Merge pull request #689 from openziti/fix-load-null-ztAPIs

fix identity loading issues

- move away from kotlinx.serialization due to compatibility issues on older runtimes (springboot)
- add more tests

Author: ekoby

gradle/libs.versions.toml

@@ -16,7 +16,6 @@ ziti-cli = "1.5.4"
 # third party
 lazysodium-java = "5.1.4"
 coroutines = "1.10.2"
-serialization = "1.8.1"
 slf4j = "2.0.17"
 jupiter = "5.12.2"
 gson = "2.13.1"
@@ -42,8 +41,6 @@ kotlin-reflect = { group = "org.jetbrains.kotlin", name = "kotlin-reflect", vers
 kotlin-test = { group = "org.jetbrains.kotlin", name = "kotlin-test-junit", version.ref = "kotlin" }
 kotlin-coroutines-lib = { group = "org.jetbrains.kotlinx", name = "kotlinx-coroutines-core", version.ref = "coroutines"}
 kotlin-coroutines-test = { group = "org.jetbrains.kotlinx", name = "kotlinx-coroutines-test", version.ref = "coroutines"}
-kotlinx-serialization-json = { module = "org.jetbrains.kotlinx:kotlinx-serialization-json", version.ref = "serialization" }
-
 
 tls-channel = { group = "com.github.marianobarrios", name = "tls-channel", version.ref = "tls-channel" }
 sodium = { group = "com.goterl", name = "lazysodium-java", version.ref = "lazysodium-java" }

ziti/build.gradle.kts

@@ -21,7 +21,6 @@ import kotlinx.coroutines.runBlocking
 plugins {
     id("java-library")
     alias(libs.plugins.kotlin)
-    alias(libs.plugins.kotlin.serialization)
     alias(libs.plugins.dokka)
     id("maven-publish")
     alias(libs.plugins.shadow)
@@ -38,7 +37,6 @@ dependencies {
     implementation(libs.kotlin.lib)
     implementation(libs.kotlin.coroutines.lib)
     implementation(libs.kotlin.reflect)
-    implementation(libs.kotlinx.serialization.json)
     implementation(libs.slf4j.api)
     implementation(libs.gson)
     implementation(libs.jackson.bind)
@@ -160,7 +158,9 @@ tasks.register<Exec>("buildZiti") {
     group = LifecycleBasePlugin.BUILD_GROUP
     description = "Builds the Ziti CLI"
     environment("GOBIN", binDir.asFile.absolutePath)
-    commandLine("go", "install", "github.com/openziti/ziti/ziti@v${zitiVersion}")
+    commandLine("env",
+        "go", "install", "github.com/openziti/ziti/ziti@v${zitiVersion}"
+    )
     outputs.file(zitiCLI)
 }
 

ziti/src/integrationTest/kotlin/org/openziti/api/ControllerTests.kt

@@ -44,7 +44,7 @@ class ControllerTests: BaseTest() {
 
     @Test
     fun testOttEnrollment() = runTest {
-        val ctrl = Controller(cfg.controller, cfg.sslContext())
+        val ctrl = Controller.getActiveController(cfg.controllers(), cfg.sslContext())
         val session = ctrl.login()
         assertEquals(idName, session.identity.name)
         ctrl.logout()

ziti/src/integrationTest/kotlin/org/openziti/impl/LoadTests.kt

@@ -16,7 +16,6 @@
 
 package org.openziti.impl
 
-import kotlinx.serialization.json.Json
 import org.junit.jupiter.api.AfterEach
 import org.junit.jupiter.api.Assertions.assertEquals
 import org.junit.jupiter.api.BeforeEach
@@ -43,7 +42,11 @@ class LoadTests: BaseTest() {
 
     @Test
     fun testLoadConfigByteArray() {
-        val cfgBytes = Json.encodeToString(cfg).toByteArray(Charsets.UTF_8)
+
+        val cfgBytes = ByteArrayOutputStream().use {
+            cfg.store(it)
+            it.toByteArray()
+        }
 
