Fix remaining failing tests with BCFIPS approved mode (#16699)
* Fix remaining failing tests with BCFIPS approved mode Closes #16698
This commit is contained in:
parent
c5c25345fb
commit
33ff9ef17e
14 changed files with 116 additions and 30 deletions
|
@ -9,6 +9,9 @@ import java.util.stream.Collectors;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
import java.util.stream.StreamSupport;
|
import java.util.stream.StreamSupport;
|
||||||
|
|
||||||
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.common.util.BouncyIntegration;
|
import org.keycloak.common.util.BouncyIntegration;
|
||||||
|
|
||||||
|
@ -75,6 +78,9 @@ public class CryptoIntegration {
|
||||||
StringBuilder builder = new StringBuilder("Security properties: [ \n")
|
StringBuilder builder = new StringBuilder("Security properties: [ \n")
|
||||||
.append(" Java security properties file: " + System.getProperty("java.security.properties") + "\n")
|
.append(" Java security properties file: " + System.getProperty("java.security.properties") + "\n")
|
||||||
.append(" Default keystore type: " + KeyStore.getDefaultType() + "\n")
|
.append(" Default keystore type: " + KeyStore.getDefaultType() + "\n")
|
||||||
|
.append(" KeyManagerFactory.getDefaultAlgorithm(): " + KeyManagerFactory.getDefaultAlgorithm() + "\n")
|
||||||
|
.append(" TrustManagerFactory.getDefaultAlgorithm(): " + TrustManagerFactory.getDefaultAlgorithm() + "\n")
|
||||||
|
.append(" Default keystore type: " + KeyStore.getDefaultType() + "\n")
|
||||||
.append(" keystore.type.compat: " + Security.getProperty("keystore.type.compat") + "\n");
|
.append(" keystore.type.compat: " + Security.getProperty("keystore.type.compat") + "\n");
|
||||||
Stream.of("javax.net.ssl.trustStoreType", "javax.net.ssl.trustStore", "javax.net.ssl.trustStoreProvider",
|
Stream.of("javax.net.ssl.trustStoreType", "javax.net.ssl.trustStore", "javax.net.ssl.trustStoreProvider",
|
||||||
"javax.net.ssl.keyStoreType", "javax.net.ssl.keyStore", "javax.net.ssl.keyStoreProvider")
|
"javax.net.ssl.keyStoreType", "javax.net.ssl.keyStore", "javax.net.ssl.keyStoreProvider")
|
||||||
|
|
|
@ -12,6 +12,7 @@ import javax.net.ssl.KeyManagerFactory;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLSessionContext;
|
import javax.net.ssl.SSLSessionContext;
|
||||||
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
|
|
||||||
import org.bouncycastle.crypto.CryptoServicesRegistrar;
|
import org.bouncycastle.crypto.CryptoServicesRegistrar;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
|
@ -103,6 +104,16 @@ public class FIPS1402SslTest {
|
||||||
testSSLContext(keyMgrFact);
|
testSSLContext(keyMgrFact);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testDefaultTruststore() throws Exception {
|
||||||
|
String defaultAlg = TrustManagerFactory.getDefaultAlgorithm();
|
||||||
|
logger.infof("Default trust manager factory algorithm: %s", defaultAlg);
|
||||||
|
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlg);
|
||||||
|
|
||||||
|
// This may fail if default truststore is "pkcs12" and security property "keystore.type.compat" is set to false
|
||||||
|
trustManagerFactory.init((KeyStore) null);
|
||||||
|
}
|
||||||
|
|
||||||
private KeyStore loadKeystore(String type, String password) throws Exception {
|
private KeyStore loadKeystore(String type, String password) throws Exception {
|
||||||
KeyStore keystore = KeyStore.getInstance(type);
|
KeyStore keystore = KeyStore.getInstance(type);
|
||||||
InputStream in = FIPS1402SslTest.class.getClassLoader().getResourceAsStream("bcfips-keystore." + type.toLowerCase());
|
InputStream in = FIPS1402SslTest.class.getClassLoader().getResourceAsStream("bcfips-keystore." + type.toLowerCase());
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.provider;
|
||||||
|
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.component.ComponentValidationException;
|
import org.keycloak.component.ComponentValidationException;
|
||||||
|
import org.keycloak.utils.StringUtil;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -46,18 +47,8 @@ public class ConfigurationValidationHelper {
|
||||||
|
