-impl module * * @author Jan Kalina */ diff --git a/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java b/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java index 867560e90eb..17dc3309357 100644 --- a/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java +++ b/http/sso/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java @@ -46,6 +46,7 @@ *

The single sign-one capabilities provided by this factory is based on a HTTP Cookie to track SSO sessions and also an {@link IdentityCache} providing * a storage (eg.: using a shared or distributable cache/map) for these sessions and related data. * + * @deprecated Only inner class SingleSignOnConfiguration is deprecated. * @author Pedro Igor * @author Paul Ferraro */ diff --git a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java index c845093aeef..28243d661b5 100644 --- a/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java +++ b/mechanism/base/src/main/java/org/wildfly/security/mechanism/MechanismUtil.java @@ -37,7 +37,7 @@ * * @author David M. Lloyd * - * @deprecated Should not be part of public API. Moved into internal {@link org.wildfly.security.mechanism._private.MechanismUtil}. + * @deprecated Should not be part of public API. Moved into internal {@link org.wildfly.security.mechanism._private.MechanismUtil org.wildfly.security.mechanism._private.MechanismUtil}. */ @Deprecated public final class MechanismUtil { diff --git a/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java b/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java index a45c5fdad88..f4aa390da7c 100644 --- a/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java +++ b/permission/src/main/java/org/wildfly/security/permission/PermissionActions.java @@ -38,7 +38,7 @@ * * @author David M. Lloyd * - * @deprecated Use one of the abstract permission classes like {@link AbstractActionSetPermission} instead. + * @deprecated Use one of the abstract permission classes like {@link org.wildfly.security.permission.AbstractActionSetPermission org.wildfly.security.permission.AbstractActionSetPermission} instead. */ @Deprecated public final class PermissionActions { diff --git a/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java b/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java index aa1a8e43403..d118dfbfb1e 100644 --- a/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java +++ b/sasl/base/src/main/java/org/wildfly/security/sasl/util/UsernamePasswordHashUtil.java @@ -34,7 +34,7 @@ * * @author Darran Lofthouse * - * @deprecated Use {@link org.wildfly.security.password.PasswordFactory} instead. + * @deprecated Use {@link org.wildfly.security.password.PasswordFactory org.wildfly.security.password.PasswordFactory} instead. */ @Deprecated public class UsernamePasswordHashUtil { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java index b7f54b4501f..6c98492af3f 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClient.java @@ -28,7 +28,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClient} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClient org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClient} instead. */ @Deprecated public final class AuthenticationContextSaslClient extends AbstractDelegatingSaslClient { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java index 9afa9d31cfb..4b4a4980a2b 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslClientFactory.java @@ -33,7 +33,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClientFactory} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClientFactory org.wildfly.security.sasl.auth.util.AuthenticationContextSaslClientFactory} instead. */ @Deprecated public final class AuthenticationContextSaslClientFactory extends AbstractDelegatingSaslClientFactory { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java index 0ad16526b80..9daf5422ac2 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServer.java @@ -29,7 +29,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServer} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServer org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServer} instead. */ @Deprecated public final class AuthenticationContextSaslServer extends AbstractDelegatingSaslServer { diff --git a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java index 4c567577b51..e3eb37f4972 100644 --- a/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java +++ b/sasl/deprecated/src/main/java/org/wildfly/security/sasl/util/AuthenticationContextSaslServerFactory.java @@ -32,7 +32,7 @@ * of the authentication process. