Merge pull request #26035 from ayoho/21826-removeBetaGuards

Remove beta flags for OIDC Private Key JWT
OpenLiberty · Sep 1, 2023 · 6e7cee7 · 6e7cee7
2 parents 6e1dca8 + 554f4a0
commit 6e7cee7
Show file tree

Hide file tree

Showing 12 changed files with 6 additions and 92 deletions.
diff --git a/...vers/com.ibm.ws.security.openidconnect.client-1.0_fat.rp.pkceAndPrivateKeyJwt/jvm.options b/...vers/com.ibm.ws.security.openidconnect.client-1.0_fat.rp.pkceAndPrivateKeyJwt/jvm.options
@@ -16,6 +16,3 @@
 -Dhttp.proxyHost=1.2.3.4
 -Dhttps.proxyPort=34567
 -Dhttps.proxyHost=1.2.3.4
-
-# Enable beta PKCE function
--Dcom.ibm.ws.beta.edition=true
diff --git a/...ish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.rp.privateKeyJwt/jvm.options b/...ish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.rp.privateKeyJwt/jvm.options
@@ -16,6 +16,3 @@
 -Dhttp.proxyHost=1.2.3.4
 -Dhttps.proxyPort=34567
 -Dhttps.proxyHost=1.2.3.4
-
-# Enable beta PKCE function
--Dcom.ibm.ws.beta.edition=true
diff --git a/...xrs/publish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.op/jvm.options b/...xrs/publish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.op/jvm.options
diff --git a/...ish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.opWithStub/jvm.options b/...ish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.opWithStub/jvm.options
diff --git a/...xrs/publish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.rp/jvm.options b/...xrs/publish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.rp/jvm.options
diff --git a/...xrs/publish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.rs/jvm.options b/...xrs/publish/servers/com.ibm.ws.security.openidconnect.client-1.0_fat.jaxrs.rs/jvm.options
diff --git a/dev/com.ibm.ws.security.openidconnect.client/resources/OSGI-INF/metatype/metatype.xml b/dev/com.ibm.ws.security.openidconnect.client/resources/OSGI-INF/metatype/metatype.xml
@@ -94,15 +94,15 @@
                 <Option label="%tokenEndpointAuthMethod.privateKeyJwt" value="private_key_jwt" />
          </AD>
          <AD id="tokenEndpointAuthSigningAlgorithm" name="%tokenEndpointAuthSigningAlgorithm" description="%tokenEndpointAuthSigningAlgorithm.desc" required="false"
-             type="String" default="RS256" ibm:beta="true" >
+             type="String" default="RS256" >
                 <Option label="%tokenEndpointAuthSigningAlgorithm.RS256" value="RS256" />
                 <Option label="%tokenEndpointAuthSigningAlgorithm.RS384" value="RS384" />
                 <Option label="%tokenEndpointAuthSigningAlgorithm.RS512" value="RS512" />
                 <Option label="%tokenEndpointAuthSigningAlgorithm.ES256" value="ES256" />
                 <Option label="%tokenEndpointAuthSigningAlgorithm.ES384" value="ES384" />
                 <Option label="%tokenEndpointAuthSigningAlgorithm.ES512" value="ES512" />
          </AD>
-         <AD id="keyAliasName" name="%keyAliasName" description="%keyAliasName.desc" required="false" type="String" ibm:beta="true" />
+         <AD id="keyAliasName" name="%keyAliasName" description="%keyAliasName.desc" required="false" type="String" />
          <AD id="jsonWebKey" name="internal" description="internal use only" required="false" type="String" />
          <AD id="prompt" name="internal" description="internal use only" required="false" type="String" />
           <AD id="jwt" name="internal" description="internal use only" ibm:type="pid" ibm:reference="com.ibm.ws.security.openidconnect.client.jwt"
@@ -162,7 +162,7 @@
                 <Option label="%pkceCodeChallengeMethod.plain" value="plain" />
                 <Option label="%pkceCodeChallengeMethod.S256" value="S256" />
          </AD>
-         <AD id="tokenRequestOriginHeader" name="%tokenRequestOriginHeader" description="%tokenRequestOriginHeader.desc" required="false" type="String" ibm:beta="true" />
+         <AD id="tokenRequestOriginHeader" name="%tokenRequestOriginHeader" description="%tokenRequestOriginHeader.desc" required="false" type="String" />
      </OCD>
 
