diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java b/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java index b7ebaaea430..81fcf55dbc0 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java @@ -748,22 +748,22 @@ public AuthenticationConfiguration usePassword(Password password) { return password == null ? useCredentials(filtered) : useCredentials(filtered).useCredential(new PasswordCredential(password)); } - /** - * Create a new configuration which is the same as this configuration, but which uses the given encrypted - * password to authenticate. The current encryption client configuration is loaded and is used to decrypt - * the encrypted password. If one does not exist, appropriate exception is thrown. - * - * @param encryptedPassword the password to use - * @return the new configuration - */ - public AuthenticationConfiguration decryptAndUsePassword(String encryptedPassword) { - EncryptionClientContext ctx = EncryptionClientContext.captureCurrent(); - if (ctx.encryptionClientConfiguration == null) { - throw new EncryptedExpressionResolutionException("No encryption client configuration available"); - } - String password = ctx.encryptionClientConfiguration.encryptedExpressionResolver.resolveExpression(encryptedPassword, ctx.encryptionClientConfiguration); - return usePassword(password == null ? null : ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray())); - } +// /** +// * Create a new configuration which is the same as this configuration, but which uses the given encrypted +// * password to authenticate. The current encryption client configuration is loaded and is used to decrypt +// * the encrypted password. If one does not exist, appropriate exception is thrown. +// * +// * @param encryptedPassword the password to use +// * @return the new configuration +// */ +// public AuthenticationConfiguration decryptAndUsePassword(String encryptedPassword) { +// EncryptionClientContext ctx = EncryptionClientContext.captureCurrent(); +// if (ctx.encryptionClientConfiguration == null) { +// throw new EncryptedExpressionResolutionException("No encryption client configuration available"); +// } +// String password = ctx.encryptionClientConfiguration.encryptedExpressionResolver.resolveExpression(encryptedPassword, ctx.encryptionClientConfiguration); +// return usePassword(password == null ? null : ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray())); +// } /** * Create a new configuration which is the same as this configuration, but which uses the given password to authenticate. diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java index 4a1f8f9cb41..9bde866db2b 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java @@ -22,15 +22,14 @@ import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; import static org.wildfly.common.Assert.checkMinimumParameter; import static org.wildfly.common.Assert.checkNotNullParam; -import static org.wildfly.security.auth.client.XMLParserUtils.isSet; -import static org.wildfly.security.auth.client.XMLParserUtils.setBit; -import static org.wildfly.security.auth.client.XMLParserUtils.checkAttributeNamespace; -import static org.wildfly.security.auth.client.XMLParserUtils.requireNoAttributes; -import static org.wildfly.security.auth.client.XMLParserUtils.requireSingleAttribute; -import static org.wildfly.security.auth.client.XMLParserUtils.requireSingleURIAttribute; -import static org.wildfly.security.auth.client.XMLParserUtils.missingAttribute; -import static org.wildfly.security.auth.client.XMLParserUtils.invalidPortNumber; -import static org.wildfly.security.auth.client.XMLParserUtils.andThenOp; +import static org.wildfly.security.util.XMLParserUtils.isSet; +import static org.wildfly.security.util.XMLParserUtils.setBit; +import static org.wildfly.security.util.XMLParserUtils.checkAttributeNamespace; +import static org.wildfly.security.util.XMLParserUtils.requireNoAttributes; +import static org.wildfly.security.util.XMLParserUtils.requireSingleAttribute; +import static org.wildfly.security.util.XMLParserUtils.requireSingleURIAttribute; +import static org.wildfly.security.util.XMLParserUtils.missingAttribute; +import static org.wildfly.security.util.XMLParserUtils.andThenOp; import static org.wildfly.security.auth.client._private.ElytronMessages.xmlLog; import static org.wildfly.security.provider.util.ProviderUtil.INSTALLED_PROVIDERS; import static org.wildfly.security.provider.util.ProviderUtil.findProvider; @@ -83,6 +82,7 @@ import org.ietf.jgss.GSSException; import org.ietf.jgss.Oid; +import org.jboss.modules.ModuleLoadException; import org.wildfly.client.config.ClientConfiguration; import org.wildfly.client.config.ConfigXMLParseException; import org.wildfly.client.config.ConfigurationXMLStreamReader; @@ -114,6 +114,7 @@ import org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource; import org.wildfly.security.credential.source.OAuth2CredentialSource; import org.wildfly.security.credential.store.CredentialStore; +import org.wildfly.security.credential.store.CredentialStoreFactory; import org.wildfly.security.keystore.AliasFilter; import org.wildfly.security.keystore.FilteringKeyStore; import org.wildfly.security.keystore.KeyStoreUtil; @@ -139,6 +140,7 @@ import org.wildfly.security.ssl.SSLContextBuilder; import org.wildfly.security.ssl.X509RevocationTrustManager; import org.wildfly.security.ssh.util.SshUtil; +import org.wildfly.security.util.ModuleLoader; /** * A parser for the Elytron XML schema. @@ -1230,7 +1232,12 @@ static void parseAuthenticationConfigurationType(ConfigurationXMLStreamReader re if (isSet(foundBits, 12)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 12); final String moduleName = parseModuleRefType(reader); - final ClassLoader classLoader = (moduleName == null) ? ElytronXmlParser.class.getClassLoader() : ModuleLoader.getClassLoaderFromModule(reader, moduleName); + final ClassLoader classLoader; + try { + classLoader = (moduleName == null) ? ElytronXmlParser.class.getClassLoader() : ModuleLoader.getClassLoaderFromModule(moduleName); + } catch (ModuleLoadException e){ + throw xmlLog.xmlNoModuleFound(reader, e, moduleName); + } configuration = andThenOp(configuration, parentConfig -> parentConfig.useSaslClientFactory(new ServiceLoaderSaslClientFactory(classLoader))); break; } @@ -1286,9 +1293,14 @@ static Supplier parseProvidersType(ConfigurationXMLStreamReader read if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2); final String moduleName = parseModuleRefType(reader); - Supplier serviceLoaderSupplier = (moduleName == null) ? - ELYTRON_PROVIDER_SUPPLIER : - new ProviderServiceLoaderSupplier(ModuleLoader.getClassLoaderFromModule(reader, moduleName)); + Supplier serviceLoaderSupplier; + try { + serviceLoaderSupplier = (moduleName == null) ? + ELYTRON_PROVIDER_SUPPLIER : + new ProviderServiceLoaderSupplier(ModuleLoader.getClassLoaderFromModule(moduleName)); + } catch (ModuleLoadException e) { + throw xmlLog.xmlNoModuleFound(reader, e, moduleName); + } providerSupplier = providerSupplier == null ? serviceLoaderSupplier : ProviderUtil.aggregate(providerSupplier, serviceLoaderSupplier); break; } @@ -2377,7 +2389,8 @@ private static void parseCredentialStoreType(ConfigurationXMLStreamReader reader } } else if (tag == END_ELEMENT) { if (!credentialStoresMap.containsKey(name)) { - ExceptionSupplier credentialStoreSecurityFactory = new CredentialStoreFactory(name, type, attributesMap, provider, location, credentialSourceSupplier, providersSupplier); + ExceptionSupplier credentialStoreSecurityFactory; + credentialStoreSecurityFactory = new CredentialStoreFactory(name, type, attributesMap, provider, location, credentialSourceSupplier, providersSupplier); credentialStoresMap.put(name, credentialStoreSecurityFactory); } else { throw xmlLog.duplicateCredentialStoreName(reader, name); @@ -2578,7 +2591,12 @@ static ExceptionSupplier parseResourceType(Configurati throw reader.unexpectedElement(); } else if (tag == END_ELEMENT) { final String resourceName = name; - final ClassLoader classLoader = module != null ? ModuleLoader.getClassLoaderFromModule(reader, module) : Thread.currentThread().getContextClassLoader(); + final ClassLoader classLoader; + try { + classLoader = module != null ? ModuleLoader.getClassLoaderFromModule(module) : Thread.currentThread().getContextClassLoader(); + } catch (ModuleLoadException e) { + throw xmlLog.xmlNoModuleFound(reader, e, module); + } return () -> { ClassLoader actualClassLoader = classLoader != null ? classLoader : ElytronXmlParser.class.getClassLoader(); final InputStream stream = actualClassLoader.getResourceAsStream(resourceName); @@ -2849,6 +2867,11 @@ static ProtocolSelector parseProtocolSelectorNamesType(ConfigurationXMLStreamRea return selector; } + + static ConfigXMLParseException invalidPortNumber(final ConfigurationXMLStreamReader reader, final int index) throws ConfigXMLParseException { + return xmlLog.xmlInvalidPortNumber(reader, reader.getAttributeValueResolved(index), reader.getAttributeLocalName(index), reader.getName()); + } + /** * Parse an XML element of type {@code module-ref-type} from an XML reader. * diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/InvalidAuthenticationConfigurationException.java b/auth/client/src/main/java/org/wildfly/security/auth/client/InvalidAuthenticationConfigurationException.java index 2c97b5901ad..5b05d271fa0 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/InvalidAuthenticationConfigurationException.