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServerFactory} instead. + * @deprecated Use {@link org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServerFactory org.wildfly.security.sasl.auth.util.AuthenticationContextSaslServerFactory} instead. */ @Deprecated public final class AuthenticationContextSaslServerFactory extends AbstractDelegatingSaslServerFactory { diff --git a/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java b/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java index 822d19282cd..53042f1305c 100644 --- a/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java +++ b/ssl/src/main/java/org/wildfly/security/ssl/X509CRLExtendedTrustManager.java @@ -52,7 +52,7 @@ * Extension to the {@link X509TrustManager} interface to support CRL verification. * * @author Pedro Igor - * @deprecated use {@link X509RevocationTrustManager} instead + * @deprecated use {@link org.wildfly.security.ssl.X509RevocationTrustManager org.wildfly.security.ssl.X509RevocationTrustManager} instead */ @Deprecated public final class X509CRLExtendedTrustManager extends X509ExtendedTrustManager { diff --git a/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java b/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java index e311f0f2a21..13169db15af 100644 --- a/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java +++ b/x500/deprecated/src/main/java/org/wildfly/security/x500/X500AttributePrincipalDecoder.java @@ -31,7 +31,7 @@ * A principal decoder which decodes an attribute from an X.500 principal. * * @author David M. Lloyd - * @deprecated Use {@link org.wildfly.security.x500.principal.X500AttributePrincipalDecoder} instead + * @deprecated Use {@link org.wildfly.security.x500.principal.X500AttributePrincipalDecoder org.wildfly.security.x500.principal.X500AttributePrincipalDecoder} instead */ @Deprecated public final class X500AttributePrincipalDecoder implements PrincipalDecoder { From aefc98af84a5c0c628d64c4df6acdfdc9a72a3db Mon Sep 17 00:00:00 2001 From: lvydra Date: Tue, 13 Aug 2024 11:22:24 +0200 Subject: [PATCH 200/205] [ELY-2704] Missing keystore password does not throw a meaningful exception --- .../org/wildfly/security/auth/client/ElytronXmlParser.java | 3 +++ .../security/auth/client/_private/ElytronMessages.java | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java index 967df3725b8..8a933f4951c 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java @@ -3649,6 +3649,9 @@ protected AbstractLoadingKeyStoreFactory(final ExceptionSupplier expectedClass, Class actualClass); + @LogMessage(level = INFO) + @Message(id = 1138, value = "No Keystore password specified \"%s\"") + void noKeystorePasswordSpecified(Location location); + @Message(id = 1139, value = "Failed to create credential store") ConfigXMLParseException xmlFailedToCreateCredentialStore(@Param Location location, @Cause Throwable cause); From fdca5bc00822ec5b9928bb6e94eccc3eda589693 Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Thu, 19 Sep 2024 18:33:12 -0400 Subject: [PATCH 201/205] [ELY-2811] Add missing scope to dynamic-ssl pom.xml for wildfly-elytron-tests-common --- dynamic-ssl/pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index c7f2ac19546..54363043586 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -42,6 +42,7 @@ org.wildfly.security wildfly-elytron-tests-common + test test-jar From 05eab9e75121e3688e4764fc944944c395e3047a Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 20 Sep 2024 10:39:16 -0400 Subject: [PATCH 202/205] [ELY-2812] Release WildFly Elytron 2.6.0.Final --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index d32e1c5e9b1..c88f14de20b 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 5ec36c76f84..6e85cbd0a47 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index ccc48a6e164..f6117ce7b28 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index 0065663bcb8..f25477b83d3 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 43236bc18d6..10605098904 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 8b4ff83135a..95141b4c996 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index aa1220dd8c4..1e45ae1ec46 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index c2c53ad6aaf..fdd250d317b 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index e60743f492f..d0ebe6813f8 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index f383afe00a8..722784163b5 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index a000994a7c9..d585119df82 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index fc66a12e511..2400444bf60 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 9269e6cf515..2778437a1fa 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index af8295c93be..cbd1b26d7a5 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index b4f61ba2b2c..2ac24c7f127 