Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WFCORE-6755] Move the org.wildfly.security:wildfly-elytron-dynamic-ssl artifact into its own module #6066

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
<artifact name="${org.wildfly.security:wildfly-elytron-credential-source-impl}"/>
<artifact name="${org.wildfly.security:wildfly-elytron-credential-store}"/>
<artifact name="${org.wildfly.security:wildfly-elytron-digest}"/>
<artifact name="${org.wildfly.security:wildfly-elytron-dynamic-ssl}"/>
<artifact name="${org.wildfly.security:wildfly-elytron-encryption}"/>
<artifact name="${org.wildfly.security:wildfly-elytron-http}"/>
<artifact name="${org.wildfly.security:wildfly-elytron-http-basic}"/>
Expand Down Expand Up @@ -112,5 +111,6 @@
modules use the parser, they need to have visibility to this module.
-->
<module name="org.wildfly.client.config" export="true"/>
<module name="org.wildfly.security.elytron-dynamic-ssl" export="true" optional="true"/>
</dependencies>
</module>
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>

<!--
~ Copyright The WildFly Authors
~ SPDX-License-Identifier: Apache-2.0
-->
<module xmlns="urn:jboss:module:1.9" name="org.wildfly.security.elytron-dynamic-ssl">

<properties>
<property name="jboss.api" value="private"/>
<property name="jboss.stability" value="community"/>
</properties>

<resources>
<artifact name="${org.wildfly.security:wildfly-elytron-dynamic-ssl}"/>
</resources>

<dependencies>
<module name="java.logging"/>
<module name="org.jboss.logging" />
<module name="org.jboss.logmanager" />
<module name="org.wildfly.security.elytron-base"/>
<module name="org.wildfly.common"/>
<module name="org.wildfly.client.config"/>
</dependencies>
</module>
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,9 @@
<!-- required by default configuration-->
<package name="org.wildfly.extension.elytron.jaas-realm"/>
<package name="org.wildfly.openssl"/>
<!-- In case the feature-pack containing this package is constrained at build time
to a level that doesn't imply 'community', this package will be not packaged inside the feature-pack.
'valid-for-stability' attribute allows to keep this dependency that will be ignored at provisioning time. -->
<package name="org.wildfly.security.elytron-dynamic-ssl" optional="true" valid-for-stability="community"/>
</packages>
</layer-spec>
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright The WildFly Authors
* SPDX-License-Identifier: Apache-2.0
*/

package org.wildfly.extension.elytron;

import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.dynamic.ssl.DynamicSSLContext;
import org.wildfly.security.dynamic.ssl.DynamicSSLContextImpl;
import org.wildfly.security.dynamic.ssl.DynamicSSLContextException;

import javax.net.ssl.SSLContext;
import java.security.GeneralSecurityException;
import static org.wildfly.extension.elytron._private.ElytronSubsystemMessages.ROOT_LOGGER;

/**
* Helper class for obtaining an instance of DynamicSSLContext created from the provided AuthenticationContext
*/
class DynamicSSLContextHelper {

/**
* Get DynamicSSLContext instance from the provided authentication context
* @param authenticationContext authentication context to use with the DynamicSSLContext
* @return DynamicSSLContext instance
*/
static SSLContext getDynamicSSLContextInstance(AuthenticationContext authenticationContext) {
try {
return new DynamicSSLContext(new DynamicSSLContextImpl(authenticationContext));
} catch (DynamicSSLContextException | GeneralSecurityException e) {
throw ROOT_LOGGER.unableToObtainDynamicSSLContext();
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -116,15 +116,12 @@
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.dynamic.ssl.DynamicSSLContextImpl;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismConfigurationSelector;
import org.wildfly.security.auth.server.RealmMapper;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.dynamic.ssl.DynamicSSLContext;
import org.wildfly.security.dynamic.ssl.DynamicSSLContextException;
import org.wildfly.security.keystore.AliasFilter;
import org.wildfly.security.keystore.FilteringKeyStore;
import org.wildfly.security.password.interfaces.ClearPassword;
Expand All @@ -144,6 +141,7 @@
class SSLDefinitions {

private static final BooleanSupplier IS_FIPS = getFipsSupplier();
private static final String ORG_WILDFLY_SECURITY_ELYTRON_DYNAMIC_SSL = "org.wildfly.security.elytron-dynamic-ssl";

static final ServiceUtil<SSLContext> SERVER_SERVICE_UTIL = ServiceUtil.newInstance(SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.SERVER_SSL_CONTEXT, SSLContext.class);
static final ServiceUtil<SSLContext> CLIENT_SERVICE_UTIL = ServiceUtil.newInstance(SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.CLIENT_SSL_CONTEXT, SSLContext.class);
Expand Down Expand Up @@ -1226,13 +1224,18 @@ private static ResourceDefinition createSSLContextDefinition(String pathKey, boo
}

private static ResourceDefinition createSSLContextDefinition(String pathKey, boolean server, AbstractAddStepHandler addHandler, AttributeDefinition[] attributes, boolean serverOrHostController, Stability stability) {
return createSSLContextDefinition(pathKey, server, addHandler, attributes, serverOrHostController, stability, null);
}

private static ResourceDefinition createSSLContextDefinition(String pathKey, boolean server, AbstractAddStepHandler addHandler, AttributeDefinition[] attributes, boolean serverOrHostController, Stability stability, String dependencyPackageName) {

