added a new module for encryption client and moved code shared with a…

…uth client to util

auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java

@@ -748,22 +748,22 @@ public AuthenticationConfiguration usePassword(Password password) {
         return password == null ? useCredentials(filtered) : useCredentials(filtered).useCredential(new PasswordCredential(password));
     }
 
-    /**
-     * Create a new configuration which is the same as this configuration, but which uses the given encrypted
-     * password to authenticate. The current encryption client configuration is loaded and is used to decrypt
-     * the encrypted password. If one does not exist, appropriate exception is thrown.
-     *
-     * @param encryptedPassword the password to use
-     * @return the new configuration
-     */
-    public AuthenticationConfiguration decryptAndUsePassword(String encryptedPassword) {
-        EncryptionClientContext ctx = EncryptionClientContext.captureCurrent();
-        if (ctx.encryptionClientConfiguration == null) {
-            throw new EncryptedExpressionResolutionException("No encryption client configuration available");
-        }
-        String password = ctx.encryptionClientConfiguration.encryptedExpressionResolver.resolveExpression(encryptedPassword, ctx.encryptionClientConfiguration);
-        return usePassword(password == null ? null : ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray()));
-    }
+//    /**
+//     * Create a new configuration which is the same as this configuration, but which uses the given encrypted
+//     * password to authenticate. The current encryption client configuration is loaded and is used to decrypt
+//     * the encrypted password. If one does not exist, appropriate exception is thrown.
+//     *
+//     * @param encryptedPassword the password to use
+//     * @return the new configuration
+//     */
+//    public AuthenticationConfiguration decryptAndUsePassword(String encryptedPassword) {
+//        EncryptionClientContext ctx = EncryptionClientContext.captureCurrent();
+//        if (ctx.encryptionClientConfiguration == null) {
+//            throw new EncryptedExpressionResolutionException("No encryption client configuration available");
+//        }
+//        String password = ctx.encryptionClientConfiguration.encryptedExpressionResolver.resolveExpression(encryptedPassword, ctx.encryptionClientConfiguration);
+//        return usePassword(password == null ? null : ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray()));
+//    }
 
     /**
      * Create a new configuration which is the same as this configuration, but which uses the given password to authenticate.

auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java

@@ -22,15 +22,14 @@
 import static javax.xml.stream.XMLStreamConstants.START_ELEMENT;
 import static org.wildfly.common.Assert.checkMinimumParameter;
 import static org.wildfly.common.Assert.checkNotNullParam;
-import static org.wildfly.security.auth.client.XMLParserUtils.isSet;
-import static org.wildfly.security.auth.client.XMLParserUtils.setBit;
-import static org.wildfly.security.auth.client.XMLParserUtils.checkAttributeNamespace;
-import static org.wildfly.security.auth.client.XMLParserUtils.requireNoAttributes;
-import static org.wildfly.security.auth.client.XMLParserUtils.requireSingleAttribute;
-import static org.wildfly.security.auth.client.XMLParserUtils.requireSingleURIAttribute;
-import static org.wildfly.security.auth.client.XMLParserUtils.missingAttribute;
-import static org.wildfly.security.auth.client.XMLParserUtils.invalidPortNumber;
-import static org.wildfly.security.auth.client.XMLParserUtils.andThenOp;
+import static org.wildfly.security.util.XMLParserUtils.isSet;
+import static org.wildfly.security.util.XMLParserUtils.setBit;
+import static org.wildfly.security.util.XMLParserUtils.checkAttributeNamespace;
+import static org.wildfly.security.util.XMLParserUtils.requireNoAttributes;
+import static org.wildfly.security.util.XMLParserUtils.requireSingleAttribute;
+import static org.wildfly.security.util.XMLParserUtils.requireSingleURIAttribute;
+import static org.wildfly.security.util.XMLParserUtils.missingAttribute;
+import static org.wildfly.security.util.XMLParserUtils.andThenOp;
 import static org.wildfly.security.auth.client._private.ElytronMessages.xmlLog;
 import static org.wildfly.security.provider.util.ProviderUtil.INSTALLED_PROVIDERS;
 import static org.wildfly.security.provider.util.ProviderUtil.findProvider;
@@ -83,6 +82,7 @@
 