|
||||||
String value = model.getConfig().getFirst(property.getName());
|
String value = model.getConfig().getFirst(property.getName());
|
||||||
if (value != null && !property.getOptions().contains(value)) {
|
if (value != null && !property.getOptions().contains(value)) {
|
||||||
StringBuilder options = new StringBuilder();
|
String options = StringUtil.joinValuesWithLogicalCondition("or", property.getOptions());
|
||||||
int i = 1;
|
throw new ComponentValidationException("''{0}'' should be {1}", property.getLabel(), options);
|
||||||
for (String o : property.getOptions()) {
|
|
||||||
if (i == property.getOptions().size()) {
|
|
||||||
options.append(" or ");
|
|
||||||
} else if (i > 1) {
|
|
||||||
options.append(", ");
|
|
||||||
}
|
|
||||||
options.append(o);
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
throw new ComponentValidationException("''{0}'' should be {1}", property.getLabel(), options.toString());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return this;
|
return this;
|
||||||
|
|
|
@ -16,6 +16,8 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.utils;
|
package org.keycloak.utils;
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
|
|
||||||
public class StringUtil {
|
public class StringUtil {
|
||||||
|
|
||||||
public static boolean isBlank(String str) {
|
public static boolean isBlank(String str) {
|
||||||
|
@ -26,4 +28,28 @@ public class StringUtil {
|
||||||
return str != null && !"".equals(str.trim());
|
return str != null && !"".equals(str.trim());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calling:
|
||||||
|
* <pre>joinValuesWithLogicalCondition("or", Arrays.asList("foo", "bar", "baz", "caz" ))</pre>
|
||||||
|
* will return "foo, bar, baz or caz"
|
||||||
|
*
|
||||||
|
* @param conditionText condition
|
||||||
|
* @param values values to be joined with the condition at the end
|
||||||
|
* @return see the example above
|
||||||
|
*/
|
||||||
|
public static String joinValuesWithLogicalCondition(String conditionText, Collection<String> values) {
|
||||||
|
StringBuilder options = new StringBuilder();
|
||||||
|
int i = 1;
|
||||||
|
for (String o : values) {
|
||||||
|
if (i == values.size()) {
|
||||||
|
options.append(" " + conditionText + " ");
|
||||||
|
} else if (i > 1) {
|
||||||
|
options.append(", ");
|
||||||
|
}
|
||||||
|
options.append(o);
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
return options.toString();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -54,6 +54,6 @@ fips.ssl.TrustManagerFactory.algorithm=PKIX
|
||||||
# JKS keystore type supports loading only JKS keystore files and the PKCS12
|
# JKS keystore type supports loading only JKS keystore files and the PKCS12
|
||||||
# keystore type supports loading only PKCS12 keystore files.
|
# keystore type supports loading only PKCS12 keystore files.
|
||||||
#
|
#
|
||||||
# This is set to false as BCFIPS providers don't support JKS
|
# This is set to true as when set to false on OpenJDK 17 and PKCS12 is default keystore type, loading of default truststore (from java cacerts) fails.
|
||||||
keystore.type.compat=false
|
#keystore.type.compat=false
|
||||||
fips.keystore.type.compat=false
|
#fips.keystore.type.compat=false
|
||||||
|
|
|
@ -15,6 +15,9 @@ import java.security.spec.InvalidKeySpecException;
|
||||||
import java.security.spec.PKCS8EncodedKeySpec;
|
import java.security.spec.PKCS8EncodedKeySpec;
|
||||||
import java.security.spec.X509EncodedKeySpec;
|
import java.security.spec.X509EncodedKeySpec;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import static org.junit.Assert.fail;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author mhajas
|
* @author mhajas
|
||||||
|
@ -59,4 +62,23 @@ public class KeyUtils {
|
||||||
throw new RuntimeException("Active key not found");
|
throw new RuntimeException("Active key not found");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return key sizes, which are expected to be supported by Keycloak server for {@link org.keycloak.keys.GeneratedRsaKeyProviderFactory} and {@link org.keycloak.keys.GeneratedRsaEncKeyProviderFactory}.
