Merge branch 'master' into issue-4299

.github/workflows/coverage-generator.yml

@@ -0,0 +1,177 @@
+name: Code Coverage Generator
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Daily 22:00 UTC (3.30 AM SL time).
+    - cron: '00 22 * * *'
+
+jobs:
+  build-source:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Adopt JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: "adopt"
+
+      - name: Build with Maven
+        run: |
+          mvn clean install -U -B -Dmaven.test.skip=true
+
+      - name: Cache source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+
+  oidc-conformance-report:
+    needs: build-source
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Restore source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-source-
+
+      - name: Get the latest Jacoco report URL
+        id: get-artifact-url-oidc
+        run: |
+          GITHUB_API_URL="https://api.github.com"
+          OWNER="wso2"
+          REPO="product-is"
+          WORKFLOW_ID="oidc-conformance-test.yml"
+          GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
+
+          # Get the latest successful workflow run
+          WORKFLOW_RUNS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/runs?status=success&per_page=1")
+          RUN_ID=$(echo $WORKFLOW_RUNS | jq -r '.workflow_runs[0].id')
+
+          if [ "$RUN_ID" == "null" ]; then
+            echo "No successful workflow runs found"
+            exit 1
+          fi
+
+          # Get the artifacts for the workflow run
+          ARTIFACTS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")
+          ARTIFACT_URL=$(echo $ARTIFACTS | jq -r '.artifacts[] | select(.name == "jacoco-xml") | .archive_download_url')
+
+          if [ "$ARTIFACT_URL" == "null" ]; then
+            echo "Artifact not found"
+            exit 1
+          fi
+
+          echo "::set-output name=artifact-url::$ARTIFACT_URL"
+
+      - name: Download latest Jacoco report
+        run: |
+          curl -L -o artifact-oidc.zip \
+          -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          ${{ steps.get-artifact-url-oidc.outputs.artifact-url }}
+
+      - name: Unzip Jacoco report
+        run: |
+          unzip artifact-oidc.zip -d ./artifacts-oidc
+
+      - name: Upload coverage reports to Codecov for OIDC
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./artifacts-oidc/jacoco.xml
+          flags: conformance-oidc
+          disable_search: true
+
+  fapi-conformance-report:
+    needs: build-source
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Restore source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-source-
+
+      - name: Get the latest Jacoco report URL
+        id: get-artifact-url-fapi
+        run: |
+          GITHUB_API_URL="https://api.github.com"
+          OWNER="wso2"
+          REPO="product-is"
+          WORKFLOW_ID="fapi-oidc-conformance-test.yml"
+          GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
+
+          # Get the latest successful workflow run
+          WORKFLOW_RUNS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/runs?status=success&per_page=1")
+          RUN_ID=$(echo $WORKFLOW_RUNS | jq -r '.workflow_runs[0].id')
+
+          if [ "$RUN_ID" == "null" ]; then
+            echo "No successful workflow runs found"
+            exit 1
+          fi
+
+          # Get the artifacts for the workflow run
+          ARTIFACTS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")
+          ARTIFACT_URL=$(echo $ARTIFACTS | jq -r '.artifacts[] | select(.name == "jacoco-xml") | .archive_download_url')
+
+          if [ "$ARTIFACT_URL" == "null" ]; then
+            echo "Artifact not found"
+            exit 1
+          fi
+
+          echo "::set-output name=artifact-url::$ARTIFACT_URL"
+
+      - name: Download the latest Jacoco report
+        run: |
+          curl -L -o artifact-fapi.zip \
+          -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          ${{ steps.get-artifact-url-fapi.outputs.artifact-url }}
+
+      - name: Unzip Jacoco report
+        run: |
+          unzip artifact-fapi.zip -d ./artifacts-fapi
+
+      - name: Upload coverage reports to Codecov for FAPI
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./artifacts-fapi/jacoco.xml
+          flags: conformance-fapi
+          disable_search: true
+
+  integration-test-report:
+    needs: build-source
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Restore source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-source-
+
+      - name: Download integration Jacoco XML report
+        run: |
+          mkdir artifacts-integration
+          curl -L -o ./artifacts-integration/jacoco.xml https://wso2.org/jenkins/job/products/job/product-is/lastSuccessfulBuild/artifact/modules/integration/tests-integration/tests-backend/target/jacoco/coverage/jacoco.xml
+
+      - name: Upload coverage reports to Codecov for integration tests
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./artifacts-integration/jacoco.xml
+          flags: integration
+          disable_search: true

