From b35950dff11e69497d32db2006d2b4fbf8f23de4 Mon Sep 17 00:00:00 2001
From: vharseko <vharseko@3a-systems.ru>
Date: Tue, 24 Oct 2023 10:13:56 +0300
Subject: [PATCH] JDK 21 support (#673)

---
 .github/workflows/build.yml                   |  2 +-
 .../authentication/modules/cert/Cert.java     | 58 ++++++++++++++++---
 .../identity/security/cert/AMCRLStore.java    | 23 ++++++--
 .../impl/PooledTaskExecutorTest.java          |  6 +-
 .../IssuingDistributionPointExtension.java    | 30 +++++-----
 pom.xml                                       | 13 ++---
 6 files changed, 93 insertions(+), 39 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0e6af023b4..4572f32b68 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        java: [ '8', '11', '17', '19' ]
+        java: [ '8', '11', '17', '21' ]
         os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
       fail-fast: false
     steps:
diff --git a/openam-authentication/openam-auth-cert/src/main/java/com/sun/identity/authentication/modules/cert/Cert.java b/openam-authentication/openam-auth-cert/src/main/java/com/sun/identity/authentication/modules/cert/Cert.java
index 389c65d9b8..0f348f1e4a 100644
--- a/openam-authentication/openam-auth-cert/src/main/java/com/sun/identity/authentication/modules/cert/Cert.java
+++ b/openam-authentication/openam-auth-cert/src/main/java/com/sun/identity/authentication/modules/cert/Cert.java
@@ -31,6 +31,8 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
@@ -68,6 +70,7 @@
 import sun.security.util.DerValue;
 import sun.security.util.ObjectIdentifier;
 import sun.security.x509.CertificateExtensions;
+import sun.security.x509.DistributionPoint;
 import sun.security.x509.GeneralName;
 import sun.security.x509.GeneralNameInterface;
 import sun.security.x509.GeneralNames;
@@ -564,16 +567,53 @@ private void getTokenFromSubjectAltExt(X509Certificate cert)
                 new X509CertImpl(cert.getEncoded());
             X509CertInfo cinfo = 
                 new X509CertInfo(certImpl.getTBSCertificate());
-            CertificateExtensions exts = (CertificateExtensions) 
-                            cinfo.get(X509CertInfo.EXTENSIONS);
-            SubjectAlternativeNameExtension altNameExt = 
-                (SubjectAlternativeNameExtension)
-                    exts.get(SubjectAlternativeNameExtension.NAME);
-
+            CertificateExtensions exts=null;
+            //exts = (CertificateExtensions)cinfo.get(X509CertInfo.EXTENSIONS);
+            try {//jdk21
+        		Method m=cinfo.getClass().getDeclaredMethod("getExtensions");
+        		exts = (CertificateExtensions)m.invoke(cinfo);
+        	}
+        	catch (NoSuchMethodException|InvocationTargetException e) {
+        		try {
+	        		Method m=cinfo.getClass().getDeclaredMethod("get",String.class);
+	        		exts = (CertificateExtensions)m.invoke(cinfo,X509CertInfo.EXTENSIONS);
+        		}
+	        	catch (NoSuchMethodException|InvocationTargetException e2) {
+	        		throw new RuntimeException(e2);
+	        	}
+			}
+            
+            SubjectAlternativeNameExtension altNameExt=null;
+            //altNameExt = (SubjectAlternativeNameExtension)exts.get(SubjectAlternativeNameExtension.NAME);
+            try {//jdk21
+        		Method m=exts.getClass().getDeclaredMethod("getExtension",String.class);
+        		altNameExt = (SubjectAlternativeNameExtension)m.invoke(exts,SubjectAlternativeNameExtension.NAME);
+        	}
+        	catch (NoSuchMethodException|InvocationTargetException e) {
+        		try {//jdk21
+	        		Method m=exts.getClass().getDeclaredMethod("get",String.class);
+	        		altNameExt = (SubjectAlternativeNameExtension)m.invoke(exts,SubjectAlternativeNameExtension.NAME);
+        		}
+	        	catch (NoSuchMethodException|InvocationTargetException e2) {
+	        		throw new RuntimeException(e2);
+	        	}
+			}
             if (altNameExt != null) {
-                GeneralNames names = (GeneralNames) altNameExt.get
-                    (SubjectAlternativeNameExtension.SUBJECT_NAME);
-        
+                GeneralNames names=null;
+                //names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                try {
+            		Method m=altNameExt.getClass().getDeclaredMethod("getNames");
+            		names = (GeneralNames)m.invoke(altNameExt);
+            	}
+            	catch (NoSuchMethodException|InvocationTargetException e) {
+            		try {
+    	        		Method m=altNameExt.getClass().getDeclaredMethod("get",String.class);
+    	        		names = (GeneralNames)m.invoke(altNameExt,"SubjectAlternativeName");
+            		}
+    	        	catch (NoSuchMethodException|InvocationTargetException e2) {
+    	        		throw new RuntimeException(e2);
+    	        	}
+    			}
                 GeneralName generalname = null;  
                 Iterator itr = (Iterator) names.iterator();
                 while ((userTokenId == null) && itr.hasNext()) {
diff --git a/openam-certs/src/main/java/com/sun/identity/security/cert/AMCRLStore.java b/openam-certs/src/main/java/com/sun/identity/security/cert/AMCRLStore.java
index e4cb51f06f..bfe26d5300 100644
--- a/openam-certs/src/main/java/com/sun/identity/security/cert/AMCRLStore.java
+++ b/openam-certs/src/main/java/com/sun/identity/security/cert/AMCRLStore.java
@@ -46,6 +46,8 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.security.GeneralSecurityException;
@@ -362,17 +364,30 @@ private IssuingDistributionPointExtension getCRLIDPExt(X509CRL crl) {
      *
      * @param dpExt
      */
-    private synchronized X509CRL
+    @SuppressWarnings("unchecked")
+	private synchronized X509CRL
     getUpdateCRLFromCrlDP(CRLDistributionPointsExtension dpExt) {
         // Get CRL Distribution points
         if (dpExt == null) {
             return null;
         }
 