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index c1c32fe439d..4bb4fe9bfc2 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index 0029ab0f026..d283c2854c8 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index a7703d47302..287e0d8b7a2 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index c9c0586cc57..224958735cd 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index 54363043586..b3f68b05aa0 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index 46f30a4e892..a8efcb3afdb 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 47633b7b43a..84a289b8d65 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index b05e5d82a3b..26ef2e5e272 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index b5815c1037f..4263f360e64 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index f225ac4367e..c41848fd85a 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index acad9484258..47b65e349a4 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index 8694401c3af..ecd5a64d9c5 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 0aa29176cbe..2d04b96c0ed 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index a33ef70519f..f672b85be2e 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index 26ce02f7586..e058fcdf082 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 6637658a12b..2f8aa140e84 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index a4ade354696..c0e5908ec71 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index a7e83bd85d2..e5ca2ba1785 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 0b388b19dc9..88f26e62f3c 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 43ef025c195..50ec4dbe55c 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 58dcbd4bb03..1e1248a5e1a 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index c521191e659..93ee5c46316 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index c6f6ec47058..4af80aa535f 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 1aeb2229ff7..1856a685320 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index cf0b3a738b7..0c95809ffaa 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 9e1b9a0ddd5..1f236a89413 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index e19dd5d25da..5f31670c627 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index 99a7feac7a4..de5aa2acb7a 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 43cbaf90d25..736710cfcc6 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index 447611b30cc..b863d36aa92 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 1c825d1cd04..1299b607ad1 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index e2c4ffa4b4a..fc9897a67b1 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index ad959fe7327..94b67db2e0d 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/pom.xml b/pom.xml index 903e772f3f4..5dac88ef116 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index aec357e1f6a..3d743e2db76 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 7e4f7aacff7..897aca60270 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index 6840642e603..c63df074b69 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 4e3cf94e504..58764c32c17 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 60c74bd4e6c..0d6c47606c6 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index 8757135ad62..f52003c03b3 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 75a673a53d8..08088948855 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index ca807f73bc4..20b308d7f76 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index 9a47f463fde..b245c6dc2ea 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 8439267dd75..870b4ed8763 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index f059b7f75da..ffcf944a24a 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index 23948779801..b4aa9443f57 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 05f8b24236e..622aec73d2f 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index cb931c966d7..5a981101c5f 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index d264605b5fc..1c0447814cc 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index a602fa5157d..e02d8bc23a1 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index ca01f34fa0a..d3e86219be3 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index b16c213f2da..3e234c8ea07 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index 4d456f4fbd3..ae42e13da5f 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 91c490d9b0e..67fa92a9952 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index 7ddf47449ce..f5c876a5b4a 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index a9f39f0c20b..dbbca65fae7 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index