libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-5320 Configure SSL using creaper

Browse source
This commit is contained in:
mhajas 2017-08-23 12:09:39 +02:00
parent 1fb8846a7a
commit 330cb022eb
13 changed files with 200 additions and 401 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
testsuite/integration-arquillian/pom.xml
View file

@ -50,6 +50,7 @@
<arquillian-infinispan-container.version>1.2.0.Beta2</arquillian-infinispan-container.version>
<version.shrinkwrap.resolvers>2.2.6</version.shrinkwrap.resolvers>
<undertow-embedded.version>1.0.0.Alpha2</undertow-embedded.version>
<version.org.wildfly.extras.creaper>1.6.1</version.org.wildfly.extras.creaper>
<!--migration properties-->
<migration.70.version>1.9.8.Final</migration.70.version>

51
testsuite/integration-arquillian/servers/app-server/jboss/common/security-eap6.xsl
View file

@ -1,51 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:1.8"
xmlns:w="urn:jboss:domain:web:2.2"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//w:connector[@name='http']">
<xsl:copy-of select="."/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/adapter.jks"/>
</connector>
</xsl:template>
<xsl:template match="//j:extensions">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

64
testsuite/integration-arquillian/servers/app-server/jboss/common/security.xsl
View file

@ -1,64 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
version="2.0"
exclude-result-prefixes="xalan">
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//*[local-name()='security-realms']">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="adapter.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</ssl>
</server-identities>
</security-realm>
</xsl:copy>
</xsl:template>
<xsl:template match="//*[local-name()='http-listener']">
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
</xsl:template>
<xsl:template match="//*[local-name()='host']">
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
<xsl:copy-of select="."/>
</xsl:template>
<xsl:template match="//*[local-name()='socket-binding' and @name='http']">
<xsl:copy-of select="."/>
<socket-binding name="proxy-https" port="8443"/>
</xsl:template>
<xsl:template match="//*[local-name()='extensions']">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

96
testsuite/integration-arquillian/servers/app-server/jboss/pom.xml
View file

@ -182,6 +182,29 @@
<overwrite>true</overwrite>
</configuration>
</execution>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.jboss.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>${common.resources}/keystore</directory>
<includes>
<include>adapter.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</execution>
</executions>
</plugin>
@ -323,79 +346,6 @@
</pluginManagement>
</build>
</profile>
<profile>
<id>ssl</id>
<activation>
<property>
<name>app.server.ssl.required</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${app.server.jboss.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>${common.resources}/${security.xslt}</stylesheet>
<outputDir>${app.server.jboss.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.jboss.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>${common.resources}/keystore</directory>
<includes>
<include>adapter.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<id>app-server-as7</id>
<modules>

67
testsuite/integration-arquillian/servers/auth-server/jboss/common/security-wildfly.xsl
View file

@ -1,67 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:4.0"
xmlns:ds="urn:jboss:domain:datasources:4.0"
xmlns:k="urn:jboss:domain:keycloak:1.1"
xmlns:sec="urn:jboss:domain:security:1.2"
xmlns:u="urn:jboss:domain:undertow:3.0"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//j:security-realms">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</ssl>
</server-identities>
<authentication>
<truststore path="keycloak.truststore" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</authentication>
</security-realm>
</xsl:copy>
</xsl:template>
<xsl:template match="//u:http-listener">
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
</xsl:template>
<xsl:template match="//u:host">
<https-listener name="https" socket-binding="proxy-https" verify-client="REQUESTED" security-realm="UndertowRealm"/>
<xsl:copy-of select="."/>
</xsl:template>
<xsl:template match="//j:socket-binding[@name='http']">
<xsl:copy-of select="."/>
<socket-binding name="proxy-https" port="8443"/>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

64
testsuite/integration-arquillian/servers/auth-server/jboss/common/security.xsl
View file

@ -1,64 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:4.1"
xmlns:ds="urn:jboss:domain:datasources:4.0"
xmlns:k="urn:jboss:domain:keycloak:1.1"
xmlns:sec="urn:jboss:domain:security:1.2"
xmlns:u="urn:jboss:domain:undertow:3.1"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//j:security-realms">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</ssl>
</server-identities>
</security-realm>
</xsl:copy>
</xsl:template>
<xsl:template match="//u:http-listener">
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
</xsl:template>
<xsl:template match="//u:host">
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
<xsl:copy-of select="."/>
</xsl:template>
<xsl:template match="//j:socket-binding[@name='http']">
<xsl:copy-of select="."/>
<socket-binding name="proxy-https" port="8443"/>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