-        List dps = null;
+        List<DistributionPoint> dps = null;
         try {
-            dps = (List) dpExt.get(CRLDistributionPointsExtension.POINTS);
-        } catch (IOException ioex) {
+        	try { //jdk21
+        		Method m=dpExt.getClass().getDeclaredMethod("getDistributionPoints");
+        		dps = (List<DistributionPoint>)m.invoke(dpExt);
+        	}
+        	catch (NoSuchMethodException|InvocationTargetException e) {
+        		try {
+	        		Method m=dpExt.getClass().getDeclaredMethod("get",String.class);
+	        		dps = (List<DistributionPoint>)m.invoke(dpExt,"points");
+        		}
+	        	catch (NoSuchMethodException|InvocationTargetException e2) {
+	        		throw new RuntimeException(e2);
+	        	}
+			}
+        } catch (Throwable ioex) {
             if (debug.warningEnabled()) {
                 debug.warning("AMCRLStore.getUpdateCRLFromCrlDP: ", ioex);
             }
diff --git a/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java b/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java
index f717772a3d..67a48d2454 100644
--- a/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java
+++ b/openam-core/src/test/java/org/forgerock/openam/sm/datalayer/impl/PooledTaskExecutorTest.java
@@ -112,9 +112,9 @@ public SimpleTaskExecutor answer(InvocationOnMock invocation) throws Throwable {
 
         // Then
         debug("Waiting for tasks to complete");
-        task1.join(TimeUnit.SECONDS.toMillis(10));
-        task2.join(TimeUnit.SECONDS.toMillis(10));
-        task3.join(TimeUnit.SECONDS.toMillis(10));
+        task1.join(TimeUnit.SECONDS.toMillis(100));
+        task2.join(TimeUnit.SECONDS.toMillis(100));
+        task3.join(TimeUnit.SECONDS.toMillis(100));
 
         assertThat(task1.isAlive()).as("Task 1 thread running").isFalse();
         assertThat(task2.isAlive()).as("Task 2 thread running").isFalse();
diff --git a/openam-shared/src/main/java/com/iplanet/security/x509/IssuingDistributionPointExtension.java b/openam-shared/src/main/java/com/iplanet/security/x509/IssuingDistributionPointExtension.java
index fd365afa80..ad80318b94 100644
--- a/openam-shared/src/main/java/com/iplanet/security/x509/IssuingDistributionPointExtension.java
+++ b/openam-shared/src/main/java/com/iplanet/security/x509/IssuingDistributionPointExtension.java
@@ -29,9 +29,6 @@
 package com.iplanet.security.x509;
 