|
||||||
|
*/
|
||||||
|
public static String[] getExpectedSupportedRsaKeySizes() {
|
||||||
|
String expectedKeySizes = System.getProperty("auth.server.supported.rsa.key.sizes");
|
||||||
|
if (expectedKeySizes == null || expectedKeySizes.trim().isEmpty()) {
|
||||||
|
fail("System property 'auth.server.supported.rsa.key.sizes' should be set");
|
||||||
|
}
|
||||||
|
return expectedKeySizes.split(",");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return Lowest key size supported by Keycloak server for {@link org.keycloak.keys.GeneratedRsaKeyProviderFactory}.
|
||||||
|
* It is usually 1024, but can be 2048 in some environments (typically in FIPS environments)
|
||||||
|
*/
|
||||||
|
public static int getLowestSupportedRsaKeySize() {
|
||||||
|
return Integer.parseInt(getExpectedSupportedRsaKeySizes()[0]);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -649,7 +649,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final KeyPair NEW_KEY_PAIR = KeyUtils.generateRsaKeyPair(1024);
|
private static final KeyPair NEW_KEY_PAIR = KeyUtils.generateRsaKeyPair(org.keycloak.testsuite.util.KeyUtils.getLowestSupportedRsaKeySize());
|
||||||
private static final String NEW_KEY_PRIVATE_KEY_PEM = PemUtils.encodeKey(NEW_KEY_PAIR.getPrivate());
|
private static final String NEW_KEY_PRIVATE_KEY_PEM = PemUtils.encodeKey(NEW_KEY_PAIR.getPrivate());
|
||||||
|
|
||||||
private PublicKey createKeys(String priority) throws Exception {
|
private PublicKey createKeys(String priority) throws Exception {
|
||||||
|
|
|
@ -29,6 +29,7 @@ import org.keycloak.representations.info.ProviderRepresentation;
|
||||||
import org.keycloak.representations.info.ServerInfoRepresentation;
|
import org.keycloak.representations.info.ServerInfoRepresentation;
|
||||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
|
import org.keycloak.testsuite.util.KeyUtils;
|
||||||
import org.keycloak.testsuite.util.KeystoreUtils;
|
import org.keycloak.testsuite.util.KeystoreUtils;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -36,7 +37,6 @@ import java.util.Map;
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.fail;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
|
@ -67,10 +67,6 @@ public class ServerInfoTest extends AbstractKeycloakTest {
|
||||||
assertNotNull(info.getCryptoInfo());
|
assertNotNull(info.getCryptoInfo());
|
||||||
Assert.assertNames(info.getCryptoInfo().getSupportedKeystoreTypes(), KeystoreUtils.getSupportedKeystoreTypes());
|
Assert.assertNames(info.getCryptoInfo().getSupportedKeystoreTypes(), KeystoreUtils.getSupportedKeystoreTypes());
|
||||||
|
|
||||||
String expectedSupportedRsaKeySizes = System.getProperty("auth.server.supported.rsa.key.sizes");
|
|
||||||
if (expectedSupportedRsaKeySizes == null || expectedSupportedRsaKeySizes.trim().isEmpty()) {
|
|
||||||
fail("Property 'auth.server.supported.rsa.key.sizes' not set");
|
|
||||||
