Merge pull request #5919 from darranl/WFCORE-5101

[WFCORE-5101] [Community] SSLContext to support delegation to alternate instances based on peer information.

core-feature-pack/common/pom.xml

@@ -322,6 +322,10 @@
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-digest</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wildfly.security</groupId>
+            <artifactId>wildfly-elytron-dynamic-ssl</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-encryption</artifactId>

core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/extension/elytron/main/module.xml

@@ -34,6 +34,7 @@
         <module name="org.jboss.staxmapper"/>
         <module name="org.jboss.as.controller"/>
         <module name="org.jboss.as.server"/>
+        <module name="org.jboss.as.version"/>
         <module name="org.jboss.modules"/>
         <module name="org.jboss.msc"/>
         <module name="org.jboss.logging"/>

core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml

@@ -34,6 +34,7 @@
         <artifact name="${org.wildfly.security:wildfly-elytron-credential-source-impl}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-credential-store}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-digest}"/>
+        <artifact name="${org.wildfly.security:wildfly-elytron-dynamic-ssl}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-encryption}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-http}"/>
         <artifact name="${org.wildfly.security:wildfly-elytron-http-basic}"/>

elytron/pom.xml

@@ -64,6 +64,11 @@
             <artifactId>wildfly-elytron-auth</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.wildfly.security</groupId>
+            <artifactId>wildfly-elytron-dynamic-ssl</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron-realm-jdbc</artifactId>
@@ -344,6 +349,13 @@
             <artifactId>wildfly-openssl-windows-x86_64</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.jmockit</groupId>
+            <artifactId>jmockit</artifactId>
+            <scope>test</scope>
+        </dependency>
+
     </dependencies>
 
     <build>
@@ -366,6 +378,7 @@
                                 <exclude>custom-policies.xml</exclude>
                                 <exclude>jacc-with-providers.xml</exclude>
                                 <exclude>legacy*.xml</exclude>
+                                <exclude>elytron-subsystem-community*.xml</exclude>
                             </excludes>
                             <systemId>src/main/resources/schema/wildfly-elytron_18_0.xsd</systemId>
                         </validationSet>
@@ -390,7 +403,7 @@
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
                     <reuseForks>false</reuseForks>
-                    <argLine>${surefire.jacoco.args} ${modular.jdk.args} -Dorg.wildfly.extension.elytron.restore-default-ssl-context=true -Dauthconfigprovider.factory=org.wildfly.security.auth.jaspi.ElytronAuthConfigFactory</argLine>
+                    <argLine>-javaagent:${settings.localRepository}/org/jmockit/jmockit/${version.org.jmockit}/jmockit-${version.org.jmockit}.jar ${surefire.jacoco.args} ${modular.jdk.args} -Dorg.wildfly.extension.elytron.restore-default-ssl-context=true -Dauthconfigprovider.factory=org.wildfly.security.auth.jaspi.ElytronAuthConfigFactory</argLine>
                 </configuration>
             </plugin>
         </plugins>

elytron/src/main/java/org/wildfly/extension/elytron/AuthenticationClientDefinitions.java

@@ -15,6 +15,7 @@
 import static org.wildfly.extension.elytron.Capabilities.SECURITY_DOMAIN_CAPABILITY;
 import static org.wildfly.extension.elytron.Capabilities.SECURITY_FACTORY_CREDENTIAL_CAPABILITY;
 import static org.wildfly.extension.elytron.Capabilities.SSL_CONTEXT_CAPABILITY;
+import static org.wildfly.extension.elytron.ElytronDefinition.commonRequirements;
 import static org.wildfly.extension.elytron._private.ElytronSubsystemMessages.ROOT_LOGGER;
 
 import java.util.HashMap;
@@ -42,6 +43,8 @@
 import org.jboss.dmr.ModelNode;
 import org.jboss.dmr.ModelType;
 import org.jboss.msc.service.ServiceBuilder;
+import org.jboss.msc.service.ServiceController;
+import org.jboss.msc.service.ServiceTarget;
 import org.jboss.msc.value.InjectedValue;
 import org.wildfly.common.function.ExceptionSupplier;
 import org.wildfly.extension.elytron.TrivialService.ValueSupplier;
@@ -491,6 +494,17 @@ protected ValueSupplier<AuthenticationContext> getValueSupplier(ServiceBuilder<A
                 return () -> finalContext.apply(parentSupplier.get());
             }
 
