OpenJDK 21 support (#28518)

* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>

.github/scripts/ansible/roles/keycloak_ec2_installer/README.md

@@ -15,7 +15,7 @@ See `defaults/main.yml` for default values.
 ### Other
 - `update_system_packages`: Whether to update the system packages. Defaults to `no`.
 - `install_java`: Whether to install OpenJDK on the system. Defaults to `yes`.
-- `java_version`: Version of OpenJDK to be installed. Defaults to `17`.
+- `java_version`: Version of OpenJDK to be installed. Defaults to `21`.
 
 
 ## Example Playbook

.github/scripts/ansible/roles/keycloak_ec2_installer/defaults/main.yml

@@ -4,4 +4,4 @@ ansible_ssh_user: ec2-user
 kc_home: /opt/keycloak
 update_system_packages: no
 install_java: yes
-java_version: 17
+java_version: 21

.github/scripts/run-fips-it.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-dnf install -y java-17-openjdk-devel
+dnf install -y java-21-openjdk-devel
 fips-mode-setup --enable --no-bootcfg
 fips-mode-setup --is-enabled
 if [ $? -ne 0 ]; then
@@ -13,7 +13,7 @@ fi
 echo "STRICT_OPTIONS: $STRICT_OPTIONS"
 TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh fips`
 echo "Tests: $TESTS"
-export JAVA_HOME=/etc/alternatives/java_sdk_17
+export JAVA_HOME=/etc/alternatives/java_sdk_21
 set -o pipefail
 
 # Profile app-server-wildfly needs to be explicitly set for FIPS tests

.github/scripts/run-fips-ut.sh

@@ -1,13 +1,13 @@
 #!/bin/bash
 
-dnf install -y java-17-openjdk-devel crypto-policies-scripts
+dnf install -y java-21-openjdk-devel crypto-policies-scripts
 fips-mode-setup --enable --no-bootcfg
 fips-mode-setup --is-enabled
 if [ $? -ne 0 ]; then
   exit 1
 fi
-echo "fips.provider.7=XMLDSig" >>/etc/alternatives/java_sdk_17/conf/security/java.security
-export JAVA_HOME=/etc/alternatives/java_sdk_17
+echo "fips.provider.7=XMLDSig" >>/etc/alternatives/java_sdk_21/conf/security/java.security
+export JAVA_HOME=/etc/alternatives/java_sdk_21
 
 # Build all dependent modules
 ./mvnw install -nsu -B -am -pl crypto/default,crypto/fips1402 -DskipTests

.github/scripts/run-ipa-tests.sh

@@ -39,9 +39,9 @@ EOF
   kdestroy
 fi
 
-echo "Installing jdk-17 in the container"
-dnf install -y java-17-openjdk-devel
-export JAVA_HOME=/etc/alternatives/java_sdk_17
+echo "Installing jdk-21 in the container"
+dnf install -y java-21-openjdk-devel
+export JAVA_HOME=/etc/alternatives/java_sdk_21
 
 echo "Building quarkus keyclok server with SSSD integration"
 ./mvnw install -nsu -B -e -pl testsuite/integration-arquillian/servers/auth-server/quarkus -Pauth-server-quarkus