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.Oid;
+import org.jboss.modules.ModuleLoadException;
 import org.wildfly.client.config.ClientConfiguration;
 import org.wildfly.client.config.ConfigXMLParseException;
 import org.wildfly.client.config.ConfigurationXMLStreamReader;
@@ -114,6 +114,7 @@
 import org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource;
 import org.wildfly.security.credential.source.OAuth2CredentialSource;
 import org.wildfly.security.credential.store.CredentialStore;
+import org.wildfly.security.credential.store.CredentialStoreFactory;
 import org.wildfly.security.keystore.AliasFilter;
 import org.wildfly.security.keystore.FilteringKeyStore;
 import org.wildfly.security.keystore.KeyStoreUtil;
@@ -139,6 +140,7 @@
 import org.wildfly.security.ssl.SSLContextBuilder;
 import org.wildfly.security.ssl.X509RevocationTrustManager;
 import org.wildfly.security.ssh.util.SshUtil;
+import org.wildfly.security.util.ModuleLoader;
 
 /**
  * A parser for the Elytron XML schema.
@@ -1230,7 +1232,12 @@ static void parseAuthenticationConfigurationType(ConfigurationXMLStreamReader re
                         if (isSet(foundBits, 12)) throw reader.unexpectedElement();
                         foundBits = setBit(foundBits, 12);
                         final String moduleName = parseModuleRefType(reader);
-                        final ClassLoader classLoader = (moduleName == null) ? ElytronXmlParser.class.getClassLoader() : ModuleLoader.getClassLoaderFromModule(reader, moduleName);
+                        final ClassLoader classLoader;
+                        try {
+                            classLoader = (moduleName == null) ? ElytronXmlParser.class.getClassLoader() : ModuleLoader.getClassLoaderFromModule(moduleName);
+                        } catch (ModuleLoadException e){
+                            throw xmlLog.xmlNoModuleFound(reader, e, moduleName);
+                        }
                         configuration = andThenOp(configuration, parentConfig -> parentConfig.useSaslClientFactory(new ServiceLoaderSaslClientFactory(classLoader)));
                         break;
                     }
@@ -1286,9 +1293,14 @@ static Supplier<Provider[]> parseProvidersType(ConfigurationXMLStreamReader read
                         if (isSet(foundBits, 2)) throw reader.unexpectedElement();
                         foundBits = setBit(foundBits, 2);
                         final String moduleName = parseModuleRefType(reader);
-                        Supplier<Provider[]> serviceLoaderSupplier = (moduleName == null) ?
-                                ELYTRON_PROVIDER_SUPPLIER :
-                                new ProviderServiceLoaderSupplier(ModuleLoader.getClassLoaderFromModule(reader, moduleName));
+                        Supplier<Provider[]> serviceLoaderSupplier;
+                        try {
+                            serviceLoaderSupplier = (moduleName == null) ?
+                                    ELYTRON_PROVIDER_SUPPLIER :
+                                    new ProviderServiceLoaderSupplier(ModuleLoader.getClassLoaderFromModule(moduleName));
+                        } catch (ModuleLoadException e) {
+                            throw xmlLog.xmlNoModuleFound(reader, e, moduleName);
+                        }
                         providerSupplier = providerSupplier == null ? serviceLoaderSupplier : ProviderUtil.aggregate(providerSupplier, serviceLoaderSupplier);
                         break;
                     }
@@ -2377,7 +2389,8 @@ private static void parseCredentialStoreType(ConfigurationXMLStreamReader reader
                 }
             } else if (tag == END_ELEMENT) {
                 if (!credentialStoresMap.containsKey(name)) {
-                    ExceptionSupplier<CredentialStore, ConfigXMLParseException> credentialStoreSecurityFactory = new CredentialStoreFactory(name, type, attributesMap, provider, location, credentialSourceSupplier, providersSupplier);
+                    ExceptionSupplier<CredentialStore, ConfigXMLParseException> credentialStoreSecurityFactory;
+                    credentialStoreSecurityFactory = new CredentialStoreFactory(name, type, attributesMap, provider, location, credentialSourceSupplier, providersSupplier);
                     credentialStoresMap.put(name, credentialStoreSecurityFactory);
                 } else {
                     throw xmlLog.duplicateCredentialStoreName(reader, name);
@@ -2578,7 +2591,12 @@ static ExceptionSupplier<InputStream, IOException> parseResourceType(Configurati
                 throw reader.unexpectedElement();
             } else if (tag == END_ELEMENT) {
                 final String resourceName = name;
-                final ClassLoader classLoader = module != null ? ModuleLoader.getClassLoaderFromModule(reader, module) : Thread.currentThread().getContextClassLoader();
+                final ClassLoader classLoader;
+                try {
+                    classLoader = module != null ? ModuleLoader.getClassLoaderFromModule(module) : Thread.currentThread().getContextClassLoader();
+                } catch (ModuleLoadException e) {
+                    throw xmlLog.xmlNoModuleFound(reader, e, module);
+                }
                 return () -> {
                     ClassLoader actualClassLoader = classLoader != null ? classLoader : ElytronXmlParser.class.getClassLoader();
                     final InputStream stream = actualClassLoader.getResourceAsStream(resourceName);
@@ -2849,6 +2867,11 @@ static ProtocolSelector parseProtocolSelectorNamesType(ConfigurationXMLStreamRea
         return selector;
     }
 