         Ziti.init(cfgBytes, false)
 

ziti/src/integrationTest/kotlin/org/openziti/net/ConnectionTests.kt

@@ -216,4 +216,10 @@ class ConnectionTests: BaseTest() {
         }
     }
 
+    @Test
+    fun closeUnconnectedSocket() = runTest(timeout = 1.seconds) {
+        val sock = Ziti.getSocketFactory().createSocket()
+        sock.close()
+        assertTrue(sock.isClosed)
+    }
 }

ziti/src/main/kotlin/org/openziti/IdentityConfig.kt

@@ -16,11 +16,10 @@
 
 package org.openziti
 
-import kotlinx.serialization.ExperimentalSerializationApi
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.decodeFromStream
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties
+import com.fasterxml.jackson.annotation.JsonProperty
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.module.kotlin.kotlinModule
 import org.openziti.identity.makeSSLContext
 import org.openziti.util.readCerts
 import org.openziti.util.readKey
@@ -34,23 +33,26 @@ import javax.net.ssl.SSLContext
 /**
  * Identity loaded from identity configuration JSON.
  */
-@Serializable data class IdentityConfig (
+@JsonIgnoreProperties(ignoreUnknown = true)
+data class IdentityConfig (
     /**
      * Ziti controller address.
      */
-    @SerialName("ztAPI") val controller: String,
+    @JsonProperty("ztAPI")
+    val controller: String,
 
     /**
      * List of ziti controller addresses.
      */
-    @SerialName("ztAPIs") val controllers: Collection<String> = listOf(controller),
+    @JsonProperty("ztAPIs")
+    val apiEndpoints: Collection<String>? = listOf(controller),
 
     /**
      * Identity credentials.
      */
     val id: Id): Identity {
 
-    @Serializable data class Id(
+    data class Id(
         /** Identity private key in PEM format */
         val key: String? = null,
         /** Identity X.509 certificate in PEM format */
@@ -63,44 +65,36 @@ import javax.net.ssl.SSLContext
      * Store identity configuration to the output stream.
      */
     fun store(output: OutputStream) {
-        output.write(json.encodeToString(this).encodeToByteArray())
+        jsonMapper.writeValue(output, this)
     }
 
     /**
      * @inheritDoc
      */
-    override fun controllers(): Collection<String> = controllers
+    override fun controllers(): Collection<String> = apiEndpoints ?: listOf(controller)
 
     /**
      * @inheritDoc
      */
-    override fun sslContext(): SSLContext = makeSSLContext(key, cert, caCerts)
+    override fun sslContext(): SSLContext = makeSSLContext(key(), cert(), caCerts())
 
-    internal val key: PrivateKey? by lazy {
-        id.key?.let {
-            readKey(it)
-        }
-    }
-
-    internal val cert: List<X509Certificate> by lazy {
-        id.cert?.let {
-            readCerts(it)
-        } ?: emptyList()
-    }
+    internal fun key(): PrivateKey? = id.key?.let { readKey(it) }
 
-    internal val caCerts by lazy {
-        readCerts(id.ca)
-    }
+    internal fun cert(): List<X509Certificate> = id.cert?.let {
+        readCerts(it)
+    } ?: emptyList()
 
+    internal fun caCerts() = readCerts(id.ca)
 
     companion object {
-
+        val jsonMapper: ObjectMapper =
+            ObjectMapper().registerModule(kotlinModule())
         /**
          * Load identity configuration from the input stream.
          */
-        @OptIn(ExperimentalSerializationApi::class)
         @JvmStatic
-        fun load(input: InputStream): IdentityConfig = Json.decodeFromStream(serializer(), input)
+        fun load(input: InputStream): IdentityConfig =
+            jsonMapper.readValue(input, IdentityConfig::class.java)
 
