Merge pull request wildfly#6066 from yersan/WFCORE-6755

[WFCORE-6755] Move the org.wildfly.security:wildfly-elytron-dynamic-ssl artifact into its own module

Author: yersan

core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml

@@ -34,7 +34,6 @@
         <artifact name="${org.wildfly.security:wildfly-elytron-credential-source-impl}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-credential-store}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-digest}"/>
-        <artifact name="${org.wildfly.security:wildfly-elytron-dynamic-ssl}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-encryption}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-http}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-http-basic}"/>
@@ -112,5 +111,6 @@
         modules use the parser, they need to have visibility to this module.
         -->
         <module name="org.wildfly.client.config" export="true"/>
+        <module name="org.wildfly.security.elytron-dynamic-ssl" export="true" optional="true"/>
     </dependencies>
 </module>

core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-dynamic-ssl/main/module.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Copyright The WildFly Authors
+  ~ SPDX-License-Identifier: Apache-2.0
+  -->
+<module xmlns="urn:jboss:module:1.9" name="org.wildfly.security.elytron-dynamic-ssl">
+
+    <properties>
+        <property name="jboss.api" value="private"/>
+        <property name="jboss.stability" value="community"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.wildfly.security:wildfly-elytron-dynamic-ssl}"/>
+    </resources>
+
+    <dependencies>
+        <module name="java.logging"/>
+        <module name="org.jboss.logging" />
+        <module name="org.jboss.logmanager" />
+        <module name="org.wildfly.security.elytron-base"/>
+        <module name="org.wildfly.common"/>
+        <module name="org.wildfly.client.config"/>
+    </dependencies>
+</module>

core-feature-pack/galleon-common/src/main/resources/layers/standalone/elytron/layer-spec.xml

@@ -17,5 +17,9 @@
         <!-- required by default configuration-->
         <package name="org.wildfly.extension.elytron.jaas-realm"/>
         <package name="org.wildfly.openssl"/>
+        <!-- In case the feature-pack containing this package is constrained at build time
+             to a level that doesn't imply 'community', this package will be not packaged inside the feature-pack.
+             'valid-for-stability' attribute allows to keep this dependency that will be ignored at provisioning time. -->
+        <package name="org.wildfly.security.elytron-dynamic-ssl" optional="true" valid-for-stability="community"/>
     </packages>
 </layer-spec>

elytron/src/main/java/org/wildfly/extension/elytron/DynamicSSLContextHelper.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.extension.elytron;
+
+import org.wildfly.security.auth.client.AuthenticationContext;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContext;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContextImpl;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContextException;
+
+import javax.net.ssl.SSLContext;
+import java.security.GeneralSecurityException;
+import static org.wildfly.extension.elytron._private.ElytronSubsystemMessages.ROOT_LOGGER;
+
+/**
+ * Helper class for obtaining an instance of DynamicSSLContext created from the provided AuthenticationContext
+ */
+class DynamicSSLContextHelper {
+
+    /**
+     * Get DynamicSSLContext instance from the provided authentication context
+     * @param authenticationContext authentication context to use with the DynamicSSLContext
+     * @return DynamicSSLContext instance
+     */
+    static SSLContext getDynamicSSLContextInstance(AuthenticationContext authenticationContext) {
+        try {
+            return new DynamicSSLContext(new DynamicSSLContextImpl(authenticationContext));
+        } catch (DynamicSSLContextException |  GeneralSecurityException e) {
+            throw ROOT_LOGGER.unableToObtainDynamicSSLContext();
+        }
+    }
+}

elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java

@@ -116,15 +116,12 @@
 import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
 import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
 import org.wildfly.security.auth.client.AuthenticationContext;
-import org.wildfly.security.dynamic.ssl.DynamicSSLContextImpl;
 import org.wildfly.security.auth.server.MechanismConfiguration;
 import org.wildfly.security.auth.server.MechanismConfigurationSelector;
 import org.wildfly.security.auth.server.RealmMapper;
 import org.wildfly.security.auth.server.SecurityDomain;
 import org.wildfly.security.credential.PasswordCredential;
 import org.wildfly.security.credential.source.CredentialSource;
-import org.wildfly.security.dynamic.ssl.DynamicSSLContext;
-import org.wildfly.security.dynamic.ssl.DynamicSSLContextException;
 import org.wildfly.security.keystore.AliasFilter;
 import org.wildfly.security.keystore.FilteringKeyStore;
 import org.wildfly.security.password.interfaces.ClearPassword;
@@ -144,6 +141,7 @@
 class SSLDefinitions {
 
