[WFCORE-5859] Add Filesystem integrity support

core-feature-pack/common/src/main/resources/modules/system/layers/base/org/wildfly/security/elytron-base/main/module.xml

@@ -109,6 +109,7 @@
         <module name="java.security.sasl"/>
         <module name="java.sql"/>
         <module name="java.xml"/>
+        <module name="java.xml.crypto"/>
         <module name="javax.json.api"/>
         <module name="jdk.security.auth"/>
         <module name="jdk.unsupported"/>

elytron/pom.xml

@@ -426,7 +426,7 @@
                                 <exclude>jacc-with-providers.xml</exclude>
                                 <exclude>legacy*.xml</exclude>
                             </excludes>
-                            <systemId>src/main/resources/schema/wildfly-elytron_15_1.xsd</systemId>
+                            <systemId>src/main/resources/schema/wildfly-elytron_16_0.xsd</systemId>
                         </validationSet>
                         <validationSet>
                             <dir>src/main/resources/subsystem-templates</dir>

elytron/src/main/java/org/wildfly/extension/elytron/ElytronDescriptionConstants.java

@@ -104,6 +104,7 @@ interface ElytronDescriptionConstants {
     String CHAINED_PRINCIPAL_TRANSFORMER = "chained-principal-transformer";
     String CHANGE_ACCOUNT_KEY = "change-account-key";
     String CHANGE_ALIAS = "change-alias";
+    String UPDATE_KEY_PAIR = "update-key-pair";
     String CIPHER_SUITE = "cipher-suite";
     String CIPHER_SUITE_FILTER = "cipher-suite-filter";
     String CIPHER_SUITE_NAMES = "cipher-suite-names";
@@ -288,6 +289,7 @@ interface ElytronDescriptionConstants {
     String KEY_MAP = "key-map";
     String KEY_SIZE = "key-size";
     String KEY_STORE = "key-store";
+    String KEY_STORE_ALIAS = "key-store-alias";
     String KEY_STORE_REALM = "key-store-realm";
     String KEY_STORES = "key-stores";
     String KID = "kid";
@@ -603,6 +605,7 @@ interface ElytronDescriptionConstants {
     String VALUE = "value";
     String VERBOSE = "verbose";
     String VERIFIABLE = "verifiable";
+    String VERIFY_INTEGRITY = "verify-integrity";
     String VERSION = "version";
     String VERSION_COMPARISON = "version-comparison";
 

elytron/src/main/java/org/wildfly/extension/elytron/ElytronExtension.java

@@ -70,8 +70,9 @@ public class ElytronExtension implements Extension {
     static final String NAMESPACE_14_0 = "urn:wildfly:elytron:14.0";
     static final String NAMESPACE_15_0 = "urn:wildfly:elytron:15.0";
     static final String NAMESPACE_15_1 = "urn:wildfly:elytron:15.1";
+    static final String NAMESPACE_16_0 = "urn:wildfly:elytron:16.0";
 
-    static final String CURRENT_NAMESPACE = NAMESPACE_15_1;
+    static final String CURRENT_NAMESPACE = NAMESPACE_16_0;
 
     /**
      * The name of our subsystem within the model.
@@ -100,8 +101,9 @@ public class ElytronExtension implements Extension {
     static final ModelVersion ELYTRON_14_0_0 = ModelVersion.create(14);
     static final ModelVersion ELYTRON_15_0_0 = ModelVersion.create(15);
     static final ModelVersion ELYTRON_15_1_0 = ModelVersion.create(15, 1);
+    static final ModelVersion ELYTRON_16_0_0 = ModelVersion.create(16);
 
-    private static final ModelVersion ELYTRON_CURRENT = ELYTRON_15_1_0;
+    private static final ModelVersion ELYTRON_CURRENT = ELYTRON_16_0_0;
 
     static final String ISO_8601_FORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSSZ";
 
@@ -149,6 +151,7 @@ public void initializeParsers(ExtensionParsingContext context) {
         context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_14_0, () -> new ElytronSubsystemParser14_0());
         context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_15_0, () -> new ElytronSubsystemParser15_0());
         context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_15_1, () -> new ElytronSubsystemParser15_1());
+        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE_16_0, () -> new ElytronSubsystemParser16_0());
     }
 