e451eb0108b..630a39457c5 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index ac8d0abe351..14f814229da 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 8e714784e8f..9999f308bf4 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index 595936911d3..f7e83899b11 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index 45851a01a43..ac23c243c20 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index 3ed4d80fa13..a427d0a56c6 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.5.3.CR1-SNAPSHOT + 2.6.0.Final ../../pom.xml From cbe5152c8baf6ff15447cd89a9144af9a434e6bb Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 20 Sep 2024 10:41:03 -0400 Subject: [PATCH 203/205] Next is 2.6.1 --- asn1/pom.xml | 2 +- audit/pom.xml | 2 +- auth/base/pom.xml | 2 +- auth/client/pom.xml | 2 +- auth/realm/base/pom.xml | 2 +- auth/realm/jdbc/pom.xml | 2 +- auth/realm/ldap/pom.xml | 2 +- auth/realm/token/pom.xml | 2 +- auth/server/base/pom.xml | 2 +- auth/server/deprecated/pom.xml | 2 +- auth/server/http/pom.xml | 2 +- auth/server/sasl/pom.xml | 2 +- auth/util/pom.xml | 2 +- base/pom.xml | 2 +- credential/base/pom.xml | 2 +- credential/source/deprecated/pom.xml | 2 +- credential/source/impl/pom.xml | 2 +- credential/store/pom.xml | 2 +- digest/pom.xml | 2 +- dynamic-ssl/pom.xml | 2 +- encryption/pom.xml | 2 +- http/base/pom.xml | 2 +- http/basic/pom.xml | 2 +- http/bearer/pom.xml | 2 +- http/cert/pom.xml | 2 +- http/deprecated/pom.xml | 2 +- http/digest/pom.xml | 2 +- http/external/pom.xml | 2 +- http/form/pom.xml | 2 +- http/oidc/pom.xml | 2 +- http/spnego/pom.xml | 2 +- http/sso/pom.xml | 2 +- http/stateful-basic/pom.xml | 2 +- http/util/pom.xml | 2 +- jose/jwk/pom.xml | 2 +- jose/util/pom.xml | 2 +- json-util/pom.xml | 2 +- keystore/pom.xml | 2 +- manager/action/pom.xml | 2 +- manager/base/pom.xml | 2 +- mechanism/base/pom.xml | 2 +- mechanism/digest/pom.xml | 2 +- mechanism/gssapi/pom.xml | 2 +- mechanism/http/pom.xml | 2 +- mechanism/oauth2/pom.xml | 2 +- mechanism/scram/pom.xml | 2 +- password/impl/pom.xml | 2 +- permission/pom.xml | 2 +- pom.xml | 2 +- provider/util/pom.xml | 2 +- sasl/anonymous/pom.xml | 2 +- sasl/auth/util/pom.xml | 2 +- sasl/base/pom.xml | 2 +- sasl/deprecated/pom.xml | 2 +- sasl/digest/pom.xml | 2 +- sasl/entity/pom.xml | 2 +- sasl/external/pom.xml | 2 +- sasl/gs2/pom.xml | 2 +- sasl/gssapi/pom.xml | 2 +- sasl/localuser/pom.xml | 2 +- sasl/oauth2/pom.xml | 2 +- sasl/otp/pom.xml | 2 +- sasl/plain/pom.xml | 2 +- sasl/scram/pom.xml | 2 +- ssh/util/pom.xml | 2 +- ssl/pom.xml | 2 +- tests/base/pom.xml | 2 +- tests/common/pom.xml | 2 +- tool/pom.xml | 2 +- util/pom.xml | 2 +- wildfly-elytron/pom.xml | 2 +- x500/base/pom.xml | 2 +- x500/cert/acme/pom.xml | 2 +- x500/cert/base/pom.xml | 2 +- x500/cert/util/pom.xml | 2 +- x500/deprecated/pom.xml | 2 +- x500/principal/pom.xml | 2 +- 77 files changed, 77 insertions(+), 77 deletions(-) diff --git a/asn1/pom.xml b/asn1/pom.xml index c88f14de20b..fb4be4b879d 100644 --- a/asn1/pom.xml +++ b/asn1/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/audit/pom.xml b/audit/pom.xml index 6e85cbd0a47..70673c851c8 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/auth/base/pom.xml b/auth/base/pom.xml index f6117ce7b28..764d0639c6e 100644 --- a/auth/base/pom.xml +++ b/auth/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/client/pom.xml b/auth/client/pom.xml index f25477b83d3..88375a5d569 100644 --- a/auth/client/pom.xml +++ b/auth/client/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/auth/realm/base/pom.xml b/auth/realm/base/pom.xml index 10605098904..7011a4cf695 100644 --- a/auth/realm/base/pom.xml +++ b/auth/realm/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/jdbc/pom.xml b/auth/realm/jdbc/pom.xml index 95141b4c996..d0092cd639b 100644 --- a/auth/realm/jdbc/pom.xml +++ b/auth/realm/jdbc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/ldap/pom.xml b/auth/realm/ldap/pom.xml index 1e45ae1ec46..27a3cda086a 100644 --- a/auth/realm/ldap/pom.xml +++ b/auth/realm/ldap/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/realm/token/pom.xml b/auth/realm/token/pom.xml index fdd250d317b..e0cb18aa0f5 100644 --- a/auth/realm/token/pom.xml +++ b/auth/realm/token/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/base/pom.xml b/auth/server/base/pom.xml index d0ebe6813f8..29a7ec9b566 100644 --- a/auth/server/base/pom.xml +++ b/auth/server/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/deprecated/pom.xml b/auth/server/deprecated/pom.xml index 722784163b5..10b865ef5e6 100644 --- a/auth/server/deprecated/pom.xml +++ b/auth/server/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/http/pom.xml b/auth/server/http/pom.xml index