     private static final BooleanSupplier IS_FIPS = getFipsSupplier();
+    private static final String ORG_WILDFLY_SECURITY_ELYTRON_DYNAMIC_SSL = "org.wildfly.security.elytron-dynamic-ssl";
 
     static final ServiceUtil<SSLContext> SERVER_SERVICE_UTIL = ServiceUtil.newInstance(SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.SERVER_SSL_CONTEXT, SSLContext.class);
     static final ServiceUtil<SSLContext> CLIENT_SERVICE_UTIL = ServiceUtil.newInstance(SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.CLIENT_SSL_CONTEXT, SSLContext.class);
@@ -1226,13 +1224,18 @@ private static ResourceDefinition createSSLContextDefinition(String pathKey, boo
     }
 
     private static ResourceDefinition createSSLContextDefinition(String pathKey, boolean server, AbstractAddStepHandler addHandler, AttributeDefinition[] attributes, boolean serverOrHostController, Stability stability) {
+        return createSSLContextDefinition(pathKey, server, addHandler, attributes, serverOrHostController, stability, null);
+    }
+
+    private static ResourceDefinition createSSLContextDefinition(String pathKey, boolean server, AbstractAddStepHandler addHandler, AttributeDefinition[] attributes, boolean serverOrHostController, Stability stability, String dependencyPackageName) {
 
         Builder builder = TrivialResourceDefinition.builder()
                 .setPathKey(pathKey)
                 .setAddHandler(addHandler)
                 .setAttributes(attributes)
                 .setRuntimeCapabilities(SSL_CONTEXT_RUNTIME_CAPABILITY)
-                .setStability(stability);
+                .setStability(stability)
+                .setDependencyPackageName(dependencyPackageName);
 
         if (serverOrHostController) {
             builder.addReadOnlyAttribute(ACTIVE_SESSION_COUNT, new SSLContextRuntimeHandler() {
@@ -1542,13 +1545,7 @@ protected ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext>
                 ServiceName acServiceName = context.getCapabilityServiceName(authenticationContextCapability, AuthenticationContext.class);
                 Supplier<AuthenticationContext> authenticationContextSupplier = serviceBuilder.requires(acServiceName);
 
-                return () -> {
-                    try {
-                        return new DynamicSSLContext(new DynamicSSLContextImpl(authenticationContextSupplier.get()));
-                    } catch (DynamicSSLContextException | GeneralSecurityException e) {
-                        throw new RuntimeException(e);
-                    }
-                };
+                return () -> DynamicSSLContextHelper.getDynamicSSLContextInstance(authenticationContextSupplier.get());
             }
 
             @Override
@@ -1564,7 +1561,7 @@ protected void installedForResource(ServiceController<SSLContext> serviceControl
             }
         };
 
-        return createSSLContextDefinition(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, false, add, attributes, false, Stability.COMMUNITY);
+        return createSSLContextDefinition(ElytronDescriptionConstants.DYNAMIC_CLIENT_SSL_CONTEXT, false, add, attributes, false, Stability.COMMUNITY, ORG_WILDFLY_SECURITY_ELYTRON_DYNAMIC_SSL);
     }
 
     private static Provider[] filterProviders(Provider[] all, String provider) {

elytron/src/main/java/org/wildfly/extension/elytron/TrivialResourceDefinition.java

@@ -23,6 +23,7 @@
 import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
 import org.jboss.as.controller.registry.OperationEntry;
+import org.jboss.as.controller.registry.RuntimePackageDependency;
 import org.jboss.as.version.Stability;
 
