From 62d6bf1deccc92de5dd17f248ac15bccfa911f38 Mon Sep 17 00:00:00 2001
From: Vaclav Muzikar <vmuzikar@redhat.com>
Date: Fri, 13 May 2016 12:31:53 +0200
Subject: [PATCH] KEYCLOAK-3004 Fix PKCS12 tests in ClientAuthSignedJWTTest Use
 smaller keys to avoid illegal key size exception

---
 .../oauth/ClientAuthSignedJWTTest.java        |  22 +++++++-----------
 .../client-auth-test/keystore-client2.p12     | Bin 2380 -> 2522 bytes
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
index 8674bf7900..bac1740fd0 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
@@ -17,7 +17,6 @@
 
 package org.keycloak.testsuite.oauth;
 
-import org.apache.commons.lang.ArrayUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpHeaders;
 import org.apache.http.HttpResponse;
@@ -26,16 +25,13 @@ import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.ContentType;
-import org.apache.http.entity.mime.MultipartEntity;
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.apache.http.entity.mime.content.FileBody;
-import org.apache.http.entity.mime.content.InputStreamBody;
-import org.apache.http.entity.mime.content.StringBody;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.message.BasicNameValuePair;
+import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
@@ -44,12 +40,10 @@ import org.keycloak.adapters.AdapterUtils;
 import org.keycloak.adapters.authentication.JWTClientCredentialsProvider;
 import org.keycloak.admin.client.resource.ClientAttributeCertificateResource;
 import org.keycloak.admin.client.resource.ClientResource;
-import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator;
 import org.keycloak.common.constants.ServiceAccountConstants;
 import org.keycloak.common.util.*;
 import org.keycloak.constants.ServiceUrlConstants;
-import org.keycloak.dom.saml.v2.ac.PublicKeyType;
 import org.keycloak.events.Details;
 import org.keycloak.events.Errors;
 import org.keycloak.models.utils.KeycloakModelUtils;
@@ -76,11 +70,8 @@ import java.net.URL;
 import java.nio.file.Files;
 import java.security.KeyStore;
 import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.*;
-import java.util.stream.Collectors;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
@@ -100,6 +91,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
     private ClientRepresentation app1, app2, app3;
     private UserRepresentation defaultUser, serviceAccountUser;
 
+    @BeforeClass
+    public static void beforeClientAuthSignedJWTTest() {
+        BouncyIntegration.init();
+    }
+
     @Override
     public void beforeAbstractKeycloakTest() throws Exception {