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/InvalidAuthenticationConfigurationException.java @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.wildfly.security.auth.client; /** diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/_private/ElytronMessages.java b/auth/client/src/main/java/org/wildfly/security/auth/client/_private/ElytronMessages.java index 995e106aeae..352654b7212 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/_private/ElytronMessages.java +++ b/auth/client/src/main/java/org/wildfly/security/auth/client/_private/ElytronMessages.java @@ -40,7 +40,6 @@ import org.wildfly.client.config.ConfigXMLParseException; import org.wildfly.client.config.ConfigurationXMLStreamReader; import org.wildfly.client.config.XMLLocation; -import org.wildfly.security.auth.client.EncryptedExpressionResolutionException; /** * Log messages and exceptions for Elytron. @@ -76,11 +75,11 @@ public interface ElytronMessages extends BasicLogger { @Message(id = 1001, value = "No module found for identifier \"%s\"") ConfigXMLParseException xmlNoModuleFound(@Param XMLStreamReader reader, @Cause Exception e, - String moduleIdentifier); + String moduleIdentifier); @Message(id = 1002, value = "Invalid port number \"%s\" specified for attribute \"%s\" of element \"%s\"; expected a numerical value between 1 and 65535 (inclusive)") ConfigXMLParseException xmlInvalidPortNumber(@Param XMLStreamReader reader, String attributeValue, - String attributeName, QName elementName); + String attributeName, QName elementName); @Message(id = 1028, value = "Invalid port number \"%d\"") IllegalArgumentException invalidPortNumber(int port); @@ -118,7 +117,7 @@ ConfigXMLParseException xmlInvalidPortNumber(@Param XMLStreamReader reader, Stri @Message(id = 1134, value = "Duplicate authentication configuration name \"%s\"") ConfigXMLParseException xmlDuplicateAuthenticationConfigurationName(String name, - @Param ConfigurationXMLStreamReader reader); + @Param ConfigurationXMLStreamReader reader); @Message(id = 1135, value = "Failed to load keystore data") ConfigXMLParseException xmlFailedToLoadKeyStoreData(@Param Location location, @Cause Throwable cause); @@ -128,14 +127,14 @@ ConfigXMLParseException xmlDuplicateAuthenticationConfigurationName(String name, @Message(id = 1137, value = "Invalid key store entry type for alias \"%s\" (expected %s, got %s)") ConfigXMLParseException xmlInvalidKeyStoreEntryType(@Param Location location, String alias, Class expectedClass, - Class actualClass); + Class actualClass); @Message(id = 1139, value = "Failed to create credential store") ConfigXMLParseException xmlFailedToCreateCredentialStore(@Param Location location, @Cause Throwable cause); @Message(id = 1140, value = "Wrong PEM content type; expected %s, actually was %s") ConfigXMLParseException xmlWrongPemType(@Param ConfigurationXMLStreamReader reader, Class expected, - Class actual); + Class actual); @Message(id = 1141, value = "No PEM content found") ConfigXMLParseException xmlNoPemContent(@Param ConfigurationXMLStreamReader reader); @@ -151,11 +150,11 @@ ConfigXMLParseException xmlWrongPemType(@Param ConfigurationXMLStreamReader read @Message(id = 1163, value = "Mechanism OID conversion from string \"%s\" failed") ConfigXMLParseException xmlGssMechanismOidConversionFailed(@Param XMLStreamReader reader, String mechanismOid, - @Cause Throwable cause); + @Cause Throwable cause); @Message(id = 1164, value = "Unable to identify provider name=%s, for service type=%s, algorithm=%s") ConfigXMLParseException xmlUnableToIdentifyProvider(@Param Location location, String providerName, - String serviceType, String algorithm); + String serviceType, String algorithm); @LogMessage(level = WARN) @Message(id = 1166, value = "%2$s: Element \"%1$s\" is deprecated") @@ -215,28 +214,4 @@ ConfigXMLParseException xmlUnableToIdentifyProvider(@Param Location location, St @Message(id = 14008, value = "WildFlyElytronClientDefaultSSLContextProvider could not obtain client default SSLContext") NoSuchAlgorithmException couldNotObtainClientDefaultSSLContext(); - @Message(id = 14009, value = "The expression '%s' does not specify a resolver and no default is defined.") - EncryptedExpressionResolutionException expressionResolutionWithoutResolver(String expression); - - @Message(id = 14010, value = "The expression '%s' specifies a resolver configuration which does not exist.") - EncryptedExpressionResolutionException invalidResolver(String expression); - - @Message(id = 14011, value = "Unable to load credential from credential store.") - EncryptedExpressionResolutionException unableToLoadCredential(@Cause Throwable cause); - - @Message(id = 14012, value = "Unable to decrypt expression '%s'.") - EncryptedExpressionResolutionException unableToDecryptExpression(String expression, @Cause Throwable cause); - - @Message(id = 14013, value = "The name of the resolver to use was not specified and no default-resolver has been defined.") - EncryptedExpressionResolutionException noResolverSpecifiedAndNoDefault(); - - @Message(id = 14014, value = "No expression resolver has been defined with the name '%s'.") - EncryptedExpressionResolutionException noResolverWithSpecifiedName(String name); - - @Message(id = 14015, value = "Credential alias '%s' of credential type '%s' does not exist in the store") - EncryptedExpressionResolutionException credentialDoesNotExist(String alias, String credentialType); - - @Message(id = 14016, value = "Unable to encrypt the supplied clear text.") - EncryptedExpressionResolutionException unableToEncryptClearText(@Cause Throwable cause); - } diff --git a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java index 2b04bf1ca19..20d31220c4c 100644 --- a/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java +++ b/auth/realm/base/src/main/java/org/wildfly/security/auth/realm/FileSystemSecurityRealm.java @@ -131,7 +131,7 @@ import org.wildfly.security.credential.PasswordCredential; import org.wildfly.security.credential.PublicKeyCredential; import org.wildfly.security.credential.X509CertificateChainPublicCredential; -import org.wildfly.security.encryption.CipherUtil; +import org.wildfly.security.encryption.base.CipherUtil; import org.wildfly.security.evidence.Evidence; import org.wildfly.security.password.Password; import org.wildfly.security.password.PasswordFactory; diff --git a/credential/store/pom.xml b/credential/store/pom.xml index 64cc030f524..17f11095e7d 100644 --- a/credential/store/pom.xml +++ b/credential/store/pom.xml @@ -36,6 +36,10 @@ WildFly Security Credential Store SPIs and implementaions + + org.wildfly.client + wildfly-client-config + org.wildfly.security wildfly-elytron-asn1 diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/CredentialStoreFactory.java b/credential/store/src/main/java/org/wildfly/security/credential/store/CredentialStoreFactory.java similarity index 87% rename from auth/client/src/main/java/org/wildfly/security/auth/client/CredentialStoreFactory.java rename to credential/store/src/main/java/org/wildfly/security/credential/store/CredentialStoreFactory.java index 7d10c69ae56..24223563450 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/CredentialStoreFactory.java +++ b/credential/store/src/main/java/org/wildfly/security/credential/store/CredentialStoreFactory.java @@ -15,22 +15,21 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.wildfly.security.auth.client; +package org.wildfly.security.credential.store; -import static org.wildfly.common.Assert.checkNotNullParam; -import static org.wildfly.security.auth.client._private.ElytronMessages.xmlLog; +import org.wildfly.client.config.ConfigXMLParseException; +import org.wildfly.client.config.XMLLocation; +import org.wildfly.common.function.ExceptionSupplier; +import org.wildfly.security.credential.source.CredentialSource; +import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore; import java.security.GeneralSecurityException; import java.security.Provider; import java.util.Map; import java.util.function.Supplier; -import org.wildfly.client.config.ConfigXMLParseException; -import org.wildfly.client.config.XMLLocation; -import org.wildfly.common.function.ExceptionSupplier; -import org.wildfly.security.credential.source.CredentialSource; -import org.wildfly.security.credential.store.CredentialStore; -import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore; +import static org.wildfly.common.Assert.checkNotNullParam; +import static org.wildfly.security.credential.store._private.ElytronMessages.log; /** * Factory which can create instance of {@link CredentialStore} from supplied information. @@ -38,7 +37,7 @@ * * @author Peter Skopek */ -final class CredentialStoreFactory implements ExceptionSupplier { +public final class CredentialStoreFactory implements ExceptionSupplier { private final String name; private final String type; @@ -59,7 +58,7 @@ final class CredentialStoreFactory implements ExceptionSupplier attributes, String providerName, XMLLocation location, ExceptionSupplier supplier, Supplier providers) { + public CredentialStoreFactory(String name, String type, Map attributes, String providerName, XMLLocation location, ExceptionSupplier supplier, Supplier providers) { this.name = checkNotNullParam("name", name); this.attributes = checkNotNullParam("attributes", attributes); this.type = type == null ? KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE : type; @@ -87,7 +86,7 @@ public CredentialStore get() throws ConfigXMLParseException { credentialStore.initialize(attributes, credentialSource == null ? null : new CredentialStore.CredentialSourceProtectionParameter(credentialSource.get())); } } catch (GeneralSecurityException e) { - throw xmlLog.xmlFailedToCreateCredentialStore(location, e); + throw log.xmlFailedToCreateCredentialStore(location, e); } return credentialStore; } diff --git a/credential/store/src/main/java/org/wildfly/security/credential/store/_private/ElytronMessages.java b/credential/store/src/main/java/org/wildfly/security/credential/store/_private/ElytronMessages.java index dce21d1b0e5..5d1227b6e01 100644 --- a/credential/store/src/main/java/org/wildfly/security/credential/store/_private/ElytronMessages.java +++ b/credential/store/src/main/java/org/wildfly/security/credential/store/_private/ElytronMessages.java @@ -31,13 +31,17 @@ import org.jboss.logging.annotations.LogMessage; import org.jboss.logging.annotations.Message; import org.jboss.logging.annotations.MessageLogger; +import org.jboss.logging.annotations.Param; import org.jboss.logging.annotations.ValidIdRange; import org.jboss.logging.annotations.ValidIdRanges; +import org.wildfly.client.config.ConfigXMLParseException; import org.wildfly.security.credential.store.CredentialStoreException; import org.wildfly.security.credential.Credential; import org.wildfly.security.credential.store.CredentialStore; import org.wildfly.security.credential.store.UnsupportedCredentialTypeException; +import javax.xml.stream.Location; + /** * Log messages and exceptions for Elytron. * @@ -159,4 +163,7 @@ CredentialStoreException invalidCredentialStoreEntryType(Classorg.wildfly.security wildfly-elytron-parent 2.3.1.CR1-SNAPSHOT + ../../pom.xml 4.0.0 diff --git a/encryption/src/main/java/org/wildfly/security/encryption/CipherUtil.java b/encryption/base/src/main/java/org/wildfly/security/encryption/base/CipherUtil.java similarity index 92% rename from encryption/src/main/java/org/wildfly/security/encryption/CipherUtil.java rename to encryption/base/src/main/java/org/wildfly/security/encryption/base/CipherUtil.java index ad06b5ca01a..33535412ea4 100644 --- a/encryption/src/main/java/org/wildfly/security/encryption/CipherUtil.java +++ b/encryption/base/src/main/java/org/wildfly/security/encryption/base/CipherUtil.java @@ -14,14 +14,14 @@ * limitations under the License. */ -package org.wildfly.security.encryption; +package org.wildfly.security.encryption.base; import static org.wildfly.common.Assert.checkNotNullParam; -import static org.wildfly.security.encryption.Common.CIPHER_TEXT_IDENTIFIER; -import static org.wildfly.security.encryption.Common.CIPHER_TEXT_NAME; -import static org.wildfly.security.encryption.Common.VERSION; -import static org.wildfly.security.encryption.Common.toName; -import static org.wildfly.security.encryption.ElytronMessages.log; +import static org.wildfly.security.encryption.base.Common.CIPHER_TEXT_IDENTIFIER; +import static org.wildfly.security.encryption.base.Common.CIPHER_TEXT_NAME; +import static org.wildfly.security.encryption.base.Common.VERSION; +import static org.wildfly.security.encryption.base.Common.toName; +import static org.wildfly.security.encryption.base.ElytronMessages.log; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; diff --git a/encryption/src/main/java/org/wildfly/security/encryption/Common.java b/encryption/base/src/main/java/org/wildfly/security/encryption/base/Common.java similarity index 96% rename from encryption/src/main/java/org/wildfly/security/encryption/Common.java rename to encryption/base/src/main/java/org/wildfly/security/encryption/base/Common.java index 277e81778ea..430ee6bce17 100644 --- a/encryption/src/main/java/org/wildfly/security/encryption/Common.java +++ b/encryption/base/src/main/java/org/wildfly/security/encryption/base/Common.