+            @Override
+            protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException {
+                commonRequirements(installService(context, model)).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
+            }
+
+            ServiceBuilder<AuthenticationContext> installService(OperationContext context, ModelNode model)  throws OperationFailedException {
+                ServiceTarget serviceTarget = context.getCapabilityServiceTarget();
+                ServiceBuilder<?> serviceBuilder = context.getCapabilityServiceTarget().addCapability(AUTHENTICATION_CONTEXT_RUNTIME_CAPABILITY);
+                TrivialService<AuthenticationContext> authenticationContextTrivialService = new TrivialService<AuthenticationContext>(getValueSupplier((ServiceBuilder<AuthenticationContext>) serviceBuilder, context, model));
+                return serviceTarget.addService(AUTHENTICATION_CONTEXT_RUNTIME_CAPABILITY.getCapabilityServiceName(context.getCurrentAddressValue()), authenticationContextTrivialService);
+            }
         };
 
         return new TrivialResourceDefinition(ElytronDescriptionConstants.AUTHENTICATION_CONTEXT, add, attributes,

elytron/src/main/java/org/wildfly/extension/elytron/ElytronDefinition.java

@@ -294,6 +294,7 @@ public void registerChildren(ManagementResourceRegistration resourceRegistration
         resourceRegistration.registerSubModel(SSLDefinitions.getServerSNISSLContextDefinition());
         resourceRegistration.registerSubModel(new CertificateAuthorityDefinition());
         resourceRegistration.registerSubModel(new CertificateAuthorityAccountDefinition());
+        resourceRegistration.registerSubModel(SSLDefinitions.getDynamicClientSSLContextDefinition());
 
         // Credential Store Block
         resourceRegistration.registerSubModel(new CredentialStoreResourceDefinition());

elytron/src/main/java/org/wildfly/extension/elytron/ElytronDescriptionConstants.java

@@ -173,6 +173,8 @@ interface ElytronDescriptionConstants {
     String DISTINGUISHED_NAME = "distinguished-name";
     String DISTRIBUTED_REALM = "distributed-realm";
     String DOMAIN_NAMES = "domain-names";
+    String DYNAMIC_CLIENT_SSL_CONTEXT = "dynamic-client-ssl-context";
+    String DYNAMIC_CLIENT_SSL_CONTEXTS = "dynamic-client-ssl-contexts";
 
     String ELYTRON_SECURITY = "elytron-security";
     String ENABLE_CONNECTION_POOLING = "enable-connection-pooling";

elytron/src/main/java/org/wildfly/extension/elytron/ElytronExtension.java

@@ -7,9 +7,11 @@
 
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
 
+import java.util.EnumSet;
 import java.util.concurrent.atomic.AtomicReference;
 import javax.net.ssl.SSLContext;
 
+import org.jboss.as.controller.PersistentResourceXMLDescriptionWriter;
 import org.jboss.as.controller.extension.ExpressionResolverExtension;
 import org.jboss.as.controller.Extension;
 import org.jboss.as.controller.ExtensionContext;
@@ -37,28 +39,8 @@
 public class ElytronExtension implements Extension {
 