         super.beforeAbstractKeycloakTest();
@@ -285,8 +281,8 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         ClientRepresentation client = app3;
         UserRepresentation user = defaultUser;
         final String keyAlias = "somekey";
-        final String keyPassword = "keypwd";
-        final String storePassword = "storepwd";
+        final String keyPassword = "pwd1";
+        final String storePassword = "pwd2";
 
 
         // Generate new keystore (which is intended for sending to the user and store in a client app)
@@ -349,7 +345,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
 
     @Test
     public void testUploadKeystorePKCS12() throws Exception {
-        testUploadKeystore("PKCS12", "client-auth-test/keystore-client2.p12", "clientkey", "storepass");
+        testUploadKeystore("PKCS12", "client-auth-test/keystore-client2.p12", "clientkey", "pwd2");
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/client-auth-test/keystore-client2.p12 b/testsuite/integration-arquillian/tests/base/src/test/resources/client-auth-test/keystore-client2.p12
index b7af88022418c3c28d83b1ff95547c2d4af301d1..7f3ca526a8da46fac7d5b8bc556169a38e84b4eb 100644
GIT binary patch
delta 2508
zcmY+^cQhM}8U}EY5HV6kW7YQAD#TVhR?Vu}8lMqVDMHmJC6c1HhNw+$Yt<-fkD`m3
zrM0DITVllCrPn>@e&@UQkM}(1JkL4rpT7aNX?83e4;iNg055_>50Q#Bjy+@nfB_^t
zgaE=rk}v9bI3C3R&qPncgDzcEOtb)+ivazz0N}jzjQ{<>44{XzfEYel9*YKEEB2)Y
z0HW}~$x2wo;~CFZf%9UYFW-k$BqGlOuxQ2;<y(4}x|5-KtigLrw;f>BhZ;Rl6QX3~
zPMt-!J}awB7}>ERhfTPDM5URs#s8?u@LI$jyFsZep5Y9st&~|kUs1Dn%(b$Z^XJ#{
zx5xaJTvjXRTNWPt!l6%J1Mygoc)n;mX~b0>;0fimqt_c~=$r`Rj=N>{p3^}zwkalx
zqLgiwwvh<qRV`<z3^nuc<IXtpJbhpiet`Nq56xyg8Z+dQxx697$(CFoAFm*p4`q;E
zTKQJO@uvvQ8`UbM?CL><rwO*vO-9vMUakQNmJQxp>zn7}TLjOx+(o&%Pz~KyuwtKw
zFUvQ1N)}=)4;7SoDrgVQ&Wj*nyCXO^klWG4p?R|?K4ZIQ%`EmKAEy+f-w9i=cE^p)
zx>(v)xH%tg#=z`?>ksiA)DB}G8@my88k)19I!?{cZDn3EX(B~H3NmhMwr!bu+LE_!
zOdhnG;$cibz9~i$G*5Xf5dj+($|Tf_2aAt=4W{=iGXTMlLGEJ<v(K<v6C&y2=aX{0
zt&XPlEvI`R29r^ag{O=92uR<chQM@zGTZwvvo)gxA_G%y(O<s>R1xJW>{(HCN~-4g
zh^}WtsmvRUc`G+*S#HHsX(N~Sng6(Yd7ahC-{M%faH_ErXPlPD0ee5N-y5_c8td>x
zL%ol1U&&gh_gM{QG3+h2O)?F2d!^Yuqzd7sirM#z^F>1&1zTV07#CUPNCFXt3K=Dk
ziM|BZE|G0;K$~jG*>6$)qwi|-Q2pwAZ+f#MoDKFY8dasNCUXi6m7S~${TA+HLRGXu
z@P&y1mFV0C;ldla-Y*Ah@4tT7nu-V^xN@K=Uc<$Ex(B#`aA~ZsOL4!t*s+mF_)u52
zJ<gHbe=kWvSb@YYF<D!u=Ge)!R;+TyLX_jVGwSUvqi@JZ9en>~qz3BX$t)D_)>i5d
z3)40U2nFv`Jozbqmgz5tKN>Qw%;9?#!PX;Rh=en~vcvaJ$Uk?gHJds9_Kui;Nr72Z
z!Qde>!S;aSCWEazlZ(qPPPySWks(ZZW9X{Tmu{-Aul0b;J`?wA6MR(r-PH@0W@X>F
zz8>qyQT={GarmPZZ>Vf;=6F`$HD&O0udvzoaM1Mb2k)5umWn^eIQN?e1Yv$lPCz$?
