Merge pull request #2121 from pdrozd/KEYCLOAK-2401-ssl

KEYCLOAK-2401 - add ssl profile and fix urls when ssl profile enabled.

testsuite/integration-arquillian/servers/eap7/pom.xml

@@ -238,5 +238,67 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>ssl</id>
+            <activation>
+                <property>
+                    <name>auth.server.ssl.required</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>xml-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>configure-adapter-subsystem-security</id>
+                                <phase>process-resources</phase>
+                                <goals>
+                                    <goal>transform</goal>
+                                </goals>
+                                <configuration>
+                                    <transformationSets>
+                                        <transformationSet>
+                                            <dir>${keycloak.server.home}/standalone/configuration</dir>
+                                            <includes>
+                                                <include>standalone.xml</include>
+                                            </includes>
+                                            <stylesheet>src/main/xslt/security.xsl</stylesheet>
+                                            <outputDir>${keycloak.server.home}/standalone/configuration</outputDir>
+                                        </transformationSet>
+                                    </transformationSets>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                    <plugin>
+                        <artifactId>maven-resources-plugin</artifactId>
+                        <version>2.7</version>
+                        <executions>
+                            <execution>
+                                <id>copy-keystore</id>
+                                <phase>process-resources</phase>
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <configuration>
+                                     <outputDirectory>${keycloak.server.home}/standalone/configuration</outputDirectory>
+                                     <resources>
+                                         <resource>
+                                              <directory>src/main/keystore</directory>
+                                              <includes>
+                                                  <include>keycloak.jks</include>
+                                                  <include>keycloak.truststore</include>
+                                              </includes>
+                                         </resource>
+                                     </resources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 </project>

testsuite/integration-arquillian/servers/eap7/src/main/xslt/security.xsl

@@ -0,0 +1,34 @@
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:xalan="http://xml.apache.org/xalan"
+                xmlns:j="urn:jboss:domain:1.7"
+                xmlns:w="urn:jboss:domain:web:2.2"
+                version="2.0"
+                exclude-result-prefixes="xalan j ds k sec">
+
+    <xsl:param name="config"/>
+
+    <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
+    <xsl:strip-space elements="*"/>
+
+    <xsl:template match="//w:connector[@name='http']">
+        <xsl:copy-of select="."/>
+        <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
+                <ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/keycloak.jks"/>
+            </connector>
+    </xsl:template>
+
+    <xsl:template match="//j:extensions">
+         <xsl:copy-of select="."/>
+         <system-properties>
+             <property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
+             <property name="javax.net.ssl.trustStorePassword" value="secret"/>
+         </system-properties>
+    </xsl:template>
+
+    <xsl:template match="@*|node()">
+        <xsl:copy>
+            <xsl:apply-templates select="@*|node()" />
+        </xsl:copy>
+    </xsl:template>
+
+</xsl:stylesheet>

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java

@@ -35,6 +35,8 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
 
     protected final Logger log = org.jboss.logging.Logger.getLogger(this.getClass());
 
+    private final boolean authServerSslRequired = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required"));
+
     public static final String WEBXML_PATH = "/WEB-INF/web.xml";
     public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json";
     public static final String ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak.json";
@@ -74,10 +76,18 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
                 log.info("Modyfying saml adapter config in " + archive.getName());
 
                 Document doc = loadXML(archive.get("WEB-INF/keycloak-saml.xml").getAsset().openStream());
-
+                if (authServerSslRequired) {
+                    modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port", null));
+                    modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
+                    modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
+                    modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");
+                    modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.https.port", null));
+                    modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "http", "https");
+                } else {
                     modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null));
                     modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
                     modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
+                }
 
                 try {
                     archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java

@@ -62,7 +62,8 @@ public class URLProvider extends URLResourceProvider {
                 if (url.getPort() == 8080) {
                     for (Annotation a : qualifiers) {
                         if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) {
-                            url = new URL(fixedUrl.toExternalForm().replace("8080", System.getProperty("app.server.http.port", null)) + "/" + ((OperateOnDeployment) a).value());
+                            String port = appServerSslRequired ?  System.getProperty("app.server.https.port", "8643"):System.getProperty("app.server.http.port", "8280");
+                            url = new URL(fixedUrl.toExternalForm().replace("8080", port) + "/" + ((OperateOnDeployment) a).value());
                         }
                     }
 

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java

@@ -18,8 +18,10 @@ public abstract class AbstractPageWithInjectedUrl extends AbstractPage {
         if (System.getProperty("app.server.eap6","false").equals("false")) {
             return null;
         }
-
         try {
+            if(Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
+                return new URL("https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/" + url);
+            };
             return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8180") + "/" + url);
         } catch (MalformedURLException e) {
             e.printStackTrace();