diff --git a/testsuite/performance/tests/src/main/scala/org/keycloak/gatling/Utils.scala b/testsuite/performance/tests/src/main/scala/org/keycloak/gatling/Utils.scala index 15864af8b1..9ed985eb00 100644 --- a/testsuite/performance/tests/src/main/scala/org/keycloak/gatling/Utils.scala +++ b/testsuite/performance/tests/src/main/scala/org/keycloak/gatling/Utils.scala @@ -1,6 +1,8 @@ package org.keycloak.gatling import java.net.URLEncoder +import java.security.{MessageDigest, SecureRandom} +import org.apache.commons.codec.binary.Base64 /** * @author Marko Strukelj @@ -15,4 +17,18 @@ object Utils { URLEncoder.encode(url.split("/auth")(0), "utf-8") } + def generateCodeVerifier(): String = { + val secureRandom = new SecureRandom() + val code = new Array[Byte](32) + secureRandom.nextBytes(code) + Base64.encodeBase64URLSafeString(code) + } + + def generateCodeChallenge(codeVerifier: String): String = { + val codeVerifierBytes = codeVerifier.getBytes("US-ASCII") + val md = MessageDigest.getInstance("SHA-256") + md.update(codeVerifierBytes, 0, codeVerifierBytes.length) + Base64.encodeBase64URLSafeString(md.digest) + } + } diff --git a/testsuite/performance/tests/src/test/scala/keycloak/AdminConsoleScenarioBuilder.scala b/testsuite/performance/tests/src/test/scala/keycloak/AdminConsoleScenarioBuilder.scala index 22c6f7d0d5..c4ad36e3f9 100644 --- a/testsuite/performance/tests/src/test/scala/keycloak/AdminConsoleScenarioBuilder.scala +++ b/testsuite/performance/tests/