+
+    static ConfigXMLParseException invalidPortNumber(final ConfigurationXMLStreamReader reader, final int index) throws ConfigXMLParseException {
+        return xmlLog.xmlInvalidPortNumber(reader, reader.getAttributeValueResolved(index), reader.getAttributeLocalName(index), reader.getName());
+    }
+
     /**
      * Parse an XML element of type {@code module-ref-type} from an XML reader.
      *

auth/client/src/main/java/org/wildfly/security/auth/client/InvalidAuthenticationConfigurationException.java

@@ -15,7 +15,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.wildfly.security.auth.client;
 
 /**

auth/client/src/main/java/org/wildfly/security/auth/client/_private/ElytronMessages.java

@@ -40,7 +40,6 @@
 import org.wildfly.client.config.ConfigXMLParseException;
 import org.wildfly.client.config.ConfigurationXMLStreamReader;
 import org.wildfly.client.config.XMLLocation;
-import org.wildfly.security.auth.client.EncryptedExpressionResolutionException;
 
 /**
  * Log messages and exceptions for Elytron.
@@ -76,11 +75,11 @@ public interface ElytronMessages extends BasicLogger {
 
     @Message(id = 1001, value = "No module found for identifier \"%s\"")
     ConfigXMLParseException xmlNoModuleFound(@Param XMLStreamReader reader, @Cause Exception e,
-            String moduleIdentifier);
+                                             String moduleIdentifier);
 
     @Message(id = 1002, value = "Invalid port number \"%s\" specified for attribute \"%s\" of element \"%s\"; expected a numerical value between 1 and 65535 (inclusive)")
     ConfigXMLParseException xmlInvalidPortNumber(@Param XMLStreamReader reader, String attributeValue,
-            String attributeName, QName elementName);
+                                                 String attributeName, QName elementName);
 
     @Message(id = 1028, value = "Invalid port number \"%d\"")
     IllegalArgumentException invalidPortNumber(int port);
@@ -118,7 +117,7 @@ ConfigXMLParseException xmlInvalidPortNumber(@Param XMLStreamReader reader, Stri
 
     @Message(id = 1134, value = "Duplicate authentication configuration name \"%s\"")
     ConfigXMLParseException xmlDuplicateAuthenticationConfigurationName(String name,
-            @Param ConfigurationXMLStreamReader reader);
+                                                                        @Param ConfigurationXMLStreamReader reader);
 
     @Message(id = 1135, value = "Failed to load keystore data")
     ConfigXMLParseException xmlFailedToLoadKeyStoreData(@Param Location location, @Cause Throwable cause);
@@ -128,14 +127,14 @@ ConfigXMLParseException xmlDuplicateAuthenticationConfigurationName(String name,
 
     @Message(id = 1137, value = "Invalid key store entry type for alias \"%s\" (expected %s, got %s)")
     ConfigXMLParseException xmlInvalidKeyStoreEntryType(@Param Location location, String alias, Class<?> expectedClass,
-            Class<?> actualClass);
+                                                        Class<?> actualClass);
 