Builder builder = TrivialResourceDefinition.builder()
.setPathKey(pathKey)
.setAddHandler(addHandler)
.setAttributes(attributes)
.setRuntimeCapabilities(SSL_CONTEXT_RUNTIME_CAPABILITY)
.setStability(stability);
.setStability(stability)
.setDependencyPackageName(dependencyPackageName);

if (serverOrHostController) {
builder.addReadOnlyAttribute(ACTIVE_SESSION_COUNT, new SSLContextRuntimeHandler() {
Expand Down Expand Up @@ -1542,13 +1545,7 @@ protected ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext>
ServiceName acServiceName = context.getCapabilityServiceName(authenticationContextCapability, AuthenticationContext.class);
Supplier<AuthenticationContext> authenticationContextSupplier = serviceBuilder.requires(acServiceName);

return () -> {
try {
return new DynamicSSLContext(new DynamicSSLContextImpl(authenticationContextSupplier.get()));
} catch (DynamicSSLContextException | GeneralSecurityException e) {
throw new RuntimeException(e);
}
};
return () -> DynamicSSLContextHelper.getDynamicSSLContextInstance(authenticationContextSupplier.get());
}

@Override
Expand All @@ -1564,7 +1561,7 @@ protected void installedForResource(ServiceController<SSLContext> serviceControl
}
};

return createSSLContextDefinition(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, false, add, attributes, false, Stability.COMMUNITY);
return createSSLContextDefinition(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, false, add, attributes, false, Stability.COMMUNITY, ORG_WILDFLY_SECURITY_ELYTRON_DYNAMIC_SSL);
}

private static Provider[] filterProviders(Provider[] all, String provider) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.registry.RuntimePackageDependency;
import org.jboss.as.version.Stability;

/**
Expand All @@ -36,10 +37,25 @@ final class TrivialResourceDefinition extends SimpleResourceDefinition {
private final Map<OperationDefinition, OperationStepHandler> operations;
private final Map<AttributeDefinition, OperationStepHandler> readOnlyAttributes;
private final List<ResourceDefinition> children;
private final String dependencyPackageName;

TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
this(pathKey, resourceDescriptionResolver, add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
}

TrivialResourceDefinition(String pathKey, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
this(pathKey, ElytronExtension.getResourceDescriptionResolver(pathKey), add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
}

private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AbstractRemoveStepHandler remove, AttributeDefinition[] attributes,
Map<AttributeDefinition, OperationStepHandler> readOnlyAttributes, Map<OperationDefinition, OperationStepHandler> operations, List<ResourceDefinition> children,
RuntimeCapability<?>[] runtimeCapabilities, Stability stability) {
this(pathKey, resourceDescriptionResolver, add, remove, attributes, readOnlyAttributes, operations, children, runtimeCapabilities, stability, null);
}

private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AbstractRemoveStepHandler remove, AttributeDefinition[] attributes,
Map<AttributeDefinition, OperationStepHandler> readOnlyAttributes, Map<OperationDefinition, OperationStepHandler> operations, List<ResourceDefinition> children,
RuntimeCapability<?>[] runtimeCapabilities, Stability stability) {
RuntimeCapability<?>[] runtimeCapabilities, Stability stability, String dependencyPackageName) {
super(new Parameters(ResourceRegistration.of(PathElement.pathElement(pathKey), stability),
resourceDescriptionResolver)
.setAddHandler(add)
Expand All @@ -52,14 +68,7 @@ private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver re
this.readOnlyAttributes = readOnlyAttributes;
this.operations = operations;
this.children = children;
}

TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
this(pathKey, resourceDescriptionResolver, add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
}

TrivialResourceDefinition(String pathKey, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
this(pathKey, ElytronExtension.getResourceDescriptionResolver(pathKey), add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
this.dependencyPackageName = dependencyPackageName;
}

@Override
Expand Down Expand Up @@ -97,6 +106,13 @@ public void registerChildren(ManagementResourceRegistration resourceRegistration
}
}

@Override
public void registerAdditionalRuntimePackages(ManagementResourceRegistration resourceRegistration) {
if (dependencyPackageName != null) {
resourceRegistration.registerAdditionalRuntimePackages(RuntimePackageDependency.required(dependencyPackageName));
}
}

public AttributeDefinition[] getAttributes() {
return attributes;
}
Expand All @@ -117,6 +133,7 @@ static class Builder {
private RuntimeCapability<?>[] runtimeCapabilities;
private List<ResourceDefinition> children;
private Stability stability = Stability.DEFAULT;
private String dependencyPackageName;

Builder() {}

Expand Down Expand Up @@ -189,11 +206,16 @@ Builder addChild(ResourceDefinition child) {
return this;
}

Builder setDependencyPackageName(String dependencyPackageName) {
this.dependencyPackageName = dependencyPackageName;
return this;
}

ResourceDefinition build() {
ResourceDescriptionResolver resourceDescriptionResolver = this.resourceDescriptionResolver != null ? this.resourceDescriptionResolver : ElytronExtension.getResourceDescriptionResolver(pathKey);
return new TrivialResourceDefinition(pathKey, resourceDescriptionResolver, addHandler,
removeHandler != null ? removeHandler : new TrivialCapabilityServiceRemoveHandler(addHandler, runtimeCapabilities),
attributes, readOnlyAttributes, operations, children, runtimeCapabilities, stability);
attributes, readOnlyAttributes, operations, children, runtimeCapabilities, stability, dependencyPackageName);
}

}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -728,6 +728,8 @@ public interface ElytronSubsystemMessages extends BasicLogger {
"use Elytron Tool command `filesystem-realm-encrypt`")
OperationFailedException addSecretKeyToInitializedFilesystemRealm();

@Message(id = 1221, value = "Unable to obtain DynamicSSLContext from the provided authentication context")
RuntimeException unableToObtainDynamicSSLContext();
/*
* Don't just add new errors to the end of the file, there may be an appropriate section above for the resource.
*
Expand Down
Loading