}
|
|
||||||
ComponentTypeRepresentation rsaGeneratedProviderInfo = info.getComponentTypes().get(KeyProvider.class.getName())
|
ComponentTypeRepresentation rsaGeneratedProviderInfo = info.getComponentTypes().get(KeyProvider.class.getName())
|
||||||
.stream()
|
.stream()
|
||||||
.filter(componentType -> GeneratedRsaKeyProviderFactory.ID.equals(componentType.getId()))
|
.filter(componentType -> GeneratedRsaKeyProviderFactory.ID.equals(componentType.getId()))
|
||||||
|
@ -79,7 +75,7 @@ public class ServerInfoTest extends AbstractKeycloakTest {
|
||||||
.stream()
|
.stream()
|
||||||
.filter(configProp -> Attributes.KEY_SIZE_KEY.equals(configProp.getName()))
|
.filter(configProp -> Attributes.KEY_SIZE_KEY.equals(configProp.getName()))
|
||||||
.findFirst().orElseThrow(() -> new RuntimeException("Not found provider with ID 'rsa-generated'"));
|
.findFirst().orElseThrow(() -> new RuntimeException("Not found provider with ID 'rsa-generated'"));
|
||||||
Assert.assertNames(keySizeRep.getOptions(), expectedSupportedRsaKeySizes.split(","));
|
Assert.assertNames(keySizeRep.getOptions(), KeyUtils.getExpectedSupportedRsaKeySizes());
|
||||||
|
|
||||||
assertEquals(Version.VERSION, info.getSystemInfo().getVersion());
|
assertEquals(Version.VERSION, info.getSystemInfo().getVersion());
|
||||||
assertNotNull(info.getSystemInfo().getServerTime());
|
assertNotNull(info.getSystemInfo().getServerTime());
|
||||||
|
|
|
@ -55,6 +55,7 @@ import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
|
||||||
import org.keycloak.testsuite.util.BrowserTabUtil;
|
import org.keycloak.testsuite.util.BrowserTabUtil;
|
||||||
import org.keycloak.testsuite.util.GreenMailRule;
|
import org.keycloak.testsuite.util.GreenMailRule;
|
||||||
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
|
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
|
||||||
|
import org.keycloak.testsuite.util.KerberosUtils;
|
||||||
import org.keycloak.testsuite.util.MailUtils;
|
import org.keycloak.testsuite.util.MailUtils;
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
import org.keycloak.testsuite.util.RealmBuilder;
|
import org.keycloak.testsuite.util.RealmBuilder;
|
||||||
|
@ -1094,6 +1095,8 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
// KEYCLOAK-15239
|
// KEYCLOAK-15239
|
||||||
@Test
|
@Test
|
||||||
public void resetPasswordWithSpnegoEnabled() throws IOException, MessagingException {
|
public void resetPasswordWithSpnegoEnabled() throws IOException, MessagingException {
|
||||||
|
KerberosUtils.assumeKerberosSupportExpected();
|
||||||
|
|
||||||
// Just switch SPNEGO authenticator requirement to alternative. No real usage of SPNEGO needed for this test
|
// Just switch SPNEGO authenticator requirement to alternative. No real usage of SPNEGO needed for this test
|
||||||