     @Message(id = 1139, value = "Failed to create credential store")
     ConfigXMLParseException xmlFailedToCreateCredentialStore(@Param Location location, @Cause Throwable cause);
 
     @Message(id = 1140, value = "Wrong PEM content type; expected %s, actually was %s")
     ConfigXMLParseException xmlWrongPemType(@Param ConfigurationXMLStreamReader reader, Class<?> expected,
-            Class<?> actual);
+                                            Class<?> actual);
 
     @Message(id = 1141, value = "No PEM content found")
     ConfigXMLParseException xmlNoPemContent(@Param ConfigurationXMLStreamReader reader);
@@ -151,11 +150,11 @@ ConfigXMLParseException xmlWrongPemType(@Param ConfigurationXMLStreamReader read
 
     @Message(id = 1163, value = "Mechanism OID conversion from string \"%s\" failed")
     ConfigXMLParseException xmlGssMechanismOidConversionFailed(@Param XMLStreamReader reader, String mechanismOid,
-            @Cause Throwable cause);
+                                                               @Cause Throwable cause);
 
     @Message(id = 1164, value = "Unable to identify provider name=%s, for service type=%s, algorithm=%s")
     ConfigXMLParseException xmlUnableToIdentifyProvider(@Param Location location, String providerName,
-            String serviceType, String algorithm);
+                                                        String serviceType, String algorithm);
 
     @LogMessage(level = WARN)
     @Message(id = 1166, value = "%2$s: Element \"%1$s\" is deprecated")
@@ -215,28 +214,4 @@ ConfigXMLParseException xmlUnableToIdentifyProvider(@Param Location location, St
     @Message(id = 14008, value = "WildFlyElytronClientDefaultSSLContextProvider could not obtain client default SSLContext")
     NoSuchAlgorithmException couldNotObtainClientDefaultSSLContext();
 
-    @Message(id = 14009, value = "The expression '%s' does not specify a resolver and no default is defined.")
-    EncryptedExpressionResolutionException expressionResolutionWithoutResolver(String expression);
-
-    @Message(id = 14010, value = "The expression '%s' specifies a resolver configuration which does not exist.")
-    EncryptedExpressionResolutionException invalidResolver(String expression);
-
-    @Message(id = 14011, value = "Unable to load credential from credential store.")
-    EncryptedExpressionResolutionException unableToLoadCredential(@Cause Throwable cause);
-
-    @Message(id = 14012, value = "Unable to decrypt expression '%s'.")
-    EncryptedExpressionResolutionException unableToDecryptExpression(String expression, @Cause Throwable cause);
-
-    @Message(id = 14013, value = "The name of the resolver to use was not specified and no default-resolver has been defined.")
-    EncryptedExpressionResolutionException noResolverSpecifiedAndNoDefault();
-
-    @Message(id = 14014, value = "No expression resolver has been defined with the name '%s'.")
-    EncryptedExpressionResolutionException noResolverWithSpecifiedName(String name);
-
-    @Message(id = 14015, value = "Credential alias '%s' of credential type '%s' does not exist in the store")
-    EncryptedExpressionResolutionException credentialDoesNotExist(String alias, String credentialType);
-
-    @Message(id = 14016, value = "Unable to encrypt the supplied clear text.")
-    EncryptedExpressionResolutionException unableToEncryptClearText(@Cause Throwable cause);
-
 }

auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java

@@ -131,7 +131,7 @@
 import org.wildfly.security.credential.PasswordCredential;
 import org.wildfly.security.credential.PublicKeyCredential;
 import org.wildfly.security.credential.X509CertificateChainPublicCredential;
-import org.wildfly.security.encryption.CipherUtil;
+import org.wildfly.security.encryption.base.CipherUtil;
 import org.wildfly.security.evidence.Evidence;
 import org.wildfly.security.password.Password;
 import org.wildfly.security.password.PasswordFactory;

credential/store/pom.xml

@@ -36,6 +36,10 @@
     <description>WildFly Security Credential Store SPIs and implementaions</description>
 
     <dependencies>
+        <dependency>
+            <groupId>org.wildfly.client</groupId>
+            <artifactId>wildfly-client-config</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-asn1</artifactId>