[WFLY-18475] helloworld-mutual-ssl-secured Quickstart Common Enhancem…

…ents CY2023Q3

.github/workflows/quickstart_helloworld-mutual-ssl-secured_ci.yml

@@ -0,0 +1,16 @@
+name: WildFly helloworld-mutual-ssl-secured Quickstart CI
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths:
+      - 'helloworld-mutual-ssl-secured/**'
+      - '.github/workflows/quickstart_ci.yml'
+
+jobs:
+  call-quickstart_ci:
+    uses: ./.github/workflows/quickstart_ci.yml
+    with:
+      QUICKSTART_PATH: helloworld-mutual-ssl-secured
+      TEST_PROVISIONED_SERVER: true
+      TEST_OPENSHIFT: false

helloworld-mutual-ssl-secured/README.adoc

@@ -70,7 +70,7 @@ Notice that it sets the `first and last name` to `quickstartUser` and that this
 [source,options="nowrap"]
 ----
 $>keytool -exportcert -keystore client.keystore  -storetype pkcs12 -storepass secret -keypass secret -file client.crt
-$>keytool -import -file client.crt -alias quickstartUser -keystore client.truststore -storepass secret
+$>keytool -import -file client.crt -alias quickstartUser -keystore server.truststore -storepass secret
 
 Owner: CN=quickstartUser, OU=Sales, O=My Company, L=Sao Paulo, ST=Sao Paulo, C=BR
 Issuer: CN=quickstartUser, OU=Sales, O=My Company, L=Sao Paulo, ST=Sao Paulo, C=BR
@@ -155,7 +155,7 @@ After stopping the server, open the `__{jbossHomeName}__/standalone/configuratio
 <key-store name="qsTrustStore">
     <credential-reference clear-text="secret"/>
     <implementation type="JKS"/>
-    <file path="client.truststore" relative-to="jboss.server.config.dir"/>
+    <file path="server.truststore" relative-to="jboss.server.config.dir"/>
 </key-store>
 ----
 
@@ -231,7 +231,7 @@ It maps the `client_cert_domain` from the quickstart application to the `http-au
 [[test_the_server_ssl_configuration]]
 == Test the Server TLS Configuration
 
-To test the TLS configuration, access: https://localhost:8443
+To test the TLS configuration, start {productName} and access: https://localhost:8443
 
 If it is configured correctly, you should be asked to trust the server certificate.
 
@@ -290,6 +290,8 @@ dzXZz0EjjWCPJk+LVEhEvH0GcWAp3x3irpNU4hRZLd0XomY0Z4NnUt7VMBNYDOxVxgT9qcLnEaEpIfYU
 ynfnMaOxI67FC2QzhfzERyKqHj47WuwN0xWbS/1gBypS2nUwvItyxaEQG2X5uQY8j8QoY9wcMzIIkP2Mk14gJGHUnA8=
 ----
 
+// Server Distribution Testing
+include::../shared-doc/run-integration-tests-with-server-distribution.adoc[leveloffset=+2]
 // Undeploy the Quickstart
 include::../shared-doc/undeploy-the-quickstart.adoc[leveloffset=+1]
 
@@ -320,7 +322,7 @@ $ cd __{jbossHomeName}__/standalone/configuration/
 +
 NOTE: For Windows, use the `__{jbossHomeName}__\bin\standalone.bat` script.
 
-. Remove the `clientCert.p12`, `client.crt`, and `client.truststore` files that were generated for this quickstart.
+. Remove the `clientCert.p12`, `client.crt`, and `server.truststore` files that were generated for this quickstart.
 
 [[remove_the_client_certificate_from_your_browser]]
 == Remove the Client Certificate from Your Browser
@@ -344,26 +346,11 @@ After you are done with this quickstart, remember to remove the certificate that
 . Select the *quickstartUser* certificate and click the *Delete* button.
 . The certificate has now been removed from the Mozilla Firefox browser.
 