zCp5Hdsz1%D)9D3H64j9{5Ut3zqmf;wYDWWIqf+w@!aO#RO7(Q!j+5jAoI|2A*W8$9
zI|He{hQSDP!OcGASlKq4NV&T`xh;QGksH2Sur0Jp2&farcinIpI5pd?YHDVF`vk1n
z!pZ^l=7QttJpRW65}wWmgr~E*sLd|Un4alx9T)+$7mRFN_<^PTpBljbsBtD!PU_$B
z%ehbkga>`9&GQ0egz4=0)!oTc0j!gqH?!y?I?v5TgLFMAu!i>%_Pb0ESz7G87ZKOv
zWN=PZnPZTRWp~HVtu`|zGoK&soSUmf-zT1Cgic33k1r2F$NkvlZ6GDDC$+A&VVM;U
zXkMIm@!>AhW$NBeeP>3j&L7hnilx27zE!C0wb8T}<UgybyDGAJ_rcF`bfphUVA@1+
zK>om{Qb$kU|Hj&GjuJ9`DG|EET@6zi2D{cZQ+C^%EUbaUb71{kSCAqrwmn{_U^;{+
z2>0Zz#CH4@^|!&+8lOPb9A0dS*sjK@qw==0RsmroHtubvNbW#@^c>hu@@4N?dq*rS
zC47_yWAr1f9l;f-<=!1Ix|47k?Je8bd#hiyp%`5zkv$dVhtKUnd`f**zv9$&`SJc-
znGJ(_akUiAE@|*fxG{5g*wWN3-Rt#SD+&bC<O}0jJv}N8>~W+l#RodYdO)u>g0=AI
zZq(N%Oo=VwH;y~^MNe~h7dnkHPjp!smf|9l?`F~K{S`wR-F<-`!Y+$ylyVo08%S%k
zdZSG@rGE(p0rT;g!u3RfK&P6koN)Ab&Go8?)buYuerE716l{7mh5j|G<6olv^kDHA
zpe<JU5z?0Y!QXdV!TvfHqP~uNy6nE@L;99nVIxUi8E<xel4|JS-j`l;g9}no3lpI%
zlhPvrns$9#4{t!IVx~!|{a*X^$p*H`;iyg{a)4((us(*ErFT<WB^q_}l7<*d=~8$4
ztIC$jebb5%3cXO>wAJ)rXhL!S`6u5EV+q>Q6ZXcdL9Iy*Y6Doq6wysW>|SEv@=N5D
z<~ai{a_qf?sv<RPRL6VkEvIWD#R9nML>g$&P5eCeiq4n1{iJ+o`J5n|J!%xTvl(?N
zGaUG}u^}km#b|U7VWewa`beB9eo$XR6EmSi&|FO!k}!YzXy-Kelod*`{MZ10?T<k!
ziz2U``taH^v0|Yw_vb<)=9*m&kMx|@&LlW3e(}qHcKz3vdiEGtR6*`Q;ihJGpP^EX
zhJn4@a{<%Blo`d}KJqm3zu+Aomb+>Lt_XAXgcaYd)=U#x5b|8j3G=FSGS|fwaiD%a
za4b3$d;WD&{WtPtG2^wGyunEA$IeQwT7CYpRSz^_d1(nNu#~V_oh7in>sq2FbuTmw
z#s0%|;_~`%#On1?`OZ<XT=f=tOM9W8w>igZWUYCx;vRa#v`xtq#BrD^;~s@#Z@T9w
znWpKr<^Xmy2Y@wNoV$-7d9T9;;!|2F1z|-}ENOck%Ho_2RB^RRTR;zD^1&n{9g2Ij
z1{#NDX~8nx2!0evtWFbg=t;6`?@BsG7N&#AzgYd?RWM@r*Cu&e;-Z|j{ei}=^$P^H
z$qnkv5ZRLh^XcpGuxHBRDGk+GjppZ%mqTU2G%?w+z7bT6>%1W9U$?nsT7DyLi4x;E
zYbtpP8w-3l5n@_;wf7p^(UH#CAUhPs_heKHyYSgKb-s;VpOM3)%1<0$;iiU~^FJEt