AuthenticationExecutionModel.Requirement origRequirement = AbstractKerberosTest.updateKerberosAuthExecutionRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE, testRealm());
|
AuthenticationExecutionModel.Requirement origRequirement = AbstractKerberosTest.updateKerberosAuthExecutionRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE, testRealm());
|
||||||
|
|
||||||
|
|
|
@ -36,9 +36,12 @@ import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.admin.ApiUtil;
|
import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.pages.AppPage;
|
import org.keycloak.testsuite.pages.AppPage;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
|
import org.keycloak.testsuite.util.KeyUtils;
|
||||||
|
import org.keycloak.utils.StringUtil;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.security.interfaces.RSAPublicKey;
|
import java.security.interfaces.RSAPublicKey;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.junit.Assert.*;
|
import static org.junit.Assert.*;
|
||||||
|
@ -226,7 +229,7 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void invalidKeysizeForEnd() throws Exception {
|
public void invalidKeysizeForEnc() throws Exception {
|
||||||
invalidKeysize(GeneratedRsaEncKeyProviderFactory.ID);
|
invalidKeysize(GeneratedRsaEncKeyProviderFactory.ID);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -235,7 +238,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
|
||||||
rep.getConfig().putSingle("keySize", "1234");
|
rep.getConfig().putSingle("keySize", "1234");
|
||||||
|
|
||||||
Response response = adminClient.realm("test").components().add(rep);
|
Response response = adminClient.realm("test").components().add(rep);
|
||||||
assertErrror(response, "'Key size' should be 1024, 2048 or 4096");
|
String expectedKeySizesDisplay = StringUtil.joinValuesWithLogicalCondition("or", Arrays.asList(KeyUtils.getExpectedSupportedRsaKeySizes()));
|
||||||
|
assertErrror(response, "'Key size' should be " + expectedKeySizesDisplay);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void assertErrror(Response response, String error) {
|
protected void assertErrror(Response response, String error) {
|
||||||
|
|
|
@ -268,7 +268,7 @@ public class KeyRotationTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Map<String, String> createKeys(String priority) throws Exception {
|
private Map<String, String> createKeys(String priority) throws Exception {
|
||||||
KeyPair keyPair = KeyUtils.generateRsaKeyPair(1024);
|
KeyPair keyPair = KeyUtils.generateRsaKeyPair(org.keycloak.testsuite.util.KeyUtils.getLowestSupportedRsaKeySize());
|
||||||
String privateKeyPem = PemUtils.encodeKey(keyPair.getPrivate());
|
String privateKeyPem = PemUtils.encodeKey(keyPair.getPrivate());
|
||||||
PublicKey publicKey = keyPair.getPublic();
|
PublicKey publicKey = keyPair.getPublic();
|
||||||
|
|
||||||
|
|
|
@ -16,9 +16,11 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.migration;
|
package org.keycloak.testsuite.migration;