75
testsuite/integration-arquillian/servers/auth-server/jboss/pom.xml
View file

@ -342,81 +342,6 @@
</pluginManagement>
</build>
</profile>
<profile>
<id>ssl</id>
<activation>
<property>
<name>auth.server.ssl.required</name>
</property>
</activation>
<properties>
<!--disable exclusion pattern for x509 tests, which is enabled by default in the base/pom.xml-->
<exclude.x509>-</exclude.x509>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${auth.server.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>${common.resources}/${security.xsl}</stylesheet>
<outputDir>${auth.server.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${auth.server.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>${common.resources}/keystore</directory>
<includes>
<include>keycloak.jks</include>
<include>keycloak.truststore</include>
<include>client.jks</include>
<include>ca.crt</include>
<include>client.crt</include>
<include>client.key</include>
<include>intermediate-ca.crl</include>
<include>empty.crl</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
<profile>
<id>jpa</id>
<properties>

20
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java
View file

@ -9,6 +9,10 @@ import org.jboss.arquillian.test.spi.annotation.ClassScoped;
import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
import org.jboss.logging.Logger;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.wildfly.extras.creaper.core.ManagementClient;
import org.wildfly.extras.creaper.core.online.ManagementProtocol;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineOptions;
import java.io.IOException;
import java.net.MalformedURLException;
@ -91,6 +95,22 @@ public class AppServerTestEnricher {
return appServerInfo;
}
public static OnlineManagementClient getManagementClient() {
OnlineManagementClient managementClient;
try {
managementClient = ManagementClient.online(OnlineOptions
.standalone()
.hostAndPort(System.getProperty("app.server.host"), System.getProperty("app.server","").startsWith("eap6") ? 10199 : 10190)
.protocol(System.getProperty("app.server","").startsWith("eap6") ? ManagementProtocol.REMOTE : ManagementProtocol.HTTP_REMOTING)
.build()
);
} catch (IOException e) {
throw new RuntimeException(e);
}
return managementClient;
}
@Inject
private Instance<ContainerController> containerConrollerInstance;

19
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
View file

@ -36,6 +36,9 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.util.LogChecker;
import org.keycloak.testsuite.util.OAuthClient;
import org.wildfly.extras.creaper.core.ManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineOptions;
import java.io.IOException;
import java.net.MalformedURLException;
@ -117,6 +120,22 @@ public class AuthServerTestEnricher {
return String.format("%s://%s:%s", scheme, host, port + clusterPortOffset);
}
public static OnlineManagementClient getManagementClient() {
OnlineManagementClient managementClient;
try {
managementClient = ManagementClient.online(OnlineOptions
.standalone()
.hostAndPort(System.getProperty("auth.server.host", "localhost"), Integer.parseInt(System.getProperty("auth.server.management.port", "10090")))
.build()
);
} catch (IOException e) {
throw new RuntimeException(e);
}
return managementClient;
}
public void initializeSuiteContext(@Observes(precedence = 2) BeforeSuite event) {
Set<ContainerInfo> containers = containerRegistry.get().getContainers().stream()
.map(ContainerInfo::new)

2
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
View file

@ -144,7 +144,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
if (authServerSslRequired) {
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port"));
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.http.port"));
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.https.port"));
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "http", "https");
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port"));
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");