 /**
@@ -36,10 +37,25 @@ final class TrivialResourceDefinition extends SimpleResourceDefinition {
     private final Map<OperationDefinition, OperationStepHandler> operations;
     private final Map<AttributeDefinition, OperationStepHandler> readOnlyAttributes;
     private final List<ResourceDefinition> children;
+    private final String dependencyPackageName;
+
+    TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
+        this(pathKey, resourceDescriptionResolver, add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
+    }
+
+    TrivialResourceDefinition(String pathKey, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
+        this(pathKey, ElytronExtension.getResourceDescriptionResolver(pathKey), add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
+    }
+
+    private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AbstractRemoveStepHandler remove, AttributeDefinition[] attributes,
+                                      Map<AttributeDefinition, OperationStepHandler> readOnlyAttributes, Map<OperationDefinition, OperationStepHandler> operations, List<ResourceDefinition> children,
+                                      RuntimeCapability<?>[] runtimeCapabilities, Stability stability) {
+        this(pathKey, resourceDescriptionResolver, add, remove, attributes, readOnlyAttributes, operations, children, runtimeCapabilities, stability, null);
+    }
 
     private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AbstractRemoveStepHandler remove, AttributeDefinition[] attributes,
             Map<AttributeDefinition, OperationStepHandler> readOnlyAttributes, Map<OperationDefinition, OperationStepHandler> operations, List<ResourceDefinition> children,
-            RuntimeCapability<?>[] runtimeCapabilities, Stability stability) {
+            RuntimeCapability<?>[] runtimeCapabilities, Stability stability, String dependencyPackageName) {
         super(new Parameters(ResourceRegistration.of(PathElement.pathElement(pathKey), stability),
                 resourceDescriptionResolver)
             .setAddHandler(add)
@@ -52,14 +68,7 @@ private TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver re
         this.readOnlyAttributes = readOnlyAttributes;
         this.operations = operations;
         this.children = children;
-    }
-
-    TrivialResourceDefinition(String pathKey, ResourceDescriptionResolver resourceDescriptionResolver, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
-        this(pathKey, resourceDescriptionResolver, add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
-    }
-
-    TrivialResourceDefinition(String pathKey, AbstractAddStepHandler add, AttributeDefinition[] attributes, RuntimeCapability<?> ... runtimeCapabilities) {
-        this(pathKey, ElytronExtension.getResourceDescriptionResolver(pathKey), add, new TrivialCapabilityServiceRemoveHandler(add, runtimeCapabilities), attributes, null, null, null, runtimeCapabilities, Stability.DEFAULT);
+        this.dependencyPackageName = dependencyPackageName;
     }
 
     @Override
@@ -97,6 +106,13 @@ public void registerChildren(ManagementResourceRegistration resourceRegistration
         }
     }
 
+    @Override
+    public void registerAdditionalRuntimePackages(ManagementResourceRegistration resourceRegistration) {
+        if (dependencyPackageName != null) {
+            resourceRegistration.registerAdditionalRuntimePackages(RuntimePackageDependency.required(dependencyPackageName));
+        }
+    }
+
     public AttributeDefinition[] getAttributes() {
         return attributes;
     }
@@ -117,6 +133,7 @@ static class Builder {
         private RuntimeCapability<?>[] runtimeCapabilities;
         private List<ResourceDefinition> children;
         private Stability stability = Stability.DEFAULT;
+        private String dependencyPackageName;
 
         Builder() {}
 
@@ -189,11 +206,16 @@ Builder addChild(ResourceDefinition child) {
             return this;
         }
 
+        Builder setDependencyPackageName(String dependencyPackageName) {
+            this.dependencyPackageName = dependencyPackageName;
+            return this;
+        }
+
         ResourceDefinition build() {
             ResourceDescriptionResolver resourceDescriptionResolver = this.resourceDescriptionResolver != null ? this.resourceDescriptionResolver : ElytronExtension.getResourceDescriptionResolver(pathKey);
             return new TrivialResourceDefinition(pathKey, resourceDescriptionResolver, addHandler,
                     removeHandler != null ? removeHandler : new TrivialCapabilityServiceRemoveHandler(addHandler, runtimeCapabilities),
-                    attributes, readOnlyAttributes, operations, children, runtimeCapabilities, stability);
+                    attributes, readOnlyAttributes, operations, children, runtimeCapabilities, stability, dependencyPackageName);
         }
 
     }

elytron/src/main/java/org/wildfly/extension/elytron/_private/ElytronSubsystemMessages.java

@@ -731,6 +731,8 @@ public interface ElytronSubsystemMessages extends BasicLogger {
             "use Elytron Tool command `filesystem-realm-encrypt`")
     OperationFailedException addSecretKeyToInitializedFilesystemRealm();
 
+    @Message(id = 1221, value = "Unable to obtain DynamicSSLContext from the provided authentication context")
+    RuntimeException unableToObtainDynamicSSLContext();
     /*
      * Don't just add new errors to the end of the file, there may be an appropriate section above for the resource.
      *