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.wildfly.security.encryption; +package org.wildfly.security.encryption.base; /** * Common methods and attributes shared by both utilities. diff --git a/encryption/src/main/java/org/wildfly/security/encryption/ElytronMessages.java b/encryption/base/src/main/java/org/wildfly/security/encryption/base/ElytronMessages.java similarity index 97% rename from encryption/src/main/java/org/wildfly/security/encryption/ElytronMessages.java rename to encryption/base/src/main/java/org/wildfly/security/encryption/base/ElytronMessages.java index 3169cc9c373..bbbd8be8e31 100644 --- a/encryption/src/main/java/org/wildfly/security/encryption/ElytronMessages.java +++ b/encryption/base/src/main/java/org/wildfly/security/encryption/base/ElytronMessages.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.wildfly.security.encryption; +package org.wildfly.security.encryption.base; import java.security.GeneralSecurityException; diff --git a/encryption/src/main/java/org/wildfly/security/encryption/SecretKeyUtil.java b/encryption/base/src/main/java/org/wildfly/security/encryption/base/SecretKeyUtil.java similarity index 90% rename from encryption/src/main/java/org/wildfly/security/encryption/SecretKeyUtil.java rename to encryption/base/src/main/java/org/wildfly/security/encryption/base/SecretKeyUtil.java index 5e5cd7050fa..c1b247531eb 100644 --- a/encryption/src/main/java/org/wildfly/security/encryption/SecretKeyUtil.java +++ b/encryption/base/src/main/java/org/wildfly/security/encryption/base/SecretKeyUtil.java @@ -14,14 +14,14 @@ * limitations under the License. */ -package org.wildfly.security.encryption; +package org.wildfly.security.encryption.base; import static org.wildfly.common.Assert.checkNotNullParam; -import static org.wildfly.security.encryption.Common.SECRET_KEY_IDENTIFIER; -import static org.wildfly.security.encryption.Common.SECRET_KEY_NAME; -import static org.wildfly.security.encryption.Common.VERSION; -import static org.wildfly.security.encryption.Common.toName; -import static org.wildfly.security.encryption.ElytronMessages.log; +import static org.wildfly.security.encryption.base.Common.SECRET_KEY_IDENTIFIER; +import static org.wildfly.security.encryption.base.Common.SECRET_KEY_NAME; +import static org.wildfly.security.encryption.base.Common.VERSION; +import static org.wildfly.security.encryption.base.Common.toName; +import static org.wildfly.security.encryption.base.ElytronMessages.log; import java.security.GeneralSecurityException; import java.security.SecureRandom; diff --git a/encryption/src/main/java/org/wildfly/security/encryption/package-info.java b/encryption/base/src/main/java/org/wildfly/security/encryption/base/package-info.java similarity index 94% rename from encryption/src/main/java/org/wildfly/security/encryption/package-info.java rename to encryption/base/src/main/java/org/wildfly/security/encryption/base/package-info.java index 4371b8d928b..9f6d0d9cc2e 100644 --- a/encryption/src/main/java/org/wildfly/security/encryption/package-info.java +++ b/encryption/base/src/main/java/org/wildfly/security/encryption/base/package-info.java @@ -19,4 +19,4 @@ * * @author Darran Lofthouse */ -package org.wildfly.security.encryption; \ No newline at end of file +package org.wildfly.security.encryption.base; \ No newline at end of file diff --git a/encryption/src/test/java/org/wildfly/security/encryption/CipherUtilTest.java b/encryption/base/src/test/java/org/wildfly/security/encryption/base/CipherUtilTest.java similarity index 89% rename from encryption/src/test/java/org/wildfly/security/encryption/CipherUtilTest.java rename to encryption/base/src/test/java/org/wildfly/security/encryption/base/CipherUtilTest.java index c3351f7c136..e148826ca15 100644 --- a/encryption/src/test/java/org/wildfly/security/encryption/CipherUtilTest.java +++ b/encryption/base/src/test/java/org/wildfly/security/encryption/base/CipherUtilTest.java @@ -14,15 +14,15 @@ * limitations under the License. */ -package org.wildfly.security.encryption; +package org.wildfly.security.encryption.base; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; -import static org.wildfly.security.encryption.CipherUtil.decrypt; -import static org.wildfly.security.encryption.CipherUtil.encrypt; -import static org.wildfly.security.encryption.Common.SECRET_KEY_IDENTIFIER; -import static org.wildfly.security.encryption.Common.VERSION; -import static org.wildfly.security.encryption.SecretKeyUtil.generateSecretKey; +import static org.wildfly.security.encryption.base.CipherUtil.decrypt; +import static org.wildfly.security.encryption.base.CipherUtil.encrypt; +import static org.wildfly.security.encryption.base.Common.SECRET_KEY_IDENTIFIER; +import static org.wildfly.security.encryption.base.Common.VERSION; +import static org.wildfly.security.encryption.base.SecretKeyUtil.generateSecretKey; import java.security.GeneralSecurityException; diff --git a/encryption/src/test/java/org/wildfly/security/encryption/SecretKeyUtilTest.java b/encryption/base/src/test/java/org/wildfly/security/encryption/base/SecretKeyUtilTest.java similarity index 89% rename from encryption/src/test/java/org/wildfly/security/encryption/SecretKeyUtilTest.java rename to encryption/base/src/test/java/org/wildfly/security/encryption/base/SecretKeyUtilTest.java index af97d919dbf..7f1f2564af3 100644 --- a/encryption/src/test/java/org/wildfly/security/encryption/SecretKeyUtilTest.java +++ b/encryption/base/src/test/java/org/wildfly/security/encryption/base/SecretKeyUtilTest.java @@ -16,17 +16,17 @@ * limitations under the License. */ -package org.wildfly.security.encryption; +package org.wildfly.security.encryption.base; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; -import static org.wildfly.security.encryption.Common.CIPHER_TEXT_IDENTIFIER; -import static org.wildfly.security.encryption.Common.VERSION; -import static org.wildfly.security.encryption.SecretKeyUtil.exportSecretKey; -import static org.wildfly.security.encryption.SecretKeyUtil.generateSecretKey; -import static org.wildfly.security.encryption.SecretKeyUtil.importSecretKey; +import static org.wildfly.security.encryption.base.Common.CIPHER_TEXT_IDENTIFIER; +import static org.wildfly.security.encryption.base.Common.VERSION; +import static org.wildfly.security.encryption.base.SecretKeyUtil.exportSecretKey; +import static org.wildfly.security.encryption.base.SecretKeyUtil.generateSecretKey; +import static org.wildfly.security.encryption.base.SecretKeyUtil.importSecretKey; import java.security.GeneralSecurityException; diff --git a/encryption/client/pom.xml b/encryption/client/pom.xml new file mode 100644 index 00000000000..c062ab7cd9f --- /dev/null +++ b/encryption/client/pom.xml @@ -0,0 +1,104 @@ + + + + + + + org.wildfly.security + wildfly-elytron-parent + 2.3.0.CR1-SNAPSHOT + ../../pom.xml + + + 4.0.0 + + wildfly-elytron-encryption-client + + WildFly Elytron - Encryption Client + WildFly Encryption Client + + + + org.wildfly.security + wildfly-elytron-auth-util + + + org.wildfly.security + wildfly-elytron-credential + + + org.wildfly.security + wildfly-elytron-credential-store + + + org.wildfly.security + wildfly-elytron-mechanism + + + org.wildfly.client + wildfly-client-config + + + org.wildfly.common + wildfly-common + + + + jakarta.json + jakarta.json-api + provided + + + org.jboss.logging + jboss-logging-annotations + provided + + + org.jboss.logging + jboss-logging + provided + + + org.jboss.logging + jboss-logging-processor + provided + + + + org.kohsuke.metainf-services + metainf-services + provided + + + + + junit + junit + test + + + org.jmockit + jmockit + test + + + + diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/DefaultEncryptionClientContextProvider.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/DefaultEncryptionClientContextProvider.java similarity index 96% rename from auth/client/src/main/java/org/wildfly/security/auth/client/DefaultEncryptionClientContextProvider.java rename to encryption/client/src/main/java/org/wildfly/security/encryption/client/DefaultEncryptionClientContextProvider.java index a449e7b0fc5..6c990cee2ff 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/DefaultEncryptionClientContextProvider.java +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/DefaultEncryptionClientContextProvider.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; import static java.security.AccessController.doPrivileged; diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptedExpressionResolutionException.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptedExpressionResolutionException.java similarity index 96% rename from auth/client/src/main/java/org/wildfly/security/auth/client/EncryptedExpressionResolutionException.java rename to encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptedExpressionResolutionException.java index 8d8224b8b33..fc65ed99cf4 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptedExpressionResolutionException.java +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptedExpressionResolutionException.java @@ -15,8 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; /** * An exception class that is thrown when an issues related to the expression resolution are encountered. diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptedExpressionResolver.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptedExpressionResolver.java similarity index 84% rename from auth/client/src/main/java/org/wildfly/security/auth/client/EncryptedExpressionResolver.java rename to encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptedExpressionResolver.java index 7b020a43516..248912ffb13 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptedExpressionResolver.java +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptedExpressionResolver.java @@ -15,12 +15,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; import org.wildfly.security.credential.SecretKeyCredential; import org.wildfly.security.credential.store.CredentialStore; import org.wildfly.security.credential.store.CredentialStoreException; +import org.wildfly.security.encryption.client._private.ElytronMessages; import javax.crypto.SecretKey; import java.security.GeneralSecurityException; @@ -28,10 +28,8 @@ import java.util.Map; import static org.wildfly.common.Assert.checkNotNullParam; -import static org.wildfly.security.auth.client._private.ElytronMessages.xmlLog; -import static org.wildfly.security.encryption.CipherUtil.decrypt; -import static org.wildfly.security.encryption.CipherUtil.encrypt; - +import static org.wildfly.security.encryption.base.CipherUtil.decrypt; +import static org.wildfly.security.encryption.base.CipherUtil.encrypt; /** * A class used to resolve encrypted expressions using secret key within credential stores. @@ -69,15 +67,15 @@ private String resolveExpressionInternal(String fullExpression, EncryptionClient int delimiter = expression.indexOf(':', completePrefix.length()); String resolver = delimiter > 0 ? expression.substring(completePrefix.length(), delimiter) : defaultResolver; if (resolver == null) { - throw xmlLog.expressionResolutionWithoutResolver(fullExpression); + throw ElytronMessages.xmlLog.expressionResolutionWithoutResolver(fullExpression); } ResolverConfiguration resolverConfiguration = resolverConfigurations.get(resolver); if (resolverConfiguration == null) { - throw xmlLog.invalidResolver(fullExpression); + throw ElytronMessages.xmlLog.invalidResolver(fullExpression); } - xmlLog.tracef("Attempting to decrypt expression '%s' using credential store '%s' and alias '%s'.", + ElytronMessages.xmlLog.tracef("Attempting to decrypt expression '%s' using credential store '%s' and alias '%s'.", fullExpression, resolverConfiguration.credentialStore, resolverConfiguration.alias); CredentialStore credentialStore = config.getCredentialStoreMap().get(getResolverConfiguration().get(resolver).getCredentialStore()); SecretKey secretKey; @@ -86,7 +84,7 @@ private String resolveExpressionInternal(String fullExpression, EncryptionClient SecretKeyCredential.class); secretKey = credential.getSecretKey(); } catch (CredentialStoreException e) { - throw xmlLog.unableToLoadCredential(e); + throw ElytronMessages.xmlLog.unableToLoadCredential(e); } String token = expression.substring(expression.lastIndexOf(':') + 1); @@ -94,7 +92,7 @@ private String resolveExpressionInternal(String fullExpression, EncryptionClient try { return decrypt(token, secretKey); } catch (GeneralSecurityException e) { - throw xmlLog.unableToDecryptExpression(fullExpression, e); + throw ElytronMessages.xmlLog.unableToDecryptExpression(fullExpression, e); } } } @@ -108,12 +106,12 @@ public String createExpression(final String clearText, EncryptionClientConfigura public String createExpression(final String resolver, final String clearText, EncryptionClientConfiguration config) { String resolvedResolver = resolver != null ? resolver : defaultResolver; if (resolvedResolver == null) { - throw xmlLog.noResolverSpecifiedAndNoDefault(); + throw ElytronMessages.xmlLog.noResolverSpecifiedAndNoDefault(); } ResolverConfiguration resolverConfiguration = resolverConfigurations.get(resolvedResolver); if (resolverConfiguration == null) { - throw xmlLog.noResolverWithSpecifiedName(resolvedResolver); + throw ElytronMessages.xmlLog.noResolverWithSpecifiedName(resolvedResolver); } CredentialStore credentialStore = config.getCredentialStoreMap().get(getResolverConfiguration().get(resolvedResolver).getCredentialStore()); @@ -121,18 +119,18 @@ public String createExpression(final String resolver, final String clearText, En try { SecretKeyCredential credential = credentialStore.retrieve(resolverConfiguration.getAlias(), SecretKeyCredential.class); if (credential == null) { - throw xmlLog.credentialDoesNotExist(resolverConfiguration.getAlias(), SecretKeyCredential.class.getSimpleName()); + throw ElytronMessages.xmlLog.credentialDoesNotExist(resolverConfiguration.getAlias(), SecretKeyCredential.class.getSimpleName()); } secretKey = credential.getSecretKey(); } catch (CredentialStoreException e) { - throw xmlLog.unableToLoadCredential(e); + throw ElytronMessages.xmlLog.unableToLoadCredential(e); } String cipherTextToken; try { cipherTextToken = encrypt(clearText, secretKey); } catch (GeneralSecurityException e) { - throw xmlLog.unableToEncryptClearText(e); + throw ElytronMessages.xmlLog.unableToEncryptClearText(e); } String expression = resolver == null ? String.format("${%s::%s:%s}", prefix, defaultResolver, cipherTextToken) diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptionClientConfiguration.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptionClientConfiguration.java similarity index 98% rename from auth/client/src/main/java/org/wildfly/security/auth/client/EncryptionClientConfiguration.java rename to encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptionClientConfiguration.java index 2d4cf681422..b6b12616bac 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptionClientConfiguration.java +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptionClientConfiguration.java @@ -15,8 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; import org.wildfly.common.Assert; import org.wildfly.security.auth.server.IdentityCredentials; @@ -110,6 +109,10 @@ public EncryptionClientConfiguration useCredential(Credential credential) { } } + public EncryptedExpressionResolver getEncryptedExpressionResolver() { + return encryptedExpressionResolver; + } + public void setCredentialStoreMap(Map credentialStoreMap) { this.credentialStoreMap = credentialStoreMap; } diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptionClientContext.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptionClientContext.java similarity index 92% rename from auth/client/src/main/java/org/wildfly/security/auth/client/EncryptionClientContext.java rename to encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptionClientContext.java index f2857a6ec35..e0b3e94f9ec 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/EncryptionClientContext.java +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/EncryptionClientContext.java @@ -15,8 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; import org.wildfly.common.context.ContextManager; import org.wildfly.common.context.Contextual; @@ -56,6 +55,18 @@ public final class EncryptionClientContext implements Contextual PROVIDER_SUPPLIER = ProviderFactory.getElytronProviderSupplier(EncryptionClientXmlParser.class.getClassLoader()); - private static final Supplier DEFAULT_PROVIDER_SUPPLIER = ProviderUtil.aggregate(PROVIDER_SUPPLIER, INSTALLED_PROVIDERS); + private static final Supplier DEFAULT_PROVIDER_SUPPLIER = ProviderUtil.aggregate(PROVIDER_SUPPLIER, ProviderUtil.INSTALLED_PROVIDERS); static final Map KNOWN_NAMESPACES; static final String PREFIX = "ENC"; @@ -181,9 +180,8 @@ static SecurityFactory parseEncryptionClientType(Config requireNoAttributes(reader); Map> credentialStoresMap = new HashMap<>(); Map resolverMap = new HashMap<>(); - final ElytronXmlParser.DeferredSupplier providersSupplier = new DeferredSupplier<>(DEFAULT_PROVIDER_SUPPLIER); + final DeferredSupplier providersSupplier = new DeferredSupplier<>(DEFAULT_PROVIDER_SUPPLIER); String defaultResolverName = null; - boolean netAuthenticator = false; int foundBits = 0; while (reader.hasNext()) { final int tag = reader.nextTag(); @@ -206,9 +204,6 @@ static SecurityFactory parseEncryptionClientType(Config } } else if (tag == END_ELEMENT) { assert reader.getLocalName().equals("encryption-client"); - if (netAuthenticator) { - Authenticator.setDefault(new ElytronAuthenticator()); - } EncryptionClientConfiguration encryptedExpressionConfig = new EncryptionClientConfiguration(); // validate key and credential stores... @@ -301,7 +296,7 @@ private static void parseCredentialStoreType(ConfigurationXMLStreamReader reader final Map attributesMap = new HashMap<>(); int foundBits = 0; ExceptionSupplier credentialSourceSupplier = null; - ElytronXmlParser.DeferredSupplier providersSupplier = new ElytronXmlParser.DeferredSupplier<>(providers); + DeferredSupplier providersSupplier = new DeferredSupplier<>(providers); while (reader.hasNext()) { final int tag = reader.nextTag(); if (tag == START_ELEMENT) { @@ -538,16 +533,21 @@ static Supplier parseProvidersType(ConfigurationXMLStreamReader read if (isSet(foundBits, 1)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 1); parseEmptyType(reader); - providerSupplier = providerSupplier == null ? INSTALLED_PROVIDERS : ProviderUtil.aggregate(providerSupplier, INSTALLED_PROVIDERS); + providerSupplier = providerSupplier == null ? ProviderUtil.INSTALLED_PROVIDERS : ProviderUtil.aggregate(providerSupplier, ProviderUtil.INSTALLED_PROVIDERS); break; } case "use-service-loader": { if (isSet(foundBits, 2)) throw reader.unexpectedElement(); foundBits = setBit(foundBits, 2); final String moduleName = parseModuleRefType(reader); - Supplier serviceLoaderSupplier = (moduleName == null) ? - PROVIDER_SUPPLIER : - new ProviderServiceLoaderSupplier(ModuleLoader.getClassLoaderFromModule(reader, moduleName)); + Supplier serviceLoaderSupplier; + try { + serviceLoaderSupplier = (moduleName == null) ? + PROVIDER_SUPPLIER : + new ProviderServiceLoaderSupplier(ModuleLoader.getClassLoaderFromModule(moduleName)); + } catch (ModuleLoadException e) { + throw xmlLog.xmlNoModuleFound(reader, e, moduleName); + } providerSupplier = providerSupplier == null ? serviceLoaderSupplier : ProviderUtil.aggregate(providerSupplier, serviceLoaderSupplier); break; } @@ -562,6 +562,40 @@ static Supplier parseProvidersType(ConfigurationXMLStreamReader