60
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
View file

@ -18,11 +18,13 @@ package org.keycloak.testsuite;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.junit.BeforeClass;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.Time;
import org.keycloak.testsuite.arquillian.KcArquillian;
import org.keycloak.testsuite.arquillian.TestContext;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
@ -30,6 +32,7 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeoutException;
import javax.ws.rs.NotFoundException;
import org.jboss.arquillian.container.test.api.RunAsClient;
@ -65,6 +68,16 @@ import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.TestCleanup;
import org.keycloak.testsuite.util.TestEventsLogger;
import org.openqa.selenium.WebDriver;
import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
import org.wildfly.extras.creaper.core.CommandFailedException;
import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.operations.Address;
import org.wildfly.extras.creaper.core.online.operations.OperationException;
import org.wildfly.extras.creaper.core.online.operations.Operations;
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
import static org.keycloak.testsuite.admin.Users.setPasswordFor;
import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN;
@ -78,6 +91,8 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
@RunAsClient
public abstract class AbstractKeycloakTest {
protected static final boolean AUTH_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "false"));
protected Logger log = Logger.getLogger(this.getClass());
@ArquillianResource
@ -122,6 +137,13 @@ public abstract class AbstractKeycloakTest {
private boolean resetTimeOffset;
@BeforeClass
public static void setUpAuthServer() throws Exception {
if (AUTH_SERVER_SSL_REQUIRED) {
enableHTTPSForAuthServer();
}
}
@Before
public void beforeAbstractKeycloakTest() throws Exception {
adminClient = testContext.getAdminClient();
@ -155,6 +177,7 @@ public abstract class AbstractKeycloakTest {
}
oauth.init(adminClient, driver);
}
protected void beforeAbstractKeycloakTestRealmImport() throws Exception {
@ -307,20 +330,21 @@ public abstract class AbstractKeycloakTest {
} catch (NotFoundException e) {
}
}
public RealmsResource realmsResouce() {
return adminClient.realms();
}
/**
* Creates a user in the given realm and returns its ID.
* @param realm Realm name
* @param username Username
* @param password Password
*
* @param realm Realm name
* @param username Username
* @param password Password
* @param requiredActions
* @return ID of the newly created user
*/
public String createUser(String realm, String username, String password, String ... requiredActions) {
public String createUser(String realm, String username, String password, String... requiredActions) {
List<String> requiredUserActions = Arrays.asList(requiredActions);
UserRepresentation homer = new UserRepresentation();
@ -359,6 +383,7 @@ public abstract class AbstractKeycloakTest {
/**
* Sets time offset in seconds that will be added to Time.currentTime() and Time.currentTimeMillis() both for client and server.
*
* @param offset
*/
public void setTimeOffset(int offset) {
@ -403,4 +428,27 @@ public abstract class AbstractKeycloakTest {
throw new RuntimeException(e);
}
}
}
private static void enableHTTPSForAuthServer() throws IOException, CommandFailedException, TimeoutException, InterruptedException, CliException, OperationException {
OnlineManagementClient client = AuthServerTestEnricher.getManagementClient();
Administration administration = new Administration(client);
Operations operations = new Operations(client);
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=keycloak.jks");
}
client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
.forDefaultServer());
administration.reloadIfRequired();
client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
.securityRealm("UndertowRealm")
.build());
administration.reloadIfRequired();
client.close();
}
}

67
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
View file

@ -21,17 +21,32 @@ import org.apache.commons.io.IOUtils;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.junit.BeforeClass;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
import org.wildfly.extras.creaper.commands.web.AddConnector;
import org.wildfly.extras.creaper.commands.web.AddConnectorSslConfig;
import org.wildfly.extras.creaper.core.CommandFailedException;
import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.operations.Address;
import org.wildfly.extras.creaper.core.online.operations.OperationException;
import org.wildfly.extras.creaper.core.online.operations.Operations;
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeoutException;
/**
*
@ -43,6 +58,9 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
@Page
protected AppServerContextRoot appServerContextRootPage;
protected static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
protected static final String APP_SERVER_CONTAINER = System.getProperty("app.server", "");
public static final String JBOSS_DEPLOYMENT_STRUCTURE_XML = "jboss-deployment-structure.xml";
public static final URL jbossDeploymentStructure = AbstractServletsAdapterTest.class
.getResource("/adapter-test/" + JBOSS_DEPLOYMENT_STRUCTURE_XML);
@ -50,6 +68,13 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
public static final URL tomcatContext = AbstractServletsAdapterTest.class
.getResource("/adapter-test/" + TOMCAT_CONTEXT_XML);
@BeforeClass
public static void setUpAppServer() throws Exception {
if (APP_SERVER_SSL_REQUIRED && (APP_SERVER_CONTAINER.contains("eap") || APP_SERVER_CONTAINER.contains("wildfly"))) { // Other containers need some external configuraiton to run SSL tests
enableHTTPSForAppServer();
}
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
addAdapterTestRealms(testRealms);
@ -216,4 +241,46 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
}
}
private static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
OnlineManagementClient client = AppServerTestEnricher.getManagementClient();
Administration administration = new Administration(client);
Operations operations = new Operations(client);
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
}
client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)");
client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)");
if (APP_SERVER_CONTAINER.contains("eap6")) {
if(!operations.exists(Address.subsystem("web").and("connector", "https"))) {
client.apply(new AddConnector.Builder("https")
.protocol("HTTP/1.1")
.scheme("https")
.socketBinding("https")
.secure(true)
.build());
client.apply(new AddConnectorSslConfig.Builder("https")
.password("secret")
.certificateKeyFile("${jboss.server.config.dir}/adapter.jks")
.build());
}
} else {
client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
.forDefaultServer());
administration.reloadIfRequired();
client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
.securityRealm("UndertowRealm")
.build());
}
administration.reloadIfRequired();
client.close();
}
}

15
testsuite/integration-arquillian/tests/pom.xml
View file

@ -971,6 +971,21 @@
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<!--Dependencies for creaper:-->
<dependency>
<groupId>org.wildfly.extras.creaper</groupId>
<artifactId>creaper-commands</artifactId>
<version>${version.org.wildfly.extras.creaper}</version>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.junit</groupId>
<artifactId>arquillian-junit-container</artifactId>