         /**
          * Load identity configuration from the byte array.
@@ -126,9 +120,5 @@ import javax.net.ssl.SSLContext
 
             return load(cfg.toByteArray())
         }
-
-        private val json = Json {
-            prettyPrint = true
-        }
     }
 }

ziti/src/main/kotlin/org/openziti/api/Authentication.kt

@@ -16,13 +16,12 @@
 
 package org.openziti.api
 
+import com.fasterxml.jackson.databind.JsonNode
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.module.kotlin.kotlinModule
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.asExecutor
 import kotlinx.coroutines.future.await
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonObject
-import kotlinx.serialization.json.jsonObject
-import kotlinx.serialization.json.jsonPrimitive
 import org.openziti.edge.ApiClient
 import org.openziti.edge.api.AuthenticationApi
 import org.openziti.edge.api.CurrentApiSessionApi
@@ -128,6 +127,7 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
         val Encoder: Base64.Encoder = Base64.getUrlEncoder().withoutPadding()
         const val DISCOVERY = "/oidc/.well-known/openid-configuration"
         const val TOKEN_EXCHANGE_GRANT = "urn:ietf:params:oauth:grant-type:token-exchange"
+        val json: ObjectMapper = ObjectMapper().registerModule(kotlinModule())
     }
 
 
@@ -136,7 +136,7 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
         .followRedirects(HttpClient.Redirect.NEVER)
         .executor(Dispatchers.IO.asExecutor())
         .build()
-    lateinit var tokens: JsonObject
+    lateinit var tokens: JsonNode
 
     private val config by lazy {
         loadConfig()
@@ -166,7 +166,7 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
             .POST(HttpRequest.BodyPublishers.ofString(body))
             .build()
 
-        i{"sending auth request $req"}
+        d{"sending auth request $req"}
         val resp = http.sendAsync(req, HttpResponse.BodyHandlers.ofString()).await()
 
         if (resp.statusCode() / 100 != 3 && resp.headers().firstValue("Location").isEmpty) {
@@ -203,7 +203,7 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
         return query["code"]!! to query["state"]!!
     }
 
-    private suspend fun getTokens(ep: URI, code: String, codeVerifier: String): JsonObject {
+    private suspend fun getTokens(ep: URI, code: String, codeVerifier: String): JsonNode {
         val body = formatForm(
             mapOf(
                 "grant_type" to "authorization_code",
@@ -219,7 +219,7 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
             .POST(HttpRequest.BodyPublishers.ofString(body)).build()
 
         val tokenResp = http.sendAsync(req, HttpResponse.BodyHandlers.ofString()).await()
-        return Json.parseToJsonElement(tokenResp.body()).jsonObject
+        return json.readTree(tokenResp.body())
     }
 
     override suspend fun login(): ZitiAuthenticator.ZitiAccessToken {
@@ -230,9 +230,9 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
         val state = Encoder.encodeToString(Random.Default.nextBytes(30))
 
 
-        val authEndpoint = config["authorization_endpoint"]?.jsonPrimitive?.content
+        val authEndpoint = config["authorization_endpoint"]?.textValue()
             ?: throw Exception("Missing authorization endpoint in OIDC config")
-        val tokenEndpoint = config["token_endpoint"]?.jsonPrimitive?.content
+        val tokenEndpoint = config["token_endpoint"]?.textValue()
             ?: throw Exception("Missing token endpoint in OIDC config")
 
         val loginURI = startAuth(authEndpoint, challenge, state)
@@ -244,14 +244,14 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
         tokens = getTokens(URI.create(tokenEndpoint), code, codeVerifier)
         d{ "OIDC tokens: $tokens" }
 
-        val accessToken = tokens["access_token"]?.jsonPrimitive?.content
+        val accessToken = tokens["access_token"]?.textValue()
             ?: throw Exception("Missing access token in OIDC response")
-        val exp = OffsetDateTime.now().plusSeconds(tokens["expires_in"]?.jsonPrimitive?.content?.toLong() ?: 600)
+        val exp = OffsetDateTime.now().plusSeconds(tokens["expires_in"]?.longValue() ?: 600)
         return ZitiAuthenticator.ZitiAccessToken(ZitiAuthenticator.TokenType.BEARER, accessToken, exp)
     }
 
     override suspend fun refresh(): ZitiAuthenticator.ZitiAccessToken {
-        val refreshToken = tokens.get("refresh_token")?.jsonPrimitive?.content
+        val refreshToken = tokens.get("refresh_token")?.textValue()
 
         if (refreshToken == null) return login()
 