|
||||||
|
|
||||||
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.exportimport.util.ImportUtils;
|
import org.keycloak.exportimport.util.ImportUtils;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
|
import org.keycloak.testsuite.util.KerberosUtils;
|
||||||
import org.keycloak.testsuite.utils.io.IOUtil;
|
import org.keycloak.testsuite.utils.io.IOUtil;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
|
||||||
|
@ -34,6 +36,12 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class JsonFileImport198MigrationTest extends AbstractJsonFileImportMigrationTest {
|
public class JsonFileImport198MigrationTest extends AbstractJsonFileImportMigrationTest {
|
||||||
|
|
||||||
|
@BeforeClass
|
||||||
|
public static void checkKerberosSupportedByAuthServer() {
|
||||||
|
// Requires 'KERBEROS' feature on the server, due some kerberos provider present in the JSON
|
||||||
|
KerberosUtils.assumeKerberosSupportExpected();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||||
Map<String, RealmRepresentation> reps = null;
|
Map<String, RealmRepresentation> reps = null;
|
||||||
|
|
|
@ -88,11 +88,29 @@ public abstract class AbstractSamlTest extends AbstractAuthTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Set date to past; then: openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days 1 -nodes -subj '/CN=http:\/\/localhost:8080\/sales-post-sig\/'
|
// Set date to past (For example with "faketime" utility); then: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 1 -nodes -subj '/CN=http:\/\/localhost:8080\/sales-post-sig\/'
|
||||||
public static final String SAML_CLIENT_SALES_POST_SIG_EXPIRED_PRIVATE_KEY = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMrGzRp3HVf6Ti75rl5mPAPXua8APCCLANikzOd82VI0R8Ml0UAchkfRUBvBedobJIn9r8wwxMeXLmKsMynW52SYeC/Zx5b5K6ayMS3GWJIgqLpp/n1piUeI4sbJXlUj9UtW+QTpGhrHt9n7s7znwoNqGDUkjmyZiekEspjdfzzlAgMBAAECgYBJvPFo5lftXkCAJJucCGFapGAJm3RCAUpVfdhldakxk4FlHaNyRO0vwJX5AeplvekTpQUAo9trGTbs+uHAHT4XWOnwhHHyBRkWdiwXX9bzNdHnIwf/0SLIBBYUk0hoWEDvpklBPqllM215a0sEnB2ykYSsMDBSkFB7Ah+RK7zTAQJBAOw9v7SsfIhOXci9vnkQPuQpL8T4kwj7nWi+YtRGrXbF/bJGwjsgXN5i7otwBV/W+TNzI5H7s2opPUXdIxfP9C0CQQDbvIcxXjwjO1hjXXY4axiT1sxU8Oq1bds033atMoN9pib7IxkWh6ouOQZT8bxwQ2ElH0rswZ0/2CusrIUIekaZAkEAk9UUSQiDKXz4vSzXq8SZxodriDQRNtbVqv0wtSvBUwkU9+HFm+BlnRiFtCYWhuHsseCESs8ad/10hWqbkkQkxQJAZOvN2+rADB5xlhGS/o6RlzUMW+bapcFy8HHB/AI7SjZJqQaRuztL+jbOpTddqOIJeBdLPjoekvgh9wi1gRNH4QJBAMjfB1xYxmztfbUcUuOsATz3s7StprOAukd+hhBiMukxcKhi1IQp7tFhfFe/+xUY3fSh1a3KlyItFKxp68EdDRk=";
|