.github/workflows/pr-builder.yml

@@ -1,7 +1,7 @@
 # This workflow will build the project on pull requests with tests
 # Uses:
-#   OS: ubuntu-lates
-#   JDK: Adopt JDK 11 and Adopt JDK 17
+#   OS: ubuntu-latest
+#   JDK: Temurin JDK 11 and Temurin JDK 17
 
 name: PR Builder
 
@@ -22,15 +22,15 @@ jobs:
         java-version: [ 11, 17 ]
 
     steps:
-      - uses: actions/checkout@v2
-      - name: Set up Adopt JDK 11 and 17
-        uses: actions/setup-java@v2
+      - uses: actions/checkout@v4
+      - name: Set up Temurin JDK 11 and 17
+        uses: actions/setup-java@v4
         with:
           java-version: ${{ matrix.java-version }}
-          distribution: "adopt"
+          distribution: "temurin"
       - name: Cache local Maven repository
         id: cache-maven-m2
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         env:
           cache-name: cache-m2
         with:
@@ -42,3 +42,11 @@ jobs:
             ${{ runner.os }}-
       - name: Build with Maven
         run: mvn clean install -U -B
+      - name: Generate coverage report
+        run: mvn test jacoco:report
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: target/site/jacoco/jacoco.xml
+          flags: unit

codecov.yml

@@ -0,0 +1,23 @@
+codecov:
+  require_ci_to_pass: yes
+  notify:
+    wait_for_ci: yes
+  max_report_age: false
+
+coverage:
+  status:
+    project: off
+    patch: off
+
+flag_management:
+  default_rules:
+    carryforward: true
+  individual_flags:
+    - name: unit
+      statuses:
+        - type: project
+          target: auto
+          threshold: null
+        - type: patch
+          target: 80%
+          threshold: 40%

components/org.wso2.carbon.identity.query.saml/pom.xml

@@ -21,7 +21,7 @@
 		<groupId>org.wso2.carbon.identity.inbound.auth.saml2</groupId>
 		<artifactId>identity-inbound-auth-saml</artifactId>
 		<relativePath>../../pom.xml</relativePath>
-		<version>5.11.43-SNAPSHOT</version>
+		<version>5.11.50-SNAPSHOT</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>org.wso2.carbon.identity.query.saml</artifactId>
@@ -271,13 +271,14 @@
 						<jacoco-agent.destfile>target/jacoco.exec</jacoco-agent.destfile>
 					</systemPropertyVariables>
 					<argLine>
-                        			--add-opens=java.base/java.lang=ALL-UNNAMED
+						${argLine}
+                        --add-opens=java.base/java.lang=ALL-UNNAMED
 						--add-opens=java.base/java.lang.invoke=ALL-UNNAMED
-                        			--add-opens=java.base/java.util=ALL-UNNAMED
-                        			--add-opens=java.base/java.util.concurrent=ALL-UNNAMED
+						--add-opens=java.base/java.util=ALL-UNNAMED
+						--add-opens=java.base/java.util.concurrent=ALL-UNNAMED
 						--add-opens=java.base/java.util.zip=ALL-UNNAMED
 						--add-opens=java.base/java.util.random=ALL-UNNAMED
-                        			--add-opens=java.base/java.security=ALL-UNNAMED
+						--add-opens=java.base/java.security=ALL-UNNAMED
 						--add-opens=java.base/java.io=ALL-UNNAMED
 						--add-opens=java.base/java.security.cert=ALL-UNNAMED
 						--add-opens=java.base/jdk.internal.util=ALL-UNNAMED
@@ -291,7 +292,7 @@
 						--add-opens=java.base/sun.security.validator=ALL-UNNAMED
 						--add-opens=java.base/sun.reflect.misc=ALL-UNNAMED
 						--add-opens=java.xml/jdk.xml.internal=ALL-UNNAMED
-                    			</argLine>
+					</argLine>
 				</configuration>
 			</plugin>
 			<plugin>
@@ -300,30 +301,17 @@
 				<version>${jacoco.version}</version>
 				<executions>
 					<execution>
-						<id>default-instrument</id>
 						<goals>
-							<goal>instrument</goal>
+							<goal>prepare-agent</goal>
 						</goals>
 					</execution>
 					<execution>
-						<id>default-restore-instrumented-classes</id>
-						<goals>
-							<goal>restore-instrumented-classes</goal>
-						</goals>
-					</execution>
-					<execution>
-						<id>default-report</id>
-						<phase>prepare-package</phase>
+						<id>report</id>
+						<phase>test</phase>
 						<goals>
 							<goal>report</goal>
 						</goals>
 					</execution>
-					<execution>
-						<id>default-report-integration</id>
-						<goals>
-							<goal>report-integration</goal>
-						</goals>
-					</execution>
 					<execution>
 						<id>default-check</id>
 						<goals>