zu>4i@)_SthKE{pQ#_uBdGxFUeJ97Gsy0Q?lYaY<Dmr<g@NFTxwb49G)YTSS(w*GV-
zz*84LbNKl2(>q-i-DGv&1r8G@j!2<}Js=1f9ssg7cnrGTc|9>r-WV?QH<RfObW-{g
zt>fDY!}JzX`YC=GUE$!d-WpxFEL;c<p{J9E0%>{ZXh0m?uQU#uL;7c1KfckHDhHQw
Shu(_@G1%KKY?^cN`urQbZ>nhk

delta 2353
zcmV-13C{M~6U-8SFoFq40s#Xsf(Zf!2`Yw2hW8Bt2LYgh2=fGj2=6e02<tF{1#kul
zDuzgg_YDCD0ic2fVFZE&T`+<LSulbHRR#+xhDe6@4FL=a0Ro_c1o|+71oki}1_~;M
zNQU<f0So~HFd76DsF<OK8+nM9O!xp3W?C>=FOh7|0s;ho00e>r$S3rUX&xir;C?SX
zWc=8k+Lj7908Z6L>+<*fW6oEJZGrn@bE!Ef4)>v<gIvV^bi1fYxDZv{qx-kP9~%lL
zeT#_J=w~)v%R7kBob<XTmPBZAAaGK;1kR`x5LDG;$Z2<@!-(#|$@aVzRP=Jb4{#58
zpbToX82z|^FX5$%`<Gr`sV@K?T?mSH@mlu0rQY2wjt5*_Q0M0OYaK+W?dDc+X0bb4
zoS9(gznV6b6S2lB{?!V0&NgqMk1A&!bJmfp7cda}<B}gmJ5g0#Qo4r+boPcjh+@?$
zUkm0Tl7EYHV7T_94fqr5TAJTzjfz}R_`uwCc8QgL|D8_0*pl;*97Gtoi8d%)xUzN6
zo^JT*5Pi0bzs6LlHzzMU9Ol2{R2%+%w%neWecl;NB>YD87)}v2hCPkVSP^$vUFW!&
z!HxElQS_XBn4)yT{V0NE+ikQci(Q{Xd?G$#*!<)=o`?$N+sq_eR+ISJ-USe##_F(y
ze6*l{p;-Ny(l7BXhxX4{47wB#>1-6vkiQ9-U?3WZo9JkS(zHb~CZDG`dG#FeT7>s>
zUV>drDy}(z|AAalu+~wsz1qFfkmEuCl|eD&nUdHsAOprO%E~oUy4yK^C}LZXuSL;c
zYtlodQ3Rg*UVm+AA`~T+exO~unz01-T?H3^@j^lO`DG1O9W;RFg^wr<q4^kdh1Y=z
zd!GiX#Jd*xE_lGR`mD)jJgjCiq?myYy<S^Vh=uCBokBM{8`fK6spZ9;O|$P+Dx&k<
zIvLZAjE)sE21(`CY8yQP!*1~E>r>Ny^9VReW$Iaf84#3RHcCp|J@EWS_VV5^LHK@u
zic`4R1tLoio}eoGiW4Gtq4?iL&!1k{(~w2%4|;1{<fx_;if?Cn!Uv>FffvWfm!=y7
zdabXnuLEwRKLeQ;j+);212ZX3S>uL51kk(MK5!Q;o4&62SHP@M_WT(?^>{4_0OB^R
z58#Pw*Odi}K5q^EkQLD{*<lJwN)=6i4h6)JVQcNh>juHZr|hyhm4lepnX!{S&d+=z
z_hS%h3BxK^<y4Fny5MIFIObc82DIB1@U_oQa01AyTJy!7(|41Q1G{<1RSPpt2TY%q
z*o9U$4(>=(d*MdFwr3SSV#jLGCQT5t9oNx?Uc~wYFvp5=iEO)Zk;nC-mh6##v9nFy
zu>3u}nYJ1E<Lk9Y>zo2j4*4#os9b|V4q1e?oT`z~jp6|uTx#BtwqThV`t|TV7;Q^-