d585119df82..cec7657b45d 100644 --- a/auth/server/http/pom.xml +++ b/auth/server/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/server/sasl/pom.xml b/auth/server/sasl/pom.xml index 2400444bf60..8bf68a3ed45 100644 --- a/auth/server/sasl/pom.xml +++ b/auth/server/sasl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/auth/util/pom.xml b/auth/util/pom.xml index 2778437a1fa..6f39d9fa05e 100644 --- a/auth/util/pom.xml +++ b/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/base/pom.xml b/base/pom.xml index cbd1b26d7a5..1c30ef98cd9 100644 --- a/base/pom.xml +++ b/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/credential/base/pom.xml b/credential/base/pom.xml index 2ac24c7f127..2c98ff8943c 100644 --- a/credential/base/pom.xml +++ b/credential/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/credential/source/deprecated/pom.xml b/credential/source/deprecated/pom.xml index 4bb4fe9bfc2..2c91de751de 100644 --- a/credential/source/deprecated/pom.xml +++ b/credential/source/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/source/impl/pom.xml b/credential/source/impl/pom.xml index d283c2854c8..64e2fb398a1 100644 --- a/credential/source/impl/pom.xml +++ b/credential/source/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 287e0d8b7a2..ac6bc803d5c 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/digest/pom.xml b/digest/pom.xml index 224958735cd..fd791d6cfde 100644 --- a/digest/pom.xml +++ b/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/dynamic-ssl/pom.xml b/dynamic-ssl/pom.xml index b3f68b05aa0..0149158d921 100644 --- a/dynamic-ssl/pom.xml +++ b/dynamic-ssl/pom.xml @@ -5,7 +5,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/encryption/pom.xml b/encryption/pom.xml index a8efcb3afdb..de9ed3fea5f 100644 --- a/encryption/pom.xml +++ b/encryption/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/http/base/pom.xml b/http/base/pom.xml index 84a289b8d65..5fb11808f14 100644 --- a/http/base/pom.xml +++ b/http/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/basic/pom.xml b/http/basic/pom.xml index 26ef2e5e272..382d0f54c79 100644 --- a/http/basic/pom.xml +++ b/http/basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/bearer/pom.xml b/http/bearer/pom.xml index 4263f360e64..c7ca60a5060 100644 --- a/http/bearer/pom.xml +++ b/http/bearer/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/cert/pom.xml b/http/cert/pom.xml index c41848fd85a..669a855053d 100644 --- a/http/cert/pom.xml +++ b/http/cert/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/deprecated/pom.xml b/http/deprecated/pom.xml index 47b65e349a4..190c1e7adc2 100644 --- a/http/deprecated/pom.xml +++ b/http/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/digest/pom.xml b/http/digest/pom.xml index ecd5a64d9c5..8f6d77deb59 100644 --- a/http/digest/pom.xml +++ b/http/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/external/pom.xml b/http/external/pom.xml index 2d04b96c0ed..3951119cd99 100644 --- a/http/external/pom.xml +++ b/http/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/form/pom.xml b/http/form/pom.xml index f672b85be2e..2b72dc32603 100644 --- a/http/form/pom.xml +++ b/http/form/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/oidc/pom.xml b/http/oidc/pom.xml index e058fcdf082..f0a272321fb 100644 --- a/http/oidc/pom.xml +++ b/http/oidc/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/spnego/pom.xml b/http/spnego/pom.xml index 2f8aa140e84..f44833a344d 100644 --- a/http/spnego/pom.xml +++ b/http/spnego/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/sso/pom.xml b/http/sso/pom.xml index c0e5908ec71..3db2fc06dc4 100644 --- a/http/sso/pom.xml +++ b/http/sso/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/stateful-basic/pom.xml b/http/stateful-basic/pom.xml index e5ca2ba1785..ff8fd8a810b 100644 --- a/http/stateful-basic/pom.xml +++ b/http/stateful-basic/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/http/util/pom.xml b/http/util/pom.xml index 88f26e62f3c..3643831549e 100644 --- a/http/util/pom.xml +++ b/http/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/jwk/pom.xml b/jose/jwk/pom.xml index 50ec4dbe55c..4a82a6a3894 100644 --- a/jose/jwk/pom.xml +++ b/jose/jwk/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/jose/util/pom.xml b/jose/util/pom.xml index 1e1248a5e1a..ce6101c1ffb 100644 --- a/jose/util/pom.xml +++ b/jose/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/json-util/pom.xml b/json-util/pom.xml index 93ee5c46316..6ecab3a776c 100644 --- a/json-util/pom.xml +++ b/json-util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/keystore/pom.xml b/keystore/pom.xml index 4af80aa535f..4ab364a873b 100644 --- a/keystore/pom.xml +++ b/keystore/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/manager/action/pom.xml b/manager/action/pom.xml index 1856a685320..b0b5cc6e8bd 100644 --- a/manager/action/pom.xml +++ b/manager/action/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/manager/base/pom.xml b/manager/base/pom.xml index 0c95809ffaa..c43c374f491 100644 --- a/manager/base/pom.xml +++ b/manager/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/base/pom.xml b/mechanism/base/pom.xml index 1f236a89413..e8b21d9cb63 100644 --- a/mechanism/base/pom.xml +++ b/mechanism/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/digest/pom.xml b/mechanism/digest/pom.xml index 5f31670c627..c9989e73abb 100644 --- a/mechanism/digest/pom.xml +++ b/mechanism/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/gssapi/pom.xml b/mechanism/gssapi/pom.xml index de5aa2acb7a..adccd6cda1e 100644 --- a/mechanism/gssapi/pom.xml +++ b/mechanism/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/http/pom.xml b/mechanism/http/pom.xml index 736710cfcc6..394a1de641d 100644 --- a/mechanism/http/pom.xml +++ b/mechanism/http/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/oauth2/pom.xml b/mechanism/oauth2/pom.xml index b863d36aa92..e57683a7787 100644 --- a/mechanism/oauth2/pom.xml +++ b/mechanism/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/mechanism/scram/pom.xml b/mechanism/scram/pom.xml index 1299b607ad1..bee2afec31a 100644 --- a/mechanism/scram/pom.xml +++ b/mechanism/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/password/impl/pom.xml b/password/impl/pom.xml index fc9897a67b1..2e71afafcf7 100644 --- a/password/impl/pom.xml +++ b/password/impl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/permission/pom.xml b/permission/pom.xml index 94b67db2e0d..de8707d9c43 100644 --- a/permission/pom.xml +++ b/permission/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index 5dac88ef116..1c3d9b88295 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT pom WildFly Elytron Parent diff --git a/provider/util/pom.xml b/provider/util/pom.xml index 3d743e2db76..75d25211809 100644 --- a/provider/util/pom.xml +++ b/provider/util/pom.xml @@ -23,7 +23,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/anonymous/pom.xml b/sasl/anonymous/pom.xml index 897aca60270..187cd392425 100644 --- a/sasl/anonymous/pom.xml +++ b/sasl/anonymous/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/auth/util/pom.xml b/sasl/auth/util/pom.xml index c63df074b69..b3464240776 100644 --- a/sasl/auth/util/pom.xml +++ b/sasl/auth/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/sasl/base/pom.xml b/sasl/base/pom.xml index 58764c32c17..c69df220d9f 100644 --- a/sasl/base/pom.xml +++ b/sasl/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/deprecated/pom.xml b/sasl/deprecated/pom.xml index 0d6c47606c6..670e9617d71 100644 --- a/sasl/deprecated/pom.xml +++ b/sasl/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/digest/pom.xml b/sasl/digest/pom.xml index f52003c03b3..9b8ab397d77 100644 --- a/sasl/digest/pom.xml +++ b/sasl/digest/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/entity/pom.xml b/sasl/entity/pom.xml index 08088948855..641fc593cb2 100644 --- a/sasl/entity/pom.xml +++ b/sasl/entity/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/external/pom.xml b/sasl/external/pom.xml index 20b308d7f76..519e17253d6 100644 --- a/sasl/external/pom.xml +++ b/sasl/external/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gs2/pom.xml b/sasl/gs2/pom.xml index b245c6dc2ea..185464c86c0 100644 --- a/sasl/gs2/pom.xml +++ b/sasl/gs2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/gssapi/pom.xml b/sasl/gssapi/pom.xml index 870b4ed8763..9e8c46f409e 100644 --- a/sasl/gssapi/pom.xml +++ b/sasl/gssapi/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/localuser/pom.xml b/sasl/localuser/pom.xml index ffcf944a24a..4d2dcb70815 100644 --- a/sasl/localuser/pom.xml +++ b/sasl/localuser/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/oauth2/pom.xml b/sasl/oauth2/pom.xml index b4aa9443f57..10585dc67e8 100644 --- a/sasl/oauth2/pom.xml +++ b/sasl/oauth2/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/otp/pom.xml b/sasl/otp/pom.xml index 622aec73d2f..2ebcf826d96 100644 --- a/sasl/otp/pom.xml +++ b/sasl/otp/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/plain/pom.xml b/sasl/plain/pom.xml index 5a981101c5f..ce0d479311a 100644 --- a/sasl/plain/pom.xml +++ b/sasl/plain/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/sasl/scram/pom.xml b/sasl/scram/pom.xml index 1c0447814cc..6be4f3ec0aa 100644 --- a/sasl/scram/pom.xml +++ b/sasl/scram/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssh/util/pom.xml b/ssh/util/pom.xml index