-// Run the Quickstart in Red Hat CodeReady Studio or Eclipse
-include::../shared-doc/run-the-quickstart-in-jboss-developer-studio.adoc[leveloffset=+1]
-
-// Additional Red Hat CodeReady Studio instructions
-* Make sure you configure the keystores and client certificates as described under xref:set_up_client_keystore_using_java_keytool[Set Up the Client Keystore Using Java Keytool].
-* Depending on the browser you choose, make sure you either xref:import_the_client_certificate_into_google_chrome[import the certificate into Google Chrome] or xref:import_the_client_certificate_into_mozilla_firefox[import the certificate into Mozilla Firefox].
-* Make sure you configure the server by running the JBoss CLI commands as described above under xref:configure_the_server[Configure the Server]. Stop the server at the end of that step.
-* In {JBDSProductName}, choose *Window* –> *Web Browser*, then select the browser you chose to import the certificate.
-* To deploy the application, right-click on the *{artifactId}* project and choose *Run As* –> *Run on Server*.
-* Make sure you xref:restore_the_server_configuration[restore the {productName} server configuration] when you have completed testing this quickstart.
-
-// Debug the Application
-include::../shared-doc/debug-the-application.adoc[leveloffset=+1]
-
-//*************************************************
-// Product Release content only
-//*************************************************
-ifdef::ProductRelease[]
+// Build and run sections for other environments/builds
+ifndef::ProductRelease,EAPXPRelease[]
+:server_provisioning_server_host: https://localhost:8443
+include::../shared-doc/build-and-run-the-quickstart-with-provisioned-server.adoc[leveloffset=+1]
+endif::[]
 
 // Quickstart not compatible with OpenShift
 include::../shared-doc/openshift-incompatibility.adoc[leveloffset=+1]
-
-endif::[]

helloworld-mutual-ssl-secured/configure-client-cert.cli

@@ -0,0 +1,19 @@
+# Configure the client's keystore. This will be used to generate the client's certificate. The path to the keystore file doesn’t actually have to exist yet
+/subsystem=elytron/key-store=clientKS:add(path=client.keystore.P12, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)
+
+# Generate a new key pair for the client. We'll use an RSA key of size 2048 and we'll use CN=quickstartUser
+/subsystem=elytron/key-store=clientKS:generate-key-pair(alias=quickstartUser, algorithm=RSA, key-size=2048, validity=365, credential-reference={clear-text=secret}, distinguished-name="cn=quickstartUser")
+
+# Export the client's certificate to a file called clientCert.crt
+/subsystem=elytron/key-store=clientKS:export-certificate(alias=quickstartUser, path=clientCert.crt, relative-to=jboss.server.config.dir, pem=true)
+
+# Create the server's truststore
+/subsystem=elytron/key-store=serverTS:add(path=server.truststore, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=PKCS12)
+
+# Import the client's certificate into the server's truststore
+/subsystem=elytron/key-store=serverTS:import-certificate(alias=quickstartUser, path=clientCert.crt, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, validate=false)
+
+# Persist the changes we've made to the client's keystore and the server's truststore
+/subsystem=elytron/key-store=serverTS:store()
+/subsystem=elytron/key-store=clientKS:store()
+

helloworld-mutual-ssl-secured/configure-ssl.cli

@@ -4,7 +4,7 @@
 batch
 
 # Add the keystore and trust manager configuration in the elytron subsystem
-/subsystem=elytron/key-store=qsTrustStore:add(path=client.truststore,relative-to=jboss.server.config.dir,type=JKS,credential-reference={clear-text=secret})
+/subsystem=elytron/key-store=qsTrustStore:add(path=server.truststore,relative-to=jboss.server.config.dir,type=PKCS12,credential-reference={clear-text=secret})
 /subsystem=elytron/trust-manager=qsTrustManager:add(key-store=qsTrustStore)
 
 # Update the default server-ssl-context to reference the new trust-manager and require client auth
@@ -29,10 +29,13 @@ batch
 # Add an application-security-domain in the undertow subsystem to map the client_cert_domain from the quickstart app to the http-authentication-factory
 /subsystem=undertow/application-security-domain=client_cert_domain:add(http-authentication-factory=quickstart-http-authentication)
 