ze8+hCB!QYt{AZbNvL{-cyGm+_`(-N&wOazpS8#jU;xoj6ZH8Jhf|Q~r6FKQqT!}lJ
zIceY!LuQLJ;Whdl1H1zD$X4Zl24_srQkoW@U{fQE>zU<OB)xkSe<cDGpt_GJ%pqj)
zQ&e`xWGV(|{~jueTIrnNrVE{&UKxXK_&PVXYBu}CiD772)FjAVCC%zlKbET=62&P9
zLR4IQ(6`@Sq)r%j!xltt-D2vq{1)_`5nb%kF+&|*Dpi9I3)lG6qqsFz9a(PQX<bq-
zDkeuXUJdm%`AVpVEiL~_@?uQor}mLVdBioGnO#yV!nJLkhzRm_eH+TxG>=6<ENUvk
ztSqAV$fD0VJL^(W7(0buPE4(I{O}Xe@qLqF2{wNx<E(J`TGV@>uf;Xi!LeJ<=R4al
zf&+5~2`Yw2hW8Bt2L_;m17t9Q17HFH05F0BSq2FzhDe6@4FLxMFenBJDuzgg_YDCI
z0R}J{1QdzYv7askOy<R=PukE`|A;-uIBEg{1OR}710Y<(<@WGpUT{u_#Mw)q4oGMw
zE@Xd&7NT5MKAZ*xkpH1h>Pf$Ru9|G^X$**zcs(MNr-7*ck%=;RYlF!R#s~^QFyYV3
zDh-|{L=Q?0o~3_}ZtZ{3?C9G`X_j1egY@U&xxo%PdH&ZaMdPI<+z-eowtjfhXYPN!
z(zg=MiXQOe3-_#Cx07CRG-cM#z--oF+`fP6pSH^_!ERZreptFB=+nRxhV$=49Q-qO
zaB()n+?-!l+`($FF)0abd2_&UyAG|^%~*rV*tz2!C>WhlR5zx)XVmOc#bGmvUJ;r*
z)<x&IxhcM?bHqyXwYt2O^Mg8>LCHYwEjk(ApCejEhpMe|IBum-R)jUGQia=c|BZk1
zbG!uB2+&lJjS1Mt_|2$*HmwqXy^O*5Sg$)x*~{@KO|%W3bo)5Ij(2Z>r3cOl+bK23
z=%O~*@?&6ga|qf6^``4kz7Ft3dNA-neg`HayiU#nnHt4yPmyJZDjtJw`2&A}CmQna
z##Q_fTVoY9EsJjwenM0q!BTVE2_%1SOrHwf5oM!D$O7pr4-}iHgNWPuJ*NcI{_ew>
zCw^_;4W!^d0tplqb5CrvyfB%iskyckxo+TYbQL9SDA$3zo5CMGm_yzC*ck@r7?I!{
z!k~UWk(VQ)y#8Yi%Bw$SE)}cv`e0N>Nla?b6#1?Yfr}Fv?hq8H$yJ(Ios)mxXp<@T
zqX_ERs1MBPtIrQaF>_@4^1a7sl~+F5L>Et;U7AGrTg^SL?~sTXOjg*J0R5WhY;hI@
zgIHy03Br+&*NYCkq@(PkzYN!g$*x<xgxMq{FC{==6UclF{&FU7ho2_O!hos#a>8Ph
z=a+&SFhK66TL*pmZU(QLu@rx^RW-z^dI{lE0v2;YKOIu}q`4qe&jb0ZQ0jrW?3bem
z$rZd*G8u~?X+>4RUEUtPzO#CbVlSxF6R@OOky&2+9(H`6=w`H#izH7Rb%1?PSmlD_
zr_!+}u<H#g5S)9B#<-`z0e*l16ee?5&Uc-PB{O;E^fJBoPiTz2&393nCxS))u*j~C
z0&K)dBS)SUMKC=uAutIB1uG5%0vZJX1Qcr3k^POcE`>~ivlYr=an{wYX~F~)Mfj#P
Xwfx`QFp2G~d{`(B!p+c*0s;g8Z<%4<