[WFCORE-6755] Move the org.wildfly.security:wildfly-elytron-dynamic-s…

…sl artifact into its own module
wildfly · Apr 9, 2024 · a218264 · a218264
1 parent bbff9b0
commit a218264
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 11 deletions.
diff --git a/...in/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml b/...in/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml
@@ -34,7 +34,6 @@
         <artifact name="${org.wildfly.security:wildfly-elytron-credential-source-impl}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-credential-store}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-digest}"/>
-        <artifact name="${org.wildfly.security:wildfly-elytron-dynamic-ssl}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-encryption}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-http}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-http-basic}"/>
@@ -112,5 +111,6 @@
         modules use the parser, they need to have visibility to this module.
         -->
         <module name="org.wildfly.client.config" export="true"/>
+        <module name="org.wildfly.security.elytron-dynamic-ssl" export="true" optional="true"/>
     </dependencies>
 </module>
diff --git a/...urces/modules/system/layers/base/org/wildfly/security/elytron-dynamic-ssl/main/module.xml b/...urces/modules/system/layers/base/org/wildfly/security/elytron-dynamic-ssl/main/module.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Copyright The WildFly Authors
+  ~ SPDX-License-Identifier: Apache-2.0
+  -->
+<module xmlns="urn:jboss:module:1.9" name="org.wildfly.security.elytron-dynamic-ssl">
+
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.wildfly.security:wildfly-elytron-dynamic-ssl}"/>
+    </resources>
+
+    <dependencies>
+        <module name="java.logging"/>
+        <module name="org.jboss.logging" />
+        <module name="org.jboss.logmanager" />
+        <module name="org.wildfly.security.elytron-base" services="import" export="true"/>
+        <module name="org.wildfly.common" export="true"/>
+        <module name="org.wildfly.client.config" export="true"/>
+    </dependencies>
+</module>
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/DynamicSSLContextHelper.java b/elytron/src/main/java/org/wildfly/extension/elytron/DynamicSSLContextHelper.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.extension.elytron;
+
+import org.wildfly.security.auth.client.AuthenticationContext;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContext;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContextImpl;
+import org.wildfly.security.dynamic.ssl.DynamicSSLContextException;
+
+import javax.net.ssl.SSLContext;
+import java.security.GeneralSecurityException;
+import static org.wildfly.extension.elytron._private.ElytronSubsystemMessages.ROOT_LOGGER;
+
+/**
+ * Helper class for obtaining an instance of DynamicSSLContext created from the provided AuthenticationContext
+ */
+class DynamicSSLContextHelper {
+
+    /**
+     * Get DynamicSSLContext instance from the provided authentication context
+     * @param authenticationContext authentication context to use with the DynamicSSLContext
+     * @return DynamicSSLContext instance
+     */
+    static SSLContext getDynamicSSLContextInstance(AuthenticationContext authenticationContext) {
+        try {
+            return new DynamicSSLContext(new DynamicSSLContextImpl(authenticationContext));
+        } catch (DynamicSSLContextException |  GeneralSecurityException e) {
+            throw ROOT_LOGGER.unableToObtainDynamicSSLContext();
+        }
+    }
+}
diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java b/elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
@@ -116,15 +116,12 @@
 import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
 import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
 import org.wildfly.security.auth.client.AuthenticationContext;
-import org.wildfly.security.dynamic.ssl.DynamicSSLContextImpl;
 import org.wildfly.security.auth.server.MechanismConfiguration;
 import org.wildfly.security.auth.server.MechanismConfigurationSelector;
 import org.wildfly.security.auth.server.RealmMapper;
 import org.wildfly.security.auth.server.SecurityDomain;
 import org.wildfly.security.credential.PasswordCredential;
 import org.wildfly.security.credential.source.CredentialSource;
-import org.wildfly.security.dynamic.ssl.DynamicSSLContext;
-import org.wildfly.security.dynamic.ssl.DynamicSSLContextException;
 import org.wildfly.security.keystore.AliasFilter;
 import org.wildfly.security.keystore.FilteringKeyStore;
 import org.wildfly.security.password.interfaces.ClearPassword;
@@ -1542,13 +1539,7 @@ protected ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext>
                 ServiceName acServiceName = context.getCapabilityServiceName(authenticationContextCapability, AuthenticationContext.class);
                 Supplier<AuthenticationContext> authenticationContextSupplier = serviceBuilder.requires(acServiceName);
 
-                return () -> {
-                    try {
-                        return new DynamicSSLContext(new DynamicSSLContextImpl(authenticationContextSupplier.get()));
-                    } catch (DynamicSSLContextException | GeneralSecurityException e) {
-                        throw new RuntimeException(e);
-                    }
-                };
+                return () -> DynamicSSLContextHelper.getDynamicSSLContextInstance(authenticationContextSupplier.get());
             }
 
             @Override

diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/_private/ElytronSubsystemMessages.java b/elytron/src/main/java/org/wildfly/extension/elytron/_private/ElytronSubsystemMessages.java
@@ -723,6 +723,8 @@ public interface ElytronSubsystemMessages extends BasicLogger {
             "use Elytron Tool command `filesystem-realm-encrypt`")
     OperationFailedException addSecretKeyToInitializedFilesystemRealm();
 
+    @Message(id = 1221, value = "Unable to obtain DynamicSSLContext from the provided authentication context")
+    RuntimeException unableToObtainDynamicSSLContext();
     /*
      * Don't just add new errors to the end of the file, there may be an appropriate section above for the resource.
      *

diff --git a/testsuite/layers/src/test/java/org/jboss/as/test/layers/LayersTestCase.java b/testsuite/layers/src/test/java/org/jboss/as/test/layers/LayersTestCase.java
@@ -26,6 +26,7 @@ public class LayersTestCase {
         // No patching modules in layers
         "org.jboss.as.patching",
         "org.jboss.as.patching.cli",
+        "org.wildfly.security.elytron-dynamic-ssl"
     };
     // Packages that are not referenced from the module graph but needed.
     // This is the expected set of un-referenced modules found when scanning