From 00677a6b92bb3bdeb6aee75b9a479d4b79edbd09 Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Thu, 23 Nov 2017 20:45:25 -0200 Subject: [PATCH] [KEYCLOAK-5898] X.509 Auth - add tests for CRL with direct grant --- .../testsuite/x509/X509DirectGrantTest.java | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java index 9411320329..1cec13f35f 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java @@ -177,6 +177,28 @@ public class X509DirectGrantTest extends AbstractX509AuthenticationTest { } } + @Test + public void loginCertificateRevoked() throws Exception { + X509AuthenticatorConfigModel config = + new X509AuthenticatorConfigModel() + .setCRLEnabled(true) + .setCRLRelativePath(CLIENT_CRL_PATH) + .setConfirmationPageAllowed(true) + .setMappingSourceType(SUBJECTDN_EMAIL) + .setUserIdentityMapperType(USERNAME_EMAIL); + AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig()); + String cfgId = createConfig(directGrantExecution.getId(), cfg); + Assert.assertNotNull(cfgId); + + oauth.clientId("resource-owner"); + OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null); + + assertEquals(401, response.getStatusCode()); + assertEquals("invalid_request", response.getError()); + Assert.assertThat(response.getErrorDescription(), containsString("Certificate has been revoked, certificate's subject:")); + + } + private void loginForceTemporaryAccountLock() throws Exception { X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel() .setMappingSourceType(ISSUERDN)