     @Override
@@ -161,7 +164,7 @@ public void initialize(ExtensionContext context) {
         AtomicReference<ExpressionResolverExtension> resolverRef = new AtomicReference<>();
         final ManagementResourceRegistration registration = subsystemRegistration.registerSubsystemModel(new ElytronDefinition(resolverRef));
         registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
-        subsystemRegistration.registerXMLElementWriter(() -> new ElytronSubsystemParser15_1());
+        subsystemRegistration.registerXMLElementWriter(() -> new ElytronSubsystemParser16_0());
 
         context.registerExpressionResolverExtension(resolverRef::get, ExpressionResolverResourceDefinition.INITIAL_PATTERN, false);
     }

elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemParser16_0.java

@@ -0,0 +1,41 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2022 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.wildfly.extension.elytron;
+
+import org.jboss.as.controller.PersistentResourceXMLDescription;
+
+/**
+ * The subsystem parser, which uses stax to read and write to and from xml.
+ *
+ * @author <a href="mailto:fjuma@redhat.com">Farah Juma</a>
+ */
+public class ElytronSubsystemParser16_0 extends ElytronSubsystemParser15_1 {
+
+    @Override
+    String getNameSpace() {
+        return ElytronExtension.NAMESPACE_16_0;
+    }
+
+    @Override
+    PersistentResourceXMLDescription getRealmParser() {
+        return new RealmParser().realmParser_16;
+    }
+
+}
+

elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemTransformers.java

@@ -32,6 +32,8 @@
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.HASH_CHARSET;
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.HASH_ENCODING;
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JDBC_REALM;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.KEY_STORE;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.KEY_STORE_ALIAS;
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.LDAP_REALM;
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.MODULAR_CRYPT_MAPPER;
 import static org.wildfly.extension.elytron.ElytronDescriptionConstants.PERIODIC_ROTATING_FILE_AUDIT_LOG;
@@ -51,6 +53,7 @@
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_14_0_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_15_0_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_15_1_0;
+import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_16_0_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_1_2_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_2_0_0;
 import static org.wildfly.extension.elytron.ElytronExtension.ELYTRON_3_0_0;
@@ -101,6 +104,8 @@ public String getSubsystemName() {
     public void registerTransformers(SubsystemTransformerRegistration registration) {
         ChainedTransformationDescriptionBuilder chainedBuilder = TransformationDescriptionBuilder.Factory.createChainedSubystemInstance(registration.getCurrentSubsystemVersion());
 
+        // 16.0.0 (WildFly 27) to 15.1.0 (WildFly 26.1)
+        from16(chainedBuilder);
         // 15.1.0 (WildFly 26.1) to 15.0.0 (WildFly 26)
         from15_1(chainedBuilder);
         // 15.0.0 (WildFly 26) to 14.0.0 (WildFly 25)
@@ -132,10 +137,20 @@ public void registerTransformers(SubsystemTransformerRegistration registration)
         // 2.0.0 (WildFly 12) to 1.2.0, (WildFly 11 and EAP 7.1.0)
         from2(chainedBuilder);
 
-        chainedBuilder.buildAndRegister(registration, new ModelVersion[] { ELYTRON_15_0_0, ELYTRON_14_0_0, ELYTRON_13_0_0, ELYTRON_12_0_0, ELYTRON_11_0_0, ELYTRON_10_0_0, ELYTRON_9_0_0,
+        chainedBuilder.buildAndRegister(registration, new ModelVersion[] { ELYTRON_15_1_0, ELYTRON_15_0_0, ELYTRON_14_0_0, ELYTRON_13_0_0, ELYTRON_12_0_0, ELYTRON_11_0_0, ELYTRON_10_0_0, ELYTRON_9_0_0,
                 ELYTRON_8_0_0, ELYTRON_7_0_0, ELYTRON_6_0_0, ELYTRON_5_0_0, ELYTRON_4_0_0, ELYTRON_3_0_0, ELYTRON_2_0_0, ELYTRON_1_2_0 });
     }
 
+    private static void from16(ChainedTransformationDescriptionBuilder chainedBuilder) {
+        ResourceTransformationDescriptionBuilder builder = chainedBuilder.createBuilder(ELYTRON_16_0_0, ELYTRON_15_1_0);
+        builder.addChildResource(PathElement.pathElement(FILESYSTEM_REALM))
+                .getAttributeBuilder()
+                .setDiscard(DiscardAttributeChecker.UNDEFINED, KEY_STORE)
+                .setDiscard(DiscardAttributeChecker.UNDEFINED, KEY_STORE_ALIAS)
+                .addRejectCheck(RejectAttributeChecker.DEFINED, KEY_STORE)
+                .addRejectCheck(RejectAttributeChecker.DEFINED, KEY_STORE_ALIAS);
+    }
+
     private static void from15_1(ChainedTransformationDescriptionBuilder chainedBuilder) {
         ResourceTransformationDescriptionBuilder builder = chainedBuilder.createBuilder(ELYTRON_15_1_0, ELYTRON_15_0_0);