+# Generate the server's certificate
+/subsystem=elytron/key-store=applicationKS:generate-key-pair(alias=server, algorithm=RSA, key-size=2048, validity=365, credential-reference={clear-text=password}, distinguished-name="cn=localhost")
+
+/subsystem=elytron/key-store=applicationKS:store()
+
 # Run the batch commands
 run-batch
 
 # Reload the server configuration
-reload
-
-
+#reload

helloworld-mutual-ssl-secured/pom.xml

@@ -44,8 +44,12 @@
     </licenses>
 
     <properties>
-        <!-- The versions for BOMs, Dependencies and Plugins -->
-        <version.server.bom>30.0.0.Final</version.server.bom>
+        <!-- Version for the server -->
+        <version.server>30.0.0.Final</version.server>
+        <!-- The versions for BOMs, Packs and Plugins -->
+        <version.bom.ee>${version.server}</version.bom.ee>
+        <version.pack.cloud>5.0.0.Final</version.pack.cloud>
+        <version.plugin.wildfly>4.2.0.Final</version.plugin.wildfly>
     </properties>
 
     <repositories>
@@ -109,7 +113,7 @@
             <dependency>
                 <groupId>org.wildfly.bom</groupId>
                 <artifactId>wildfly-ee-with-tools</artifactId>
-                <version>${version.server.bom}</version>
+                <version>${version.bom.ee}</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -139,5 +143,101 @@
             <artifactId>jakarta.servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
+
+        <!-- Tests -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>4.5.13</version>
+        </dependency>
+
     </dependencies>
+
+    <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.wildfly.plugins</groupId>
+                    <artifactId>wildfly-maven-plugin</artifactId>
+                    <version>${version.plugin.wildfly}</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+    </build>
+     <profiles>
+        <profile>
+            <id>provisioned-server</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.wildfly.plugins</groupId>
+                        <artifactId>wildfly-maven-plugin</artifactId>
+                        <configuration>
+                            <feature-packs>
+                                <feature-pack>                                    
+                                    <location>org.wildfly:wildfly-galleon-pack:${version.server}</location>
+                                </feature-pack>
+                            </feature-packs>
+                            <layers>
+                                <!-- layers may be used to customize the server to provision-->
+                                <layer>cloud-server</layer>
+                                <layer>undertow-https</layer>
+                            </layers>
+                            <!-- use cli script(s) to configure the server -->
+                            <packaging-scripts>
+                                <packaging-script>
+                                    <scripts>
+                                        <script>${basedir}/configure-client-cert.cli</script>
+                                        <script>${basedir}/configure-ssl.cli</script>
+                                    </scripts>
+                                    <!-- Expressions resolved during server execution -->
+                                    <resolve-expressions>false</resolve-expressions>
+                                </packaging-script>
+                            </packaging-scripts>
+                            <!-- deploys the quickstart on root web context -->
+                            <name>ROOT.war</name>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>package</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>integration-testing</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-failsafe-plugin</artifactId>
+                        <configuration>
+                            <includes>
+                                <include>**/BasicRuntimeIT</include>
+                            </includes>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>integration-test</goal>
+                                    <goal>verify</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>

helloworld-mutual-ssl-secured/restore-client-certs.cli

@@ -0,0 +1,8 @@
+#remove the keypairs and certificates from the keystore and truststore
+/subsystem=elytron/key-store=serverTS:remove-alias(alias=quickstartUser)
+/subsystem=elytron/key-store=clientKS:remove-alias(alias=quickstartUser)
+
+#remove the keystore and truststore 
+/subsystem=elytron/key-store=serverTS:remove
+/subsystem=elytron/key-store=clientKS:remove
+

helloworld-mutual-ssl-secured/restore-configuration.cli

@@ -3,6 +3,9 @@
 # Start batching commands
 batch
 
+# Remove the keypair with the alias server from the application keystore
+/subsystem=elytron/key-store=applicationKS:remove-alias(alias=server)
+
 # Remove the application-security-domain mapping that was added for the quickstart
 /subsystem=undertow/application-security-domain=client_cert_domain:remove