Disable TokenUtilsEncryptTest#testFailAlgorithm on Java 17+

[famod]

Relates to #18372 (comment)

A fix upstream would obviously be much nicer than this XML manipulation. 😉

[sberyozkin]

@famod, missed your comment, sorry,

2021-07-09T02:41:37.1781961Z Expected exception of type class org.jose4j.jwt.consumer.InvalidJwtException but got org.jose4j.lang.InvalidAlgorithmException: A128KW is an unknown, unsupported or unavailable alg algorithm (not one of [RSA1_5, RSA-OAEP, RSA-OAEP-256, dir, ECDH-ES, A128GCMKW, A192GCMKW, A256GCMKW]).

Interesting, this is a strange error because something like dir is not an algorithm known to Java (dir - is just a direct encryption without wrapping the generated encryption key).

Let me look at it a bit more

[famod]

@sberyozkin thanks for taking a closer look!
Unless this problem is fixable quickly, I suggest we merge this PR in a timely manner because there should be no negative side effects and it can be reverted easily later.

[gsmet]

Spotted some minor issues. I agree we should merge it.

[sberyozkin]

@famod, @gsmet I don't think it should be ignored.

It is not dropped but the name has changed. Rather than merging it as is, I'd suggest to add a BC dependency for this case

https://bugs.openjdk.java.net/browse/JDK-8248268.

I'll open a Jose4j issue (to support AES/KW/NoPadding)

[sberyozkin]

I propose to investigate an option to use a BC library for now instead of ignoring the test and also open a specific issue to make sure it is run without BC in due time

[famod]

@sberyozkin Well, yesterday I did try adding:

                <groupId>org.bouncycastle</groupId>
                <artifactId>bcprov-jdk15on</artifactId>

in test scope but AFAICS, this didn't change anything, maybe because it has to be "installed" explicitly?

[sberyozkin]

@famod Can you please try passing a system property quarkus.security.security-providers=BC (and also use a normal scope for the dep, as I'm not sure the test one is sufficient) ?

[famod]

@sberyozkin unfortunately, the following didn't work:

diff --git a/tcks/microprofile-jwt/pom.xml b/tcks/microprofile-jwt/pom.xml
index b12da6ace4..d9d393d8ad 100644
--- a/tcks/microprofile-jwt/pom.xml
+++ b/tcks/microprofile-jwt/pom.xml
@@ -24,6 +24,7 @@
                     <systemPropertyVariables>
                         <!-- Disable quarkus optimization -->
                         <quarkus.arc.remove-unused-beans>false</quarkus.arc.remove-unused-beans>
+                        <quarkus.security.security-providers>BC</quarkus.security.security-providers>
                         <mp.jwt.tck.jwks.baseURL>http://localhost:8081/</mp.jwt.tck.jwks.baseURL>
                     </systemPropertyVariables>
                     <!-- This workaround allows us to run a single test using
@@ -122,6 +123,11 @@
             </exclusions>
         </dependency>

+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+        </dependency>
+
         <!-- Minimal test dependencies to *-deployment artifacts for consistent build order -->
         <dependency>
             <groupId>io.quarkus</groupId>

Might be related to testng, checking...

[famod]

Setting system properties like this should just work for TestNG, so that's not it.

[sberyozkin]

@famod OK, let me drop my change request, thanks, perhaps BC does not provide its own implementation. I'll just follow up with a Jose4J issue

[sberyozkin]

FYI, https://bitbucket.org/b_c/jose4j/issues/189

[famod]

Ok, thanks! I'll create a housekeeping issue to clean this up eventually.

Changes applied