public static final String SAML_CLIENT_SALES_POST_SIG_EXPIRED_PRIVATE_KEY = "MIIEpQIBAAKCAQEA3SMEGYw330CS++XP0KqoFz2UezUxZAhkLv5C93hf5FPGw9QpPmimpGcsN8RCy4DDYOGrbuJLd8GkoBCkmp7xTqQMx/nrUvzDCAWAUSnxnBVgCsq9KbpI5sdacOHd0oEI9pQdRQ71Rj+tipeIt+Fy8S17bkpGBYjQk3xdusMX8E9LR04ksp0C9o2mvX+U0QCrF8HqVCCO9gMJJNOGaot7a3+QaTWnNrPguhMuHgJ6LlsyOUYNFQw5rdxs8Vz2mOsIGvWn1Em/c+KCcMltTIhOhDY3zW3ZrFL3Vwq4kTQ74ju9Qp1qyyQOOJmig6LLm31LQvQHPQWkY7rRcp9VBMRPcQIDAQABAoIBAQDPUpvuY9KiIYVsWvoqFUWAfIBvvuAue9uJX2JjZ1zn0U+Bm7CLTUwmyH/hTMSezHrgotK6I7lDbq4sT04zlJ6B7zX4aqwg4s7q/1VdQui9QCEKHSeaLodYrkBxoqD4UXeYziZe73YvRVYroIRSeTDtQon9Te82Ex4RmEC771rLNZ38rm2EsF2+GfNIavumo458TBmX0DI8w3QwlSMEeXaNZqch2adZSDxehrOFeqzZ9o8KtgCfrJ5P11vgXlKnVGFa7Pfndrc6XacfYhKAtTyX3Bgx9FFaOK+W5k5/XXc2UTbUV6aNmiQdNp5CrjoZ/DuttWFGwOWfg9zSG3i5wwLRAoGBAPR7IWPk1Ejf8+4vGvDED3ZDc94DINrFjszaVZBt2w/Hx0uePdeojulHhTBFMFUtV2Dn8vpG7D9TxDeZj7tmKSHE3/j1DXE6jpo72Z+iOR5byO/HmgiV0kblKxXnZfDy5/cq/Cy6GTJ2MU6k50SDgIIq86gWCXbRwveX9E66qlHdAoGBAOeOUEiuGC332m7N2wfUobBbczNviSWeAzIFP4t15u0QHRhMDeRmfE4xuWS4aL1vfsyTOrxaN5GJ2QeAIdkM42dSA0FqzzumRd9T8VdeJ+J2GGB+ALNmTHNuz8jWepLVD2F1GBhs+gkSh5yS1p+FUodQWkWC5YLI/y2rySpbiPylAoGBAJpV0LJbFpgaqMbH/d3YJ1qlIlQY7XiuFoPDoRhYAV5o46sc7jViNzWU7MOYKfbbdLm8M2tDsogXvVrMGixXRcgHnMxxBldge/1pouxfYGeF0cds3hRlYCVZLmXZekUtUrp57E/f+2AbtOzMtSJPUaTasI5/uuHDca0TxCqfND4RAoGAWS6Fm0h6BZJVLaHZPw3U7FB8cQ3/G17dSjGdRMA3HYy8N/Rq0VHrhE5AYhtoM7Wyd2YpFAwHJOWbkfj2kFsXZl6+5D4X7JhghuAUrpqT7/Od9ePxryayQS8nlemNMeofT2DC0/1822uokVQ4lx3JKFZ5PhZpANMa/OMRyl+QxgUCgYEA4D5YyD5wHz7fNFyaUrgJr4dFLG9vqRv8Pm9IozBAmNumi25Gi7gyi/WN8DrVbsRiq4ywiKiikui5TW3/RR51OYDnX3YCnWE5AGV4okci3PlclJ/UsPjlUOzNlXW7Wr0pFCcJc/WuQm1lgho/o6QGbMbS/BSwxBrUl/bUEp4IZKc=";
|
||||||
public static final String SAML_CLIENT_SALES_POST_SIG_EXPIRED_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKxs0adx1X+k4u+a5eZjwD17mvADwgiwDYpMznfNlSNEfDJdFAHIZH0VAbwXnaGySJ/a/MMMTHly5irDMp1udkmHgv2ceW+SumsjEtxliSIKi6af59aYlHiOLGyV5VI/VLVvkE6Roax7fZ+7O858KDahg1JI5smYnpBLKY3X885QIDAQAB";
|
public static final String SAML_CLIENT_SALES_POST_SIG_EXPIRED_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SMEGYw330CS++XP0KqoFz2UezUxZAhkLv5C93hf5FPGw9QpPmimpGcsN8RCy4DDYOGrbuJLd8GkoBCkmp7xTqQMx/nrUvzDCAWAUSnxnBVgCsq9KbpI5sdacOHd0oEI9pQdRQ71Rj+tipeIt+Fy8S17bkpGBYjQk3xdusMX8E9LR04ksp0C9o2mvX+U0QCrF8HqVCCO9gMJJNOGaot7a3+QaTWnNrPguhMuHgJ6LlsyOUYNFQw5rdxs8Vz2mOsIGvWn1Em/c+KCcMltTIhOhDY3zW3ZrFL3Vwq4kTQ74ju9Qp1qyyQOOJmig6LLm31LQvQHPQWkY7rRcp9VBMRPcQIDAQAB";
|
||||||
public static final String SAML_CLIENT_SALES_POST_SIG_EXPIRED_CERTIFICATE = "MIICMTCCAZqgAwIBAgIJAPlizW20Nhe6MA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMMJWh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9zYWxlcy1wb3N0LXNpZy8wHhcNMTYwODI5MDg1MjMzWhcNMTYwODMwMDg1MjMzWjAwMS4wLAYDVQQDDCVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKxs0adx1X+k4u+a5eZjwD17mvADwgiwDYpMznfNlSNEfDJdFAHIZH0VAbwXnaGySJ/a/MMMTHly5irDMp1udkmHgv2ceW+SumsjEtxliSIKi6af59aYlHiOLGyV5VI/VLVvkE6Roax7fZ+7O858KDahg1JI5smYnpBLKY3X885QIDAQABo1MwUTAdBgNVHQ4EFgQUE9C6Ck0jsdY+sjN064ZYwYkZJr4wHwYDVR0jBBgwFoAUE9C6Ck0jsdY+sjN064ZYwYkZJr4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBuypHw5DMDBgfI6LcXBiCjpiQP3DLRLdwthh/RfCnZT7PrhXRJV8RMm8EqxqtEgfg2SKqMyA02uxMKH0p277U2iQveSDAaICTJRxtyFm6FERtgLNlsekusC2I14gZpLe84oHDf6L1w3dKFzzLEC9+bHg/XCg/KthWxW8iuVct5qg==";