     <Designate factoryPid="com.ibm.ws.security.openidconnect.client.oidcClientConfig">

diff --git a/dev/com.ibm.ws.security.social/resources/OSGI-INF/metatype/metatype.xml b/dev/com.ibm.ws.security.social/resources/OSGI-INF/metatype/metatype.xml
@@ -421,15 +421,15 @@
                <Option label="%tokenEndpointAuthMethod.privateKeyJwt" value="private_key_jwt" />
          </AD>
         <AD id="tokenEndpointAuthSigningAlgorithm" name="%tokenEndpointAuthSigningAlgorithm" description="%tokenEndpointAuthSigningAlgorithm.desc" required="false"
-            type="String" default="RS256" ibm:beta="true" >
+            type="String" default="RS256" >
                <Option label="%tokenEndpointAuthSigningAlgorithm.RS256" value="RS256" />
                <Option label="%tokenEndpointAuthSigningAlgorithm.RS384" value="RS384" />
                <Option label="%tokenEndpointAuthSigningAlgorithm.RS512" value="RS512" />
                <Option label="%tokenEndpointAuthSigningAlgorithm.ES256" value="ES256" />
                <Option label="%tokenEndpointAuthSigningAlgorithm.ES384" value="ES384" />
                <Option label="%tokenEndpointAuthSigningAlgorithm.ES512" value="ES512" />
         </AD>
-        <AD id="keyAliasName" name="%keyAliasName" description="%keyAliasName.desc" required="false" type="String" ibm:beta="true" />
+        <AD id="keyAliasName" name="%keyAliasName" description="%keyAliasName.desc" required="false" type="String" />
         <AD id="redirectToRPHostAndPort" name="%redirectToRPHostAndPort" description="%redirectToRPHostAndPort.desc" required="false" type="String" />
         <AD id="hostNameVerificationEnabled" name="%hostNameVerificationEnabled" description="%hostNameVerificationEnabled.desc" required="false" type="Boolean" default="true"/>
         <AD id="responseType" name="%responseType" description="%responseType.desc" required="false" type="String" default="code">
@@ -463,7 +463,7 @@
             <Option label="%pkceCodeChallengeMethod.plain" value="plain" />
             <Option label="%pkceCodeChallengeMethod.S256" value="S256" />
         </AD>
-        <AD id="tokenRequestOriginHeader" name="%tokenRequestOriginHeader" description="%tokenRequestOriginHeader.desc" required="false" type="String" ibm:beta="true" />
+        <AD id="tokenRequestOriginHeader" name="%tokenRequestOriginHeader" description="%tokenRequestOriginHeader.desc" required="false" type="String" />
     </OCD>
 
      <OCD id="com.ibm.ws.security.social.client.param.metatype" name="%oidcClientCustomRequestParam" description="%oidcClientCustomRequestParam.desc"

diff --git a/.../servers/com.ibm.ws.security.social_fat.LibertyOP.social.pkceAndPrivateKeyJwt/jvm.options b/.../servers/com.ibm.ws.security.social_fat.LibertyOP.social.pkceAndPrivateKeyJwt/jvm.options
@@ -15,6 +15,3 @@
 -Dhttp.proxyHost=1.2.3.4
 -Dhttps.proxyPort=34567
 -Dhttps.proxyHost=1.2.3.4
-
-# Enable beta PKCE function
--Dcom.ibm.ws.beta.edition=true
diff --git a/...publish/servers/com.ibm.ws.security.social_fat.LibertyOP.social.privateKeyJwt/jvm.options b/...publish/servers/com.ibm.ws.security.social_fat.LibertyOP.social.privateKeyJwt/jvm.options
@@ -15,6 +15,3 @@
 -Dhttp.proxyHost=1.2.3.4
 -Dhttps.proxyPort=34567
 -Dhttps.proxyHost=1.2.3.4
-
-# Enable beta PKCE function
--Dcom.ibm.ws.beta.edition=true
diff --git a/...ternal/src/io/openliberty/security/oidcclientcore/token/auth/PrivateKeyJwtAuthMethod.java b/...ternal/src/io/openliberty/security/oidcclientcore/token/auth/PrivateKeyJwtAuthMethod.java
@@ -25,7 +25,6 @@
 import com.ibm.websphere.ras.TraceComponent;
 import com.ibm.websphere.ras.annotation.Sensitive;
 import com.ibm.ws.ffdc.annotation.FFDCIgnore;
-import com.ibm.ws.kernel.productinfo.ProductInfo;
 import com.ibm.ws.security.common.ssl.SecuritySSLUtils;
 import com.ibm.ws.ssl.KeyStoreService;
 