     /**
-     * The name spaces used for the {@code subsystem} element
+     * The current name space used for the {@code subsystem} element
      */
-    static final String NAMESPACE_1_0 = "urn:wildfly:elytron:1.0";
-    static final String NAMESPACE_1_1 = "urn:wildfly:elytron:1.1";
-    static final String NAMESPACE_1_2 = "urn:wildfly:elytron:1.2";
-    static final String NAMESPACE_2_0 = "urn:wildfly:elytron:2.0";
-    static final String NAMESPACE_3_0 = "urn:wildfly:elytron:3.0";
-    static final String NAMESPACE_4_0 = "urn:wildfly:elytron:4.0";
-    static final String NAMESPACE_5_0 = "urn:wildfly:elytron:5.0";
-    static final String NAMESPACE_6_0 = "urn:wildfly:elytron:6.0";
-    static final String NAMESPACE_7_0 = "urn:wildfly:elytron:7.0";
-    static final String NAMESPACE_8_0 = "urn:wildfly:elytron:8.0";
-    static final String NAMESPACE_9_0 = "urn:wildfly:elytron:9.0";
-    static final String NAMESPACE_10_0 = "urn:wildfly:elytron:10.0";
-    static final String NAMESPACE_11_0 = "urn:wildfly:elytron:11.0";
-    static final String NAMESPACE_12_0 = "urn:wildfly:elytron:12.0";
-    static final String NAMESPACE_13_0 = "urn:wildfly:elytron:13.0";
-    static final String NAMESPACE_14_0 = "urn:wildfly:elytron:14.0";
-    static final String NAMESPACE_15_0 = "urn:wildfly:elytron:15.0";
-    static final String NAMESPACE_15_1 = "urn:wildfly:elytron:15.1";
-    static final String NAMESPACE_16_0 = "urn:wildfly:elytron:16.0";
-    static final String NAMESPACE_17_0 = "urn:wildfly:elytron:17.0";
     static final String NAMESPACE_18_0 = "urn:wildfly:elytron:18.0";
 
     static final String CURRENT_NAMESPACE = NAMESPACE_18_0;
@@ -124,27 +106,7 @@ static boolean isServerOrHostController(ImmutableManagementResourceRegistration
 
     @Override
     public void initializeParsers(ExtensionParsingContext context) {
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_1_0, () -> new ElytronSubsystemParser1_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_1_1, () -> new ElytronSubsystemParser1_1());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_1_2, () -> new ElytronSubsystemParser1_2());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_2_0, () -> new ElytronSubsystemParser2_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_3_0, () -> new ElytronSubsystemParser3_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_4_0, () -> new ElytronSubsystemParser4_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_5_0, () -> new ElytronSubsystemParser5_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_6_0, () -> new ElytronSubsystemParser6_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_7_0, () -> new ElytronSubsystemParser7_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_8_0, () -> new ElytronSubsystemParser8_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_9_0, () -> new ElytronSubsystemParser9_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_10_0, () -> new ElytronSubsystemParser10_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_11_0, () -> new ElytronSubsystemParser11_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_12_0, () -> new ElytronSubsystemParser12_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_13_0, () -> new ElytronSubsystemParser13_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_14_0, () -> new ElytronSubsystemParser14_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_15_0, () -> new ElytronSubsystemParser15_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_15_1, () -> new ElytronSubsystemParser15_1());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_16_0, () -> new ElytronSubsystemParser16_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_17_0, () -> new ElytronSubsystemParser17_0());
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_18_0, () -> new ElytronSubsystemParser18_0());
+        context.setSubsystemXmlMappings(SUBSYSTEM_NAME, EnumSet.allOf(ElytronSubsystemSchema.class));
     }
 
     @Override
@@ -157,7 +119,7 @@ public void initialize(ExtensionContext context) {
         AtomicReference<ExpressionResolverExtension> resolverRef = new AtomicReference<>();
         final ManagementResourceRegistration registration = subsystemRegistration.registerSubsystemModel(new ElytronDefinition(resolverRef));
         registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
-        subsystemRegistration.registerXMLElementWriter(() -> new ElytronSubsystemParser18_0());
+        subsystemRegistration.registerXMLElementWriter(new PersistentResourceXMLDescriptionWriter(ElytronSubsystemSchema.CURRENT.get(context.getStability())));
 
         context.registerExpressionResolverExtension(resolverRef::get, ExpressionResolverResourceDefinition.INITIAL_PATTERN, false);
     }