@@ -263,7 +263,7 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
         )
 
         val req = HttpRequest.newBuilder()
-            .uri(config["token_endpoint"]?.jsonPrimitive?.content?.let { URI.create(it) })
+            .uri(config["token_endpoint"]?.textValue()?.let { URI.create(it) })
             .header("Accept", "application/x-www-form-urlencoded")
             .POST(HttpRequest.BodyPublishers.ofString(formatForm(form)))
             .build()
@@ -274,14 +274,14 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
             return login()
         }
 
-        tokens = Json.parseToJsonElement(resp.body()).jsonObject
-        val accessToken = tokens["access_token"]?.jsonPrimitive?.content
+        tokens = json.readTree(resp.body())
+        val accessToken = tokens["access_token"]?.textValue()
             ?: throw Exception("Missing access token in OIDC response")
-        val exp = OffsetDateTime.now().plusSeconds(tokens["expires_in"]?.jsonPrimitive?.content?.toLong() ?: 600)
+        val exp = OffsetDateTime.now().plusSeconds(tokens["expires_in"]?.longValue() ?: 600)
         return ZitiAuthenticator.ZitiAccessToken(ZitiAuthenticator.TokenType.BEARER, accessToken, exp)
     }
 
-    private fun loadConfig(): JsonObject {
+    private fun loadConfig(): JsonNode {
         val url = URI.create(ep).resolve(DISCOVERY)
 
         val request = HttpRequest.newBuilder(url)
@@ -293,7 +293,7 @@ class InternalOIDC(val ep: String, ssl: SSLContext): ZitiAuthenticator, Logged b
             throw Exception("Failed to get OIDC config: ${response.statusCode()}")
         }
 
-        i("OIDC config response: ${response.body()}")
-        return Json.parseToJsonElement(response.body()).jsonObject
+        v {"OIDC config response: ${response.body()}"}
+        return ObjectMapper().readTree(response.body())
     }
 }

ziti/src/main/kotlin/org/openziti/identity/Enroller.kt

@@ -144,7 +144,7 @@ internal class Enroller(
 
         return IdentityConfig(
             controller = api.baseUri,
-            controllers = controllers,
+            apiEndpoints = controllers,
             id = IdentityConfig.Id(
                 key = kp.private.toPEM(),
                 cert = cert,
@@ -182,7 +182,7 @@ internal class Enroller(
 
         return IdentityConfig(
             controller = api.baseUri,
-            controllers = controllers,
+            apiEndpoints = controllers,
             id = IdentityConfig.Id(
                 key = key,
                 cert = cert,

ziti/src/main/kotlin/org/openziti/net/nio/AsychChannelSocket.kt

@@ -41,14 +41,11 @@ class AsychChannelSocket(internal val impl: AsyncSocketImpl = AsyncSocketImpl())
         connect(InetSocketAddress(address, port))
     }
 
-    override fun isConnected(): Boolean {
-        return impl.channel.remoteAddress != null
-    }
-
-    override fun isClosed(): Boolean = !impl.channel.isOpen
+    override fun isConnected(): Boolean = impl.isConnected()
+    override fun isClosed(): Boolean = impl.isClosed()
 
     override fun close() {
-        impl.channel.close()
+        impl.closeInternal()
     }
 
     override fun getInputStream(): InputStream {

ziti/src/main/kotlin/org/openziti/net/nio/AsyncSocketImpl.kt

@@ -177,9 +177,14 @@ internal class AsyncSocketImpl(private val connector: Connector = DefaultConnect
         }
     }
 
-    override fun close() {
-        if (::channel.isInitialized)
-            channel.close()
+    internal fun isConnected(): Boolean = ::channel.isInitialized && channel.remoteAddress != null
+    fun isClosed(): Boolean = ::channel.isInitialized && !channel.isOpen
+
+    override fun close() = closeInternal()
+    internal fun closeInternal() {
+        if (!::channel.isInitialized)
+            channel = AsynchronousSocketChannel.open()
+        channel.close()
     }
 
     override fun getOption(optID: Int): Any? {