|
public static final String SAML_CLIENT_SALES_POST_SIG_EXPIRED_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n" +
|
||||||
|
"MIIDQTCCAimgAwIBAgIUT8qwq3DECizGLB2tQAaaNSGAVLgwDQYJKoZIhvcNAQEL\n" +
|
||||||
|
"BQAwMDEuMCwGA1UEAwwlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qt\n" +
|
||||||
|
"c2lnLzAeFw0yMzAxMjcxNjAwMDBaFw0yMzAxMjgxNjAwMDBaMDAxLjAsBgNVBAMM\n" +
|
||||||
|
"JWh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9zYWxlcy1wb3N0LXNpZy8wggEiMA0GCSqG\n" +
|
||||||
|
"SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdIwQZjDffQJL75c/QqqgXPZR7NTFkCGQu\n" +
|
||||||
|
"/kL3eF/kU8bD1Ck+aKakZyw3xELLgMNg4atu4kt3waSgEKSanvFOpAzH+etS/MMI\n" +
|
||||||
|
"BYBRKfGcFWAKyr0pukjmx1pw4d3SgQj2lB1FDvVGP62Kl4i34XLxLXtuSkYFiNCT\n" +
|
||||||
|
"fF26wxfwT0tHTiSynQL2jaa9f5TRAKsXwepUII72Awkk04Zqi3trf5BpNac2s+C6\n" +
|
||||||
|
"Ey4eAnouWzI5Rg0VDDmt3GzxXPaY6wga9afUSb9z4oJwyW1MiE6ENjfNbdmsUvdX\n" +
|
||||||
|
"CriRNDviO71CnWrLJA44maKDosubfUtC9Ac9BaRjutFyn1UExE9xAgMBAAGjUzBR\n" +
|
||||||
|
"MB0GA1UdDgQWBBR4R5i1kWMxzzdQ3TdgI/MuNLChSDAfBgNVHSMEGDAWgBR4R5i1\n" +
|
||||||
|
"kWMxzzdQ3TdgI/MuNLChSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA\n" +
|
||||||
|
"A4IBAQAacI/f9YFVTUCGXfh/FCVBQI20bgOs9D6IpIhN8L5kEnY6Ox5t00b9G5Bz\n" +
|
||||||
|
"64alK3WMR3DdhTEpufX8IMFpMlme/JnnOQXkfmIvzbev4iIKxcKFvS8qNXav8PVx\n" +
|
||||||
|
"wDApuzgxEq/XZCtFXhDS3q1jGRmlOr+MtQdCNQuJmxy7kOoFPY+UYjhSXTZVrCyF\n" +
|
||||||
|
"I0LYJQfcZ69bYXd+5h1U3UsN4ZvsBgnrz/IhhadaCtTZVtvyr/uzHiJpqT99VO9/\n" +
|
||||||
|
"7lwh2zL8ihPyOUVDjdYxYyCi+BHLRB+udnVAfo7t3fbxMi1gV9xVcYaqTJgSArsY\n" +
|
||||||
|
"M8mxv8p5mhTa8TJknzs4V3Dm+PHs\n" +
|
||||||
|
"-----END CERTIFICATE-----";
|
||||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_ENC = AUTH_SERVER_SCHEME + "://localhost:" + (AUTH_SERVER_SSL_REQUIRED ? AUTH_SERVER_PORT : 8080) + "/sales-post-enc/saml";
|
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_ENC = AUTH_SERVER_SCHEME + "://localhost:" + (AUTH_SERVER_SSL_REQUIRED ? AUTH_SERVER_PORT : 8080) + "/sales-post-enc/saml";
|
||||||
public static final String SAML_CLIENT_ID_SALES_POST_ENC = "http://localhost:8280/sales-post-enc/";
|
public static final String SAML_CLIENT_ID_SALES_POST_ENC = "http://localhost:8280/sales-post-enc/";
|
||||||
public static final String SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY = "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t";
|
public static final String SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY = "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t";
|
||||||
|
|
|
@ -21,3 +21,4 @@ KcSamlEncryptedIdTest
|
||||||
KcSamlSignedBrokerTest
|
KcSamlSignedBrokerTest
|
||||||
KcSamlSpDescriptorTest
|
KcSamlSpDescriptorTest
|
||||||
KerberosLdapTest
|
KerberosLdapTest
|
||||||
|
TrustStoreEmailTest
|
||||||
|
|
Loading…
Reference in a new issue