@@ -56,8 +55,6 @@ public void unsetKeyStoreService(KeyStoreService keyStoreServiceSvc) {
 
     private static final float EXP_TIME_IN_MINUTES = 5;
 
-    private static boolean issuedBetaMessage = false;
-
     private String configurationId;
     private String clientId;
     private String tokenEndpoint;
@@ -90,9 +87,6 @@ public PrivateKeyJwtAuthMethod(String configurationId, String clientId, String t
     @Override
     @FFDCIgnore(PrivateKeyJwtAuthException.class)
     public void setAuthMethodSpecificSettings(Builder tokenRequestBuilder) throws TokenEndpointAuthMethodSettingsException {
-        if (!isRunningBetaMode()) {
-            return;
-        }
         try {
             HashMap<String, String> customParams = getPrivateKeyJwtParameters();
             tokenRequestBuilder.customParams(customParams);
@@ -101,19 +95,6 @@ public void setAuthMethodSpecificSettings(Builder tokenRequestBuilder) throws To
         }
     }
 
-    private boolean isRunningBetaMode() {
-        if (!ProductInfo.getBetaEdition()) {
-            return false;
-        } else {
-            // Running beta exception, issue message if we haven't already issued one for this class
-            if (!issuedBetaMessage) {
-                Tr.info(tc, "BETA: A beta method has been invoked for the class " + this.getClass().getName() + " for the first time.");
-                issuedBetaMessage = !issuedBetaMessage;
-            }
-            return true;
-        }
-    }
-
     HashMap<String, String> getPrivateKeyJwtParameters() throws PrivateKeyJwtAuthException {
         HashMap<String, String> parameters = new HashMap<>();
         parameters.put(TokenConstants.CLIENT_ASSERTION_TYPE, TokenConstants.CLIENT_ASSERTION_TYPE_JWT_BEARER);

diff --git a/...l/test/io/openliberty/security/oidcclientcore/token/auth/PrivateKeyJwtAuthMethodTest.java b/...l/test/io/openliberty/security/oidcclientcore/token/auth/PrivateKeyJwtAuthMethodTest.java
@@ -36,7 +36,6 @@
 import com.ibm.json.java.JSONObject;
 import com.ibm.websphere.ssl.JSSEHelper;
 import com.ibm.websphere.ssl.SSLConfigChangeListener;
-import com.ibm.ws.kernel.productinfo.ProductInfo;
 import com.ibm.ws.security.common.ssl.SecuritySSLUtils;
 import com.ibm.ws.security.test.common.CommonTestClass;
 import com.ibm.ws.ssl.KeyStoreService;
@@ -79,7 +78,6 @@ public class PrivateKeyJwtAuthMethodTest extends CommonTestClass {
     @BeforeClass
     public static void setUpBeforeClass() throws Exception {
         outputMgr.captureStreams();
-        System.setProperty(ProductInfo.BETA_EDITION_JVM_PROPERTY, "true");
         KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
         keyGen.initialize(4096);
         keyPair = keyGen.generateKeyPair();
@@ -110,7 +108,6 @@ public void tearDown() {
 
     @AfterClass
     public static void tearDownAfterClass() throws Exception {
-        System.clearProperty(ProductInfo.BETA_EDITION_JVM_PROPERTY);
         outputMgr.dumpStreams();
         outputMgr.restoreStreams();
     }