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
 import java.util.*;
 
 
@@ -39,7 +36,6 @@
 import sun.security.util.DerInputStream;
 import sun.security.util.DerOutputStream;
 import sun.security.util.DerValue;
-import sun.security.util.ObjectIdentifier;
 import sun.security.x509.AVA;
 import sun.security.x509.Extension;
 import sun.security.x509.GeneralNames;
@@ -162,7 +158,7 @@ public class IssuingDistributionPointExtension extends Extension {
 
     
     // cached hashCode value
-    private volatile int hashCode;
+    //private volatile int hashCode;
 
 
     /**
@@ -432,15 +428,19 @@ public void setIndirectCRL(boolean indirectCRL) {
      * @param out the DerOutputStream to write the extension to.
      * @exception IOException on encoding errors.
      */
-    public void encode(OutputStream out) throws IOException {
-        DerOutputStream tmp = new DerOutputStream();
-        if (this.extensionValue == null) {
-            this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id;
-            this.critical = true;
-            encodeThis();
-        }
-        super.encode(tmp);
-        out.write(tmp.toByteArray());
+    public void encode(DerOutputStream out)  {
+    	try {
+	        DerOutputStream tmp = new DerOutputStream();
+	        if (this.extensionValue == null) {
+	            this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id;
+	            this.critical = true;
+	          	encodeThis();
+	        }
+	        super.encode(tmp);
+	        out.write(tmp.toByteArray());
+    	 }catch(IOException e) {
+         	throw new RuntimeException(e);
+         }
     }
 
      // Encode this extension value
@@ -571,7 +571,7 @@ private static AVA[] derValueToAVAs(DerValue derValue)
     private static void encodeRDN(RDN rdn, DerOutputStream derOut)
         throws IOException {
 
-        List avas = rdn.avas();
+        List<AVA> avas = rdn.avas();
         AVA[] avaArray = (AVA[])avas.toArray(new AVA[avas.size()]);
         derOut.putOrderedSetOf(DerValue.tag_Set, avaArray);
     }
diff --git a/pom.xml b/pom.xml
index 0f521d11ed..238386cf02 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1233,13 +1233,13 @@
       <dependency>
         <groupId>org.codehaus.groovy</groupId>
         <artifactId>groovy-jsr223</artifactId>
-        <version>3.0.13</version>
+        <version>3.0.19</version>
       </dependency>
       <!-- Groovy JSON parsing support -->
       <dependency>
         <groupId>org.codehaus.groovy</groupId>
         <artifactId>groovy-json</artifactId>
-        <version>3.0.13</version>
+        <version>3.0.19</version>
       </dependency>
       <dependency>
         <!-- MIT licensed: http://groovy-sandbox.kohsuke.org/license.html -->
@@ -1718,10 +1718,10 @@
       </dependency>
       <!-- Powermock -->
       <dependency>
-		 <groupId>net.bytebuddy</groupId>
-		 <artifactId>byte-buddy</artifactId>
-		 <version>1.12.19</version>
-		 <scope>test</scope>
+	    <groupId>net.bytebuddy</groupId>
+	    <artifactId>byte-buddy</artifactId>
+	    <version>1.14.9</version>
+	    <scope>test</scope>
 	  </dependency>
       <dependency>
         <groupId>org.powermock</groupId>
@@ -2097,7 +2097,6 @@
         <configuration>
           <argLine>${java.surefire.options}</argLine>
           <redirectTestOutputToFile>true</redirectTestOutputToFile>
-          <forkMode>once</forkMode>
         </configuration>
         <executions>
           <execution>