read throw reader.unexpectedDocumentEnd(); } + /** + * Parse an XML element of type {@code module-ref-type} from an XML reader. + * + * @param reader the XML stream reader + * @return the corresponding module name + * @throws ConfigXMLParseException if the resource failed to be parsed or the module is not found + */ + static String parseModuleRefType(ConfigurationXMLStreamReader reader) throws ConfigXMLParseException { + final int attributeCount = reader.getAttributeCount(); + String moduleName = null; + for (int i = 0; i < attributeCount; i ++) { + checkAttributeNamespace(reader, i); + switch (reader.getAttributeLocalName(i)) { + case "module-name": { + moduleName = reader.getAttributeValueResolved(i); + break; + } + default: throw reader.unexpectedAttribute(i); + } + } + + if (reader.hasNext()) { + final int tag = reader.nextTag(); + if (tag == START_ELEMENT) { + throw reader.unexpectedElement(); + } else if (tag == END_ELEMENT) { + return moduleName; + } else { + throw reader.unexpectedContent(); + } + } + throw reader.unexpectedDocumentEnd(); + } + /** * Parse an XML element of type {@code clear-password-type} from an XML reader. * @@ -728,4 +762,26 @@ private static String namespacesToString() { return namespaces.toString(); } + + static final class DeferredSupplier implements Supplier { + + private volatile Supplier supplier; + private T value; + + DeferredSupplier(Supplier supplier) { + checkNotNullParam("supplier", supplier); + this.supplier = supplier; + } + + void setSupplier(Supplier supplier) { + checkNotNullParam("supplier", supplier); + this.supplier = supplier; + } + + @Override + public T get() { + return supplier.get(); + } + + } } diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/InvalidEncryptionClientConfigurationException.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/InvalidEncryptionClientConfigurationException.java similarity index 77% rename from auth/client/src/main/java/org/wildfly/security/auth/client/InvalidEncryptionClientConfigurationException.java rename to encryption/client/src/main/java/org/wildfly/security/encryption/client/InvalidEncryptionClientConfigurationException.java index a67269ad1ce..e48d87453e6 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/InvalidEncryptionClientConfigurationException.java +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/InvalidEncryptionClientConfigurationException.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; /** * An exception thrown to indicate that the encryption client @@ -36,6 +36,17 @@ public class InvalidEncryptionClientConfigurationException extends IllegalArgume public InvalidEncryptionClientConfigurationException() { } + /** + * Constructs a new {@code InvalidAuthenticationConfigurationException} instance with an initial cause. If a + * non-{@code null} cause is specified, its message is used to initialize the message of this {@code + * InvalidAuthenticationConfigurationException}; otherwise the message is left blank ({@code null}). + * + * @param cause the cause + */ + public InvalidEncryptionClientConfigurationException(final String cause) { + super(cause); + } + /** * Constructs a new {@code InvalidAuthenticationConfigurationException} instance with an initial cause. If a diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/WildFlyClientResolverProvider.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/WildFlyClientResolverProvider.java similarity index 97% rename from auth/client/src/main/java/org/wildfly/security/auth/client/WildFlyClientResolverProvider.java rename to encryption/client/src/main/java/org/wildfly/security/encryption/client/WildFlyClientResolverProvider.java index 8e68e3a4696..1ae94d0e8ca 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/WildFlyClientResolverProvider.java +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/WildFlyClientResolverProvider.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; import org.kohsuke.MetaInfServices; import org.wildfly.client.config.ResolverProvider; diff --git a/encryption/client/src/main/java/org/wildfly/security/encryption/client/_private/ElytronMessages.java b/encryption/client/src/main/java/org/wildfly/security/encryption/client/_private/ElytronMessages.java new file mode 100644 index 00000000000..2cc9beaf7b8 --- /dev/null +++ b/encryption/client/src/main/java/org/wildfly/security/encryption/client/_private/ElytronMessages.java @@ -0,0 +1,104 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2024 Red Hat, Inc., and individual contributors + * as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.encryption.client._private; + +import org.jboss.logging.BasicLogger; +import org.jboss.logging.Logger; +import org.jboss.logging.annotations.Cause; +import org.jboss.logging.annotations.Message; +import org.jboss.logging.annotations.MessageLogger; +import org.jboss.logging.annotations.Param; +import org.jboss.logging.annotations.ValidIdRange; +import org.jboss.logging.annotations.ValidIdRanges; + +import org.wildfly.client.config.ConfigXMLParseException; +import org.wildfly.security.encryption.client.EncryptedExpressionResolutionException; + +import javax.xml.stream.Location; +import javax.xml.stream.XMLStreamReader; + +/** + * Log messages and exceptions for Encryption Client. + * + * @author Prarthona Paul + */ + +@MessageLogger(projectCode = "ELY", length = 5) +@ValidIdRanges({ + @ValidIdRange(min = 1001, max = 1002), + @ValidIdRange(min = 1028, max = 1029), + @ValidIdRange(min = 1035, max = 1036), + @ValidIdRange(min = 1041, max = 1041), + @ValidIdRange(min = 1064, max = 1064), + @ValidIdRange(min = 1091, max = 1091), + @ValidIdRange(min = 1129, max = 1144), + @ValidIdRange(min = 1159, max = 1159), + @ValidIdRange(min = 1162, max = 1164), + @ValidIdRange(min = 1166, max = 1166), + @ValidIdRange(min = 2034, max = 2034), + @ValidIdRange(min = 2010, max = 2010), + @ValidIdRange(min = 4005, max = 4005), + @ValidIdRange(min = 4028, max = 4028), + @ValidIdRange(min = 9501, max = 9503), + @ValidIdRange(min = 9527, max = 9527), + @ValidIdRange(min = 9529, max = 9529), + @ValidIdRange(min = 14000, max = 14999) +}) +public interface ElytronMessages extends BasicLogger { + + ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security"); + ElytronMessages xmlLog = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security.xml"); + + @Message(id = 14009, value = "The expression '%s' does not specify a resolver and no default is defined.") + EncryptedExpressionResolutionException expressionResolutionWithoutResolver(String expression); + + @Message(id = 14010, value = "The expression '%s' specifies a resolver configuration which does not exist.") + EncryptedExpressionResolutionException invalidResolver(String expression); + + @Message(id = 14011, value = "Unable to load credential from credential store.") + EncryptedExpressionResolutionException unableToLoadCredential(@Cause Throwable cause); + + @Message(id = 14012, value = "Unable to decrypt expression '%s'.") + EncryptedExpressionResolutionException unableToDecryptExpression(String expression, @Cause Throwable cause); + + @Message(id = 14013, value = "The name of the resolver to use was not specified and no default-resolver has been defined.") + EncryptedExpressionResolutionException noResolverSpecifiedAndNoDefault(); + + @Message(id = 14014, value = "No expression resolver has been defined with the name '%s'.") + EncryptedExpressionResolutionException noResolverWithSpecifiedName(String name); + + @Message(id = 14015, value = "Credential alias '%s' of credential type '%s' does not exist in the store") + EncryptedExpressionResolutionException credentialDoesNotExist(String alias, String credentialType); + + @Message(id = 14016, value = "Unable to encrypt the supplied clear text.") + EncryptedExpressionResolutionException unableToEncryptClearText(@Cause Throwable cause); + + @Message(id = 14017, value = "Duplicate attribute (\"%s\") found in configuration.") + ConfigXMLParseException duplicateAttributeFound(@Param XMLStreamReader reader, String attribute); + + @Message(id = 14018, value = "Failed to create credential") + ConfigXMLParseException xmlFailedToCreateCredential(@Param Location location, @Cause Throwable cause); + + @Message(id = 14019, value = "No module found for identifier \"%s\"") + ConfigXMLParseException xmlNoModuleFound(@Param XMLStreamReader reader, @Cause Exception e, + String moduleIdentifier); + + @Message(id = 14020, value = "Duplicate credential store name found in configuration \"%s\"") + ConfigXMLParseException duplicateCredentialStoreName(@Param XMLStreamReader reader, String storeName); +} \ No newline at end of file diff --git a/auth/client/src/main/resources/schema/encryption-client-1_0.xsd b/encryption/client/src/main/resources/schema/encryption-client-1_0.xsd similarity index 97% rename from auth/client/src/main/resources/schema/encryption-client-1_0.xsd rename to encryption/client/src/main/resources/schema/encryption-client-1_0.xsd index 7da7cb1520a..586fe97273e 100644 --- a/auth/client/src/main/resources/schema/encryption-client-1_0.xsd +++ b/encryption/client/src/main/resources/schema/encryption-client-1_0.xsd @@ -26,7 +26,7 @@ version="1.0"> + schemaLocation="../../auth/client/src/main/resources/schema/encryption-client-1_0.xsd"/> diff --git a/encryption/client/src/test/java/org/wildfly/security/encryption/client/EncryptedExpressionXMLParserTest.java b/encryption/client/src/test/java/org/wildfly/security/encryption/client/EncryptedExpressionXMLParserTest.java new file mode 100644 index 00000000000..4fdd9ef200f --- /dev/null +++ b/encryption/client/src/test/java/org/wildfly/security/encryption/client/EncryptedExpressionXMLParserTest.java @@ -0,0 +1,113 @@ +/* + * Copyright 2024 JBoss by Red Hat. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.wildfly.security.encryption.client; + +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.wildfly.security.SecurityFactory; +import org.wildfly.security.credential.SecretKeyCredential; +import org.wildfly.security.credential.store.CredentialStore; +import org.wildfly.security.encryption.base.SecretKeyUtil; + +import javax.crypto.SecretKey; +import java.io.File; +import java.net.URL; +import java.security.Provider; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.ServiceLoader; +import java.util.function.Supplier; + +/** + * A test class to test the XML parser for Encrypted Expression Client Schema. + * @author Prarthona Paul + */ + +public class EncryptedExpressionXMLParserTest { + + private static final File CREDSTORE_DIR = new File("./target/credstore"); + private static final String CLIENT_CREDSTORE_FILENAME = "/mycredstore.cs"; + + @Test + public void testEncryptedExpressionClient() throws Exception { + URL config = getClass().getResource("test-encryption-client-v1_0.xml"); + System.setProperty("wildfly.config.url", config.getPath()); + + SecurityFactory clientConfiguration = EncryptionClientXmlParser.parseEncryptionClientConfiguration(config.toURI()); + Assert.assertNotNull(clientConfiguration); + System.clearProperty("wildfly.config.url"); + } + + @BeforeClass + public static void prepareCredStores() throws Exception { + if (!CREDSTORE_DIR.exists()) { + CREDSTORE_DIR.mkdirs(); + } + + CredentialStore credentialStore = CredentialStore.getInstance("PropertiesCredentialStore", getProvidersSupplier()); + createCredentialStore(credentialStore, CREDSTORE_DIR, CLIENT_CREDSTORE_FILENAME); + + String credStorePath = CREDSTORE_DIR.getAbsolutePath().replace("/./", "/") + CLIENT_CREDSTORE_FILENAME; + System.setProperty("CREDSTORE_PATH_PROP", credStorePath); + Assert.assertEquals(credStorePath, System.getProperty("CREDSTORE_PATH_PROP")); + } + + public static Supplier getProvidersSupplier() { + return () -> { + ServiceLoader providerLoader = ServiceLoader.load(Provider.class); + Iterator providerIterator = providerLoader.iterator(); + List providers = new ArrayList<>(); + while (providerIterator.hasNext()) { + Provider provider = providerIterator.next(); + if (provider.getName().equals("WildFlyElytron")) continue; + providers.add(provider); + } + return providers.toArray(new Provider[providers.size()]); + }; + } + + + @AfterClass + public static void removeProvider() { + Assert.assertNotNull(System.clearProperty("CREDSTORE_PATH_PROP")); + Assert.assertTrue("Credential Store deleted", new File(CREDSTORE_DIR, CLIENT_CREDSTORE_FILENAME).delete()); + Assert.assertTrue("Credential store directory deleted", CREDSTORE_DIR.delete()); + } + + static void createCredentialStore(CredentialStore credentialStore, File credStoreDirectory, String credStoreFilename) throws Exception { + Map credentialStoreAttributes = new HashMap<>(); + credentialStoreAttributes.put("create", Boolean.TRUE.toString()); + credentialStoreAttributes.put("location", credStoreDirectory + credStoreFilename); + credentialStoreAttributes.put("modifiable", Boolean.TRUE.toString()); + credentialStore.initialize(credentialStoreAttributes); + + // store the first alias to back up the first test resolver + final SecretKey secretKey = SecretKeyUtil.generateSecretKey(256); + credentialStore.store("secretkey1", new SecretKeyCredential(secretKey)); + credentialStore.flush(); + + // store the second alias to back up the second test resolver + final SecretKey secretKey2 = SecretKeyUtil.generateSecretKey(256); + credentialStore.store("secretkey2", new SecretKeyCredential(secretKey2)); + credentialStore.flush(); + } +} \ No newline at end of file diff --git a/auth/client/src/test/java/org/wildfly/security/auth/client/EncryptionClientContextTest.java b/encryption/client/src/test/java/org/wildfly/security/encryption/client/EncryptionClientContextTest.java similarity index 95% rename from auth/client/src/test/java/org/wildfly/security/auth/client/EncryptionClientContextTest.java rename to encryption/client/src/test/java/org/wildfly/security/encryption/client/EncryptionClientContextTest.java index f1f6d3bf8d7..687b92fd3dc 100644 --- a/auth/client/src/test/java/org/wildfly/security/auth/client/EncryptionClientContextTest.java +++ b/encryption/client/src/test/java/org/wildfly/security/encryption/client/EncryptionClientContextTest.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.wildfly.security.auth.client; +package org.wildfly.security.encryption.client; import org.junit.AfterClass; import org.junit.Assert; @@ -26,8 +26,8 @@ import java.util.HashMap; import java.util.Map; -import static org.wildfly.security.auth.client.EncryptedExpressionXMLParserTest.createCredentialStore; -import static org.wildfly.security.auth.client.EncryptedExpressionXMLParserTest.getProvidersSupplier; +import static org.wildfly.security.encryption.client.EncryptedExpressionXMLParserTest.createCredentialStore; +import static org.wildfly.security.encryption.client.EncryptedExpressionXMLParserTest.getProvidersSupplier; /** * A test class to tests for functionalities within the {@link EncryptionClientConfiguration} and the diff --git a/auth/client/src/test/resources/org/wildfly/security/auth/client/test-encryption-client-v1_0.xml b/encryption/client/src/test/resources/org/wildfly/security/encryption/client/test-encryption-client-v1_0.xml similarity index 100% rename from auth/client/src/test/resources/org/wildfly/security/auth/client/test-encryption-client-v1_0.xml rename to encryption/client/src/test/resources/org/wildfly/security/encryption/client/test-encryption-client-v1_0.xml diff --git a/pom.xml b/pom.xml index 5123a99d215..4b8457951eb 100644 --- a/pom.xml +++ b/pom.xml @@ -506,6 +506,11 @@ wildfly-elytron-client ${project.version} + + org.wildfly.security + wildfly-elytron-encryption-client + ${project.version} + org.wildfly.security wildfly-elytron-credential-source-deprecated @@ -1380,7 +1385,8 @@ credential/source/deprecated credential/source/impl digest - encryption + encryption/base + encryption/client http/base http/basic http/bearer diff --git a/tests/base/pom.xml b/tests/base/pom.xml index 87feb928089..a1c3308ecff 100644 --- a/tests/base/pom.xml +++ b/tests/base/pom.xml @@ -386,6 +386,11 @@ wildfly-elytron-digest + + org.wildfly.security + wildfly-elytron-encryption-client + + org.wildfly.security wildfly-elytron-http diff --git a/tests/base/src/test/java/org/wildfly/security/auth/FileSystemSecurityRealmTest.java b/tests/base/src/test/java/org/wildfly/security/auth/FileSystemSecurityRealmTest.java index 55b023c5169..cf00722b39d 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/FileSystemSecurityRealmTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/FileSystemSecurityRealmTest.java @@ -74,7 +74,7 @@ import org.wildfly.security.authz.MapAttributes; import org.wildfly.security.credential.Credential; import org.wildfly.security.credential.PasswordCredential; -import org.wildfly.security.encryption.SecretKeyUtil; +import org.wildfly.security.encryption.base.SecretKeyUtil; import org.wildfly.security.evidence.PasswordGuessEvidence; import org.wildfly.security.password.Password; import org.wildfly.security.password.PasswordFactory; diff --git a/auth/client/src/test/java/org/wildfly/security/auth/client/EncryptedExpressionXMLParserTest.java b/tests/base/src/test/java/org/wildfly/security/auth/client/EncryptionClientParserWithAuthClientTest.java similarity index 65% rename from auth/client/src/test/java/org/wildfly/security/auth/client/EncryptedExpressionXMLParserTest.java rename to tests/base/src/test/java/org/wildfly/security/auth/client/EncryptionClientParserWithAuthClientTest.java index e1fcc3a203b..474752d1490 100644 --- a/auth/client/src/test/java/org/wildfly/security/auth/client/EncryptedExpressionXMLParserTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/client/EncryptionClientParserWithAuthClientTest.java @@ -1,19 +1,3 @@ -/* - * Copyright 2024 JBoss by Red Hat. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - package org.wildfly.security.auth.client; import org.junit.AfterClass; @@ -23,67 +7,40 @@ import org.wildfly.security.SecurityFactory; import org.wildfly.security.credential.SecretKeyCredential; import org.wildfly.security.credential.store.CredentialStore; -import org.wildfly.security.encryption.SecretKeyUtil; +import org.wildfly.security.encryption.base.SecretKeyUtil; +import org.wildfly.security.encryption.client.EncryptedExpressionResolutionException; +import org.wildfly.security.encryption.client.EncryptionClientContext; +import org.wildfly.security.encryption.client.EncryptionClientXmlParser; import javax.crypto.SecretKey; import java.io.File; import java.net.URL; import java.security.Provider; import java.util.ArrayList; +import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.HashMap; import java.util.ServiceLoader; import java.util.function.Supplier; -/** - * A test class to test the XML parser for Encrypted Expression Client Schema. - * @author Prarthona Paul - */ - -public class EncryptedExpressionXMLParserTest { +public class EncryptionClientParserWithAuthClientTest { private static final File CREDSTORE_DIR = new File("./target/credstore"); private static final String CLIENT_CREDSTORE_FILENAME = "/mycredstore.cs"; private static final String PASSWORD = "password"; - @Test - public void testEncryptedExpressionClient() throws Exception { - URL config = getClass().getResource("test-encryption-client-v1_0.xml"); - System.setProperty("wildfly.config.url", config.getPath()); - - SecurityFactory clientConfiguration = EncryptionClientXmlParser.parseEncryptionClientConfiguration(config.toURI()); - Assert.assertNotNull(clientConfiguration); - System.clearProperty("wildfly.config.url"); - } - - @Test - public void testUnableToDecryptWithAuthClient() throws Exception { - URL config = getClass().getResource("test-invalid-token-encryption-auth-client-v1_0.xml"); - System.setProperty("wildfly.config.url", config.getPath()); - try { - SecurityFactory clientConfiguration = EncryptionClientXmlParser.parseEncryptionClientConfiguration(config.toURI()); - EncryptionClientContext.getContextManager().setThreadDefault(clientConfiguration.create()); - SecurityFactory authClientConfiguration = ElytronXmlParser.parseAuthenticationClientConfiguration(config.toURI()); - } catch (EncryptedExpressionResolutionException e) { - Assert.assertTrue(e.getMessage().contains("Unable to decrypt expression")); - System.clearProperty("wildfly.config.url"); - } - } - @Test public void testEncryptedExpressionWithAuthClient() throws Exception { - URL config = getClass().getResource("test-encryption-auth-client-v1_0.xml"); + URL config = getClass().getResource("test-auth-client-encryption-client-v1_7.xml"); System.setProperty("wildfly.config.url", config.getPath()); SecurityFactory clientConfiguration = EncryptionClientXmlParser.parseEncryptionClientConfiguration(config.toURI()); EncryptionClientContext ctx = clientConfiguration.create(); EncryptionClientContext.getContextManager().setThreadDefault(ctx); - EncryptionClientConfiguration encExpConfig = ctx.encryptionClientConfiguration; - String encryptedExpression = encExpConfig.encryptedExpressionResolver.createExpression(PASSWORD, encExpConfig); - Assert.assertEquals(PASSWORD, encExpConfig.encryptedExpressionResolver.resolveExpression(encryptedExpression, encExpConfig)); + String