components/org.wso2.carbon.identity.query.saml/src/main/java/org/wso2/carbon/identity/query/saml/SignKeyDataHolder.java

@@ -32,9 +32,9 @@
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.query.saml.exception.IdentitySAML2QueryException;
 import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
-import org.wso2.carbon.security.keystore.KeyStoreAdmin;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -46,6 +46,7 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.UnrecoverableKeyException;
@@ -165,10 +166,8 @@ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exceptio
             throw new IdentityException("Invalid file configurations. The key alias is not found.");
         }
 
-        KeyStoreAdmin keyAdmin = new KeyStoreAdmin(MultitenantConstants.SUPER_TENANT_ID,
-                SAMLSSOUtil.getRegistryService().getGovernanceSystemRegistry());
         KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
-        issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true);
+        issuerPrivateKey = keyMan.getDefaultPrivateKey();
 
         Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias);
         issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);
@@ -223,7 +222,7 @@ private void initializeKeyDataForSuperTenantFromSignKeyStore() throws IdentityEx
                 try (FileInputStream is = new FileInputStream(keyStoreLocation)) {
                     String keyStoreType = ServerConfiguration.getInstance().getFirstProperty(
                             SECURITY_SAML_SIGN_KEY_STORE_TYPE);
-                    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+                    KeyStore keyStore = KeystoreUtils.getKeystoreInstance(keyStoreType);
 
                     char[] keyStorePassword = ServerConfiguration.getInstance().getFirstProperty(
                             SECURITY_SAML_SIGN_KEY_STORE_PASSWORD).toCharArray();
@@ -233,7 +232,7 @@ private void initializeKeyDataForSuperTenantFromSignKeyStore() throws IdentityEx
 
                 } catch (FileNotFoundException e) {
                     throw new IdentityException("Unable to locate keystore", e);
-                } catch (IOException e) {
+                } catch (IOException | NoSuchProviderException e) {
                     throw new IdentityException("Unable to read keystore", e);
                 } catch (CertificateException e) {
                     throw new IdentityException("Unable to read certificate", e);

components/org.wso2.carbon.identity.sso.saml.common/pom.xml

@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.saml2</groupId>
         <artifactId>identity-inbound-auth-saml</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>5.11.43-SNAPSHOT</version>
+        <version>5.11.50-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -63,6 +63,25 @@
                     </instructions>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+                <version>${jacoco.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>prepare-agent</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>report</id>
+                        <phase>test</phase>
+                        <goals>
+                            <goal>report</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>