e02d8bc23a1..cfeab877b40 100644 --- a/ssh/util/pom.xml +++ b/ssh/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/ssl/pom.xml b/ssl/pom.xml index d3e86219be3..bf3c3e3ebe1 100644 --- a/ssl/pom.xml +++ b/ssl/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 3e234c8ea07..10306ce7191 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tests/common/pom.xml b/tests/common/pom.xml index ae42e13da5f..106ac094654 100644 --- a/tests/common/pom.xml +++ b/tests/common/pom.xml @@ -5,7 +5,7 @@ wildfly-elytron-parent org.wildfly.security - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/tool/pom.xml b/tool/pom.xml index 67fa92a9952..6cf2c73c159 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/util/pom.xml b/util/pom.xml index f5c876a5b4a..4ee89f9b23a 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index dbbca65fae7..42aeab43f05 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT 4.0.0 diff --git a/x500/base/pom.xml b/x500/base/pom.xml index 630a39457c5..740db174f50 100644 --- a/x500/base/pom.xml +++ b/x500/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/cert/acme/pom.xml b/x500/cert/acme/pom.xml index 14f814229da..c2040a3d5ed 100644 --- a/x500/cert/acme/pom.xml +++ b/x500/cert/acme/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/base/pom.xml b/x500/cert/base/pom.xml index 9999f308bf4..6af3f479612 100644 --- a/x500/cert/base/pom.xml +++ b/x500/cert/base/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/cert/util/pom.xml b/x500/cert/util/pom.xml index f7e83899b11..5a548aa9725 100644 --- a/x500/cert/util/pom.xml +++ b/x500/cert/util/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../../pom.xml diff --git a/x500/deprecated/pom.xml b/x500/deprecated/pom.xml index ac23c243c20..27075a20280 100644 --- a/x500/deprecated/pom.xml +++ b/x500/deprecated/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml diff --git a/x500/principal/pom.xml b/x500/principal/pom.xml index a427d0a56c6..341c8a24c22 100644 --- a/x500/principal/pom.xml +++ b/x500/principal/pom.xml @@ -24,7 +24,7 @@ org.wildfly.security wildfly-elytron-parent - 2.6.0.Final + 2.6.1.CR1-SNAPSHOT ../../pom.xml From 197587a8e7dc743e7c61acbe0a9d41c9fcea897a Mon Sep 17 00:00:00 2001 From: Farah Juma Date: Fri, 20 Sep 2024 11:00:14 -0400 Subject: [PATCH 204/205] [ELY-2812] Perform API check against 2.6.0.Final --- wildfly-elytron/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wildfly-elytron/pom.xml b/wildfly-elytron/pom.xml index 42aeab43f05..2bf06d9be43 100644 --- a/wildfly-elytron/pom.xml +++ b/wildfly-elytron/pom.xml @@ -557,7 +557,7 @@ org.wildfly.security wildfly-elytron - 2.5.2.Final + 2.6.0.Final jar From 5bd3f48ee3db102a00c158d2447939d116ee3d0c Mon Sep 17 00:00:00 2001 From: Michal Petrov Date: Fri, 20 Sep 2024 19:53:15 +0200 Subject: [PATCH 205/205] [ELY-2813] Do not decode URI for processing --- .../org/wildfly/security/http/oidc/OidcHttpFacade.java | 9 ++------- .../security/http/oidc/QueryParamsEnabledTest.java | 7 +++++++ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java index 1c6f03fa7ad..ba5cb0fa3a9 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcHttpFacade.java @@ -29,7 +29,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.io.UnsupportedEncodingException; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.URI; @@ -204,11 +203,7 @@ public String getMethod() { @Override public String getURI() { - try { - return URLDecoder.decode(request.getRequestURI().toString(), "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw log.failedToDecodeRequestUri(e); - } + return request.getRequestURI().toString(); } @Override @@ -229,7 +224,7 @@ public String getFirstParam(String param) { @Override public String getQueryParamValue(String param) { URI requestURI = request.getRequestURI(); - String query = requestURI.getQuery(); + String query = requestURI.getRawQuery(); if (query != null) { String[] parameters = query.split("&"); for (String parameter : parameters) { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java index d16cc998ffb..3f9c5515fa1 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/QueryParamsEnabledTest.java @@ -79,6 +79,13 @@ public void testSuccessfulAuthenticationWithQueryParamsWithSystemPropertyEnabled performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); + + queryParams = "?url=http%3A%2F%2Flocalhost%2F%3Fone%3Dabc%26two%3Ddef&three=ghi"; + originalUrl = getClientUrl() + queryParams; + expectedUrlAfterRedirect = originalUrl; + performAuthentication(getOidcConfigurationInputStreamWithProviderUrl(), KeycloakConfiguration.ALICE, + KeycloakConfiguration.ALICE_PASSWORD, true, HttpStatus.SC_MOVED_TEMPORARILY, originalUrl, + expectedUrlAfterRedirect, CLIENT_PAGE_TEXT); } }