encryptedExpression = ctx.getEncryptedExpressionResolver().createExpression(PASSWORD, ctx.getEncryptionClientConfiguration()); + Assert.assertEquals(PASSWORD, ctx.getEncryptedExpressionResolver().resolveExpression(encryptedExpression, ctx.getEncryptionClientConfiguration())); //expression is encrypted during runtime, so it cannot be statically defined in client config file System.setProperty("ENC_EXP_PROP", encryptedExpression); @@ -99,7 +56,7 @@ public void testEncryptedExpressionWithAuthClient() throws Exception { @Test public void testEncryptedExpressionWithoutEncryptionClient() throws Exception { - URL config = getClass().getResource("test-invalid-config-encryption-auth-client-v1_0.xml"); + URL config = getClass().getResource("test-invalid-encryption-config-auth-client-v1_7.xml"); try { SecurityFactory clientConfiguration = EncryptionClientXmlParser.parseEncryptionClientConfiguration(config.toURI()); EncryptionClientContext.getContextManager().setThreadDefault(clientConfiguration.create()); @@ -162,4 +119,5 @@ static void createCredentialStore(CredentialStore credentialStore, File credStor credentialStore.store("secretkey2", new SecretKeyCredential(secretKey2)); credentialStore.flush(); } -} \ No newline at end of file + +} diff --git a/tests/base/src/test/java/org/wildfly/security/auth/client/EncryptionClientSaslAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/auth/client/EncryptionClientSaslAuthenticationTest.java index 239c074a17b..11efb230290 100644 --- a/tests/base/src/test/java/org/wildfly/security/auth/client/EncryptionClientSaslAuthenticationTest.java +++ b/tests/base/src/test/java/org/wildfly/security/auth/client/EncryptionClientSaslAuthenticationTest.java @@ -20,13 +20,17 @@ import okhttp3.mockwebserver.MockWebServer; import org.junit.AfterClass; +import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; +import org.wildfly.security.SecurityFactory; import org.wildfly.security.credential.SecretKeyCredential; import org.wildfly.security.credential.store.CredentialStore; -import org.wildfly.security.encryption.SecretKeyUtil; +import org.wildfly.security.encryption.base.SecretKeyUtil; +import org.wildfly.security.encryption.client.EncryptionClientContext; +import org.wildfly.security.encryption.client.EncryptedExpressionResolutionException; +import org.wildfly.security.encryption.client.EncryptionClientXmlParser; import org.wildfly.security.password.WildFlyElytronPasswordProvider; -import org.wildfly.security.sasl.SaslMechanismSelector; import org.wildfly.security.sasl.oauth2.WildFlyElytronSaslOAuth2Provider; import org.wildfly.security.sasl.plain.PlainSaslServerFactory; import org.wildfly.security.sasl.plain.WildFlyElytronSaslPlainProvider; @@ -38,6 +42,7 @@ import java.io.File; import java.io.IOException; import java.net.URI; +import java.net.URL; import java.nio.charset.StandardCharsets; import java.security.AccessController; import java.security.GeneralSecurityException; @@ -50,7 +55,6 @@ import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Objects; import java.util.ServiceLoader; import java.util.function.Supplier; @@ -98,7 +102,6 @@ public static void setup() throws GeneralSecurityException, IOException { server.setDispatcher(createTokenEndpoint()); server.start(50831); - System.setProperty("wildfly.config.url", Objects.requireNonNull(MaskedPasswordSaslAuthenticationTest.class.getResource(CONFIG_FILE)).toExternalForm()); System.setProperty("CREDSTORE_PATH_PROP", credStorePath); } @@ -141,14 +144,18 @@ public static void removeProvider() throws IOException { @Test public void testSuccessfulAuthWithXmlConfig() throws Exception { + URL config = getClass().getResource(CONFIG_FILE); + System.setProperty("wildfly.config.url", config.getPath()); SaslServer server = new SaslServerBuilder(PlainSaslServerFactory.class, PLAIN) .setUserName(USERNAME) .setPassword(PASSWORD.toCharArray()) .build(); //Preparing the encrypted expression as a system property - EncryptionClientContext encContext = EncryptionClientContext.getContextManager().get(); - String encryptedExpression = encContext.encryptionClientConfiguration.encryptedExpressionResolver.createExpression(DEFAULT_RESOLVER, PASSWORD, encContext.encryptionClientConfiguration); + SecurityFactory clientConfiguration = EncryptionClientXmlParser.parseEncryptionClientConfiguration(config.toURI()); + EncryptionClientContext encContext = clientConfiguration.create(); + EncryptionClientContext.getContextManager().setThreadDefault(encContext); + String encryptedExpression = encContext.getEncryptedExpressionResolver().createExpression(DEFAULT_RESOLVER, PASSWORD, encContext.getEncryptionClientConfiguration()); System.setProperty("ENC_EXP_PROP", encryptedExpression); //Creating SASL client from XML configuration file @@ -170,48 +177,63 @@ public void testSuccessfulAuthWithXmlConfig() throws Exception { } @Test - public void testSuccessfulExchangeWithProgrammaticConfig() throws Exception { - SaslServer server = new SaslServerBuilder(PlainSaslServerFactory.class, PLAIN) - .setUserName(USERNAME) - .setPassword(PASSWORD.toCharArray()) - .build(); - - CredentialStore credentialStore = CredentialStore.getInstance("PropertiesCredentialStore", getProvidersSupplier()); - createCredentialStore(credentialStore); - - Map resolverConfigurationMap = new HashMap<>(); - resolverConfigurationMap.put(DEFAULT_RESOLVER, new EncryptedExpressionResolver.ResolverConfiguration(DEFAULT_RESOLVER, "myCredentialStore", SECRET_KEY_ALIAS)); - - EncryptedExpressionResolver resolver = new EncryptedExpressionResolver() - .setResolverConfigurations(resolverConfigurationMap) - .setDefaultResolver(DEFAULT_RESOLVER) - .setPrefix("ENC"); - - //Preparing the encrypted expression config - EncryptionClientConfiguration encConfig = - EncryptionClientConfiguration.empty() - .addCredentialStore("myCredentialStore", credentialStore) - .addEncryptedExpressionResolver(resolver); - - //Creating SASL client from authentication configuration programmatically - AuthenticationConfiguration authWithEncConfig = - AuthenticationConfiguration.empty() - .setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism(PLAIN)) - .useName(USERNAME) - .decryptAndUsePassword(resolver.createExpression(DEFAULT_RESOLVER, PASSWORD, encConfig)); - - AuthenticationContext context = AuthenticationContext.empty(); - context = context.with(MatchRule.ALL.matchHost("masked"), authWithEncConfig); - AuthenticationContextConfigurationClient contextConfigurationClient = AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION); - SaslClient client = contextConfigurationClient.createSaslClient(URI.create("http://masked/"), context.authRules.configuration, Arrays.asList(PLAIN)); + public void testUnableToDecryptWithAuthClient() throws Exception { + URL config = getClass().getResource("test-invalid-token-encryption-client-auth-client-v1_7.xml"); + System.setProperty("wildfly.config.url", config.getPath()); + try { + SecurityFactory clientConfiguration = EncryptionClientXmlParser.parseEncryptionClientConfiguration(config.toURI()); + EncryptionClientContext.getContextManager().setThreadDefault(clientConfiguration.create()); + SecurityFactory authClientConfiguration = ElytronXmlParser.parseAuthenticationClientConfiguration(config.toURI()); + } catch (EncryptedExpressionResolutionException e) { + Assert.assertTrue(e.getMessage().contains("Unable to decrypt expression")); + System.clearProperty("wildfly.config.url"); + } + } - assertTrue(client.hasInitialResponse()); - byte[] message = client.evaluateChallenge(new byte[0]); - assertEquals("\0"+USERNAME+"\0"+PASSWORD,new String(message, StandardCharsets.UTF_8)); + // @Test +// public void testSuccessfulExchangeWithProgrammaticConfig() throws Exception { +// SaslServer server = new SaslServerBuilder(PlainSaslServerFactory.class, PLAIN) +// .setUserName(USERNAME) +// .setPassword(PASSWORD.toCharArray()) +// .build(); +// +// CredentialStore credentialStore = CredentialStore.getInstance("PropertiesCredentialStore", getProvidersSupplier()); +// createCredentialStore(credentialStore); +// +// Map resolverConfigurationMap = new HashMap<>(); +// resolverConfigurationMap.put(DEFAULT_RESOLVER, new EncryptedExpressionResolver.ResolverConfiguration(DEFAULT_RESOLVER, "myCredentialStore", SECRET_KEY_ALIAS)); +// +// EncryptedExpressionResolver resolver = new EncryptedExpressionResolver() +// .setResolverConfigurations(resolverConfigurationMap) +// .setDefaultResolver(DEFAULT_RESOLVER) +// .setPrefix("ENC"); +// +// //Preparing the encrypted expression config +// EncryptionClientConfiguration encConfig = +// EncryptionClientConfiguration.empty() +// .addCredentialStore("myCredentialStore", credentialStore) +// .addEncryptedExpressionResolver(resolver); +// +// //Creating SASL client from authentication configuration programmatically +// AuthenticationConfiguration authWithEncConfig = +// AuthenticationConfiguration.empty() +// .setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism(PLAIN)) +// .useName(USERNAME) +// .decryptAndUsePassword(resolver.createExpression(DEFAULT_RESOLVER, PASSWORD, encConfig)); +// +// AuthenticationContext context = AuthenticationContext.empty(); +// context = context.with(MatchRule.ALL.matchHost("masked"), authWithEncConfig); +// AuthenticationContextConfigurationClient contextConfigurationClient = AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION); +// SaslClient client = contextConfigurationClient.createSaslClient(URI.create("http://masked/"), context.authRules.configuration, Arrays.asList(PLAIN)); +// +// assertTrue(client.hasInitialResponse()); +// byte[] message = client.evaluateChallenge(new byte[0]); +// assertEquals("\0"+USERNAME+"\0"+PASSWORD,new String(message, StandardCharsets.UTF_8)); +// +// server.evaluateResponse(message); +// assertTrue(server.isComplete()); +// assertTrue(client.isComplete()); +// assertEquals(USERNAME, server.getAuthorizationID()); +// } - server.evaluateResponse(message); - assertTrue(server.isComplete()); - assertTrue(client.isComplete()); - assertEquals(USERNAME, server.getAuthorizationID()); - } } diff --git a/auth/client/src/test/resources/org/wildfly/security/auth/client/test-encryption-auth-client-v1_0.xml b/tests/base/src/test/resources/org/wildfly/security/auth/client/test-auth-client-encryption-client-v1_7.xml similarity index 97% rename from auth/client/src/test/resources/org/wildfly/security/auth/client/test-encryption-auth-client-v1_0.xml rename to tests/base/src/test/resources/org/wildfly/security/auth/client/test-auth-client-encryption-client-v1_7.xml index deae27016cd..d7e10f41576 100644 --- a/auth/client/src/test/resources/org/wildfly/security/auth/client/test-encryption-auth-client-v1_0.xml +++ b/tests/base/src/test/resources/org/wildfly/security/auth/client/test-auth-client-encryption-client-v1_7.xml @@ -1,7 +1,7 @@ - - - - - - - - - - - - - @@ -47,4 +34,17 @@ + + + + + + + + + + + + + diff --git a/auth/client/src/test/resources/org/wildfly/security/auth/client/test-invalid-config-encryption-auth-client-v1_0.xml b/tests/base/src/test/resources/org/wildfly/security/auth/client/test-invalid-encryption-config-auth-client-v1_7.xml similarity index 96% rename from auth/client/src/test/resources/org/wildfly/security/auth/client/test-invalid-config-encryption-auth-client-v1_0.xml rename to tests/base/src/test/resources/org/wildfly/security/auth/client/test-invalid-encryption-config-auth-client-v1_7.xml index c4e71ccca9c..8d581266a04 100644 --- a/auth/client/src/test/resources/org/wildfly/security/auth/client/test-invalid-config-encryption-auth-client-v1_0.xml +++ b/tests/base/src/test/resources/org/wildfly/security/auth/client/test-invalid-encryption-config-auth-client-v1_7.xml @@ -1,7 +1,7 @@ - - - - - - - - - - - - - @@ -47,4 +34,16 @@ + + + + + + + + + + + + diff --git a/tool/src/main/java/org/wildfly/security/tool/Command.java b/tool/src/main/java/org/wildfly/security/tool/Command.java index 4b29a26b881..77ac2296b15 100644 --- a/tool/src/main/java/org/wildfly/security/tool/Command.java +++ b/tool/src/main/java/org/wildfly/security/tool/Command.java @@ -60,7 +60,7 @@ import org.wildfly.security.credential.store.CredentialStoreException; import org.wildfly.security.credential.store.UnsupportedCredentialTypeException; import org.wildfly.security.credential.store.impl.PropertiesCredentialStore; -import org.wildfly.security.encryption.SecretKeyUtil; +import org.wildfly.security.encryption.base.SecretKeyUtil; import org.wildfly.security.keystore.AtomicLoadKeyStore; import org.wildfly.security.keystore.KeyStoreUtil; import org.wildfly.security.keystore.WildFlyElytronKeyStoreProvider; diff --git a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java index 493d5df134c..f48134198e0 100644 --- a/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java +++ b/tool/src/main/java/org/wildfly/security/tool/CredentialStoreCommand.java @@ -63,8 +63,8 @@ import org.wildfly.security.credential.store.CredentialStore; import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore; import org.wildfly.security.credential.store.impl.PropertiesCredentialStore; -import org.wildfly.security.encryption.CipherUtil; -import org.wildfly.security.encryption.SecretKeyUtil; +import org.wildfly.security.encryption.base.CipherUtil; +import org.wildfly.security.encryption.base.SecretKeyUtil; import org.wildfly.security.password.Password; import org.wildfly.security.password.interfaces.ClearPassword; import org.wildfly.security.pem.Pem; diff --git a/tool/src/test/java/org/wildfly/security/tool/SecretKeyCommandTest.java b/tool/src/test/java/org/wildfly/security/tool/SecretKeyCommandTest.java index ea69586385e..dd1f20b3b9f 100644 --- a/tool/src/test/java/org/wildfly/security/tool/SecretKeyCommandTest.java +++ b/tool/src/test/java/org/wildfly/security/tool/SecretKeyCommandTest.java @@ -35,8 +35,8 @@ import org.junit.runners.Parameterized.Parameters; import org.wildfly.security.credential.SecretKeyCredential; import org.wildfly.security.credential.store.CredentialStore; -import org.wildfly.security.encryption.CipherUtil; -import org.wildfly.security.encryption.SecretKeyUtil; +import org.wildfly.security.encryption.base.CipherUtil; +import org.wildfly.security.encryption.base.SecretKeyUtil; /** * Test case to cover {@code SecretKey} management using the credential-store command. diff --git a/util/pom.xml b/util/pom.xml index 8099fffa903..80dec564f0f 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -49,6 +49,10 @@ wildfly-common + + org.wildfly.client + wildfly-client-config + org.jboss.logging jboss-logging @@ -75,6 +79,11 @@ jmockit test + + org.jboss.modules + jboss-modules + compile + diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/ModuleLoader.java b/util/src/main/java/org/wildfly/security/util/ModuleLoader.java similarity index 67% rename from auth/client/src/main/java/org/wildfly/security/auth/client/ModuleLoader.java rename to util/src/main/java/org/wildfly/security/util/ModuleLoader.java index 859ea86ba30..1025346d16c 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/ModuleLoader.java +++ b/util/src/main/java/org/wildfly/security/util/ModuleLoader.java @@ -16,17 +16,11 @@ * limitations under the License. */ -package org.wildfly.security.auth.client; +package org.wildfly.security.util; -import static org.wildfly.security.auth.client._private.ElytronMessages.xmlLog; - -import javax.xml.stream.XMLStreamReader; - -import org.jboss.logging.annotations.Param; import org.jboss.modules.Module; import org.jboss.modules.ModuleIdentifier; import org.jboss.modules.ModuleLoadException; -import org.wildfly.client.config.ConfigXMLParseException; /** * Utility class to load a module. @@ -36,22 +30,18 @@ * @author Jeff Mesnil (c) 2017 Red Hat inc. */ -class ModuleLoader { +public class ModuleLoader { /** * Returns the class loader of the given module or throws a {@code ConfigXMLParseException} if the module can not be loaded. * * @param moduleName the name of the module (can not be {@code null} * @return the class loader of the module - * @throws ConfigXMLParseException if the module can not be loaded + * @throws ModuleLoadException if the module can not be loaded * */ - static ClassLoader getClassLoaderFromModule(@Param XMLStreamReader reader, String moduleName) throws ConfigXMLParseException { + public static ClassLoader getClassLoaderFromModule(String moduleName) throws ModuleLoadException { final ModuleIdentifier identifier = ModuleIdentifier.fromString(moduleName); - try { - return Module.getModuleFromCallerModuleLoader(identifier).getClassLoader(); - } catch (ModuleLoadException e) { - throw xmlLog.xmlNoModuleFound(reader, e, identifier.toString()); - } + return Module.getModuleFromCallerModuleLoader(identifier).getClassLoader(); } } diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/XMLParserUtils.java b/util/src/main/java/org/wildfly/security/util/XMLParserUtils.java similarity index 60% rename from auth/client/src/main/java/org/wildfly/security/auth/client/XMLParserUtils.java rename to util/src/main/java/org/wildfly/security/util/XMLParserUtils.java index 545f33400e0..9f1d45abae9 100644 --- a/auth/client/src/main/java/org/wildfly/security/auth/client/XMLParserUtils.java +++ b/util/src/main/java/org/wildfly/security/util/XMLParserUtils.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.wildfly.security.auth.client; +package org.wildfly.security.util; import org.wildfly.client.config.ConfigXMLParseException; import org.wildfly.client.config.ConfigurationXMLStreamReader; @@ -25,8 +25,6 @@ import java.net.URI; -import static org.wildfly.security.auth.client._private.ElytronMessages.xmlLog; - /** * A utility class to get and check information about attributes in XML file. * @@ -35,37 +33,37 @@ public class XMLParserUtils { - protected static boolean isSet(int var, int bit) { + public static boolean isSet(int var, int bit) { return (var & 1 << bit) != 0; } - protected static int setBit(int var, int bit) { + public static int setBit(int var, int bit) { return var | 1 << bit; } - protected static void checkAttributeNamespace(final ConfigurationXMLStreamReader reader, final int idx) throws ConfigXMLParseException { + public static void checkAttributeNamespace(final ConfigurationXMLStreamReader reader, final int idx) throws ConfigXMLParseException { final String attributeNamespace = reader.getAttributeNamespace(idx); if (attributeNamespace != null && ! attributeNamespace.isEmpty()) { throw reader.unexpectedAttribute(idx); } } - protected static void requireNoAttributes(final ConfigurationXMLStreamReader reader) throws ConfigXMLParseException { + public static void requireNoAttributes(final ConfigurationXMLStreamReader reader) throws ConfigXMLParseException { final int attributeCount = reader.getAttributeCount(); if (attributeCount > 0) { throw reader.unexpectedAttribute(0); } } - protected static String requireSingleAttribute(final ConfigurationXMLStreamReader reader, final String attributeName) throws ConfigXMLParseException { + public static String requireSingleAttribute(final ConfigurationXMLStreamReader reader, final String attributeName) throws ConfigXMLParseException { return requireSingleAttribute(reader, attributeName, (ExceptionSupplier) () -> reader.getAttributeValueResolved(0)); } - protected static URI requireSingleURIAttribute(final ConfigurationXMLStreamReader reader, final String attributeName) throws ConfigXMLParseException { + public static URI requireSingleURIAttribute(final ConfigurationXMLStreamReader reader, final String attributeName) throws ConfigXMLParseException { return requireSingleAttribute(reader, attributeName, () -> reader.getURIAttributeValueResolved(0)); } - protected static A requireSingleAttribute(final ConfigurationXMLStreamReader reader, final String attributeName, ExceptionSupplier attributeFunction) throws ConfigXMLParseException { + public static A requireSingleAttribute(final ConfigurationXMLStreamReader reader, final String attributeName, ExceptionSupplier attributeFunction) throws ConfigXMLParseException { final int attributeCount = reader.getAttributeCount(); if (attributeCount < 1) { throw reader.missingRequiredAttribute("", attributeName); @@ -80,15 +78,11 @@ protected static A requireSingleAttribute(final ConfigurationXMLStreamReader return attributeFunction.get(); } - protected static ConfigXMLParseException missingAttribute(final ConfigurationXMLStreamReader reader, final String name) { + public static ConfigXMLParseException missingAttribute(final ConfigurationXMLStreamReader reader, final String name) { return reader.missingRequiredAttribute(null, name); } - protected static ConfigXMLParseException invalidPortNumber(final ConfigurationXMLStreamReader reader, final int index) throws ConfigXMLParseException { - return xmlLog.xmlInvalidPortNumber(reader, reader.getAttributeValueResolved(index), reader.getAttributeLocalName(index), reader.getName()); - } - - protected static ExceptionUnaryOperator andThenOp(ExceptionUnaryOperator first, ExceptionUnaryOperator second) { + public static ExceptionUnaryOperator andThenOp(ExceptionUnaryOperator first, ExceptionUnaryOperator second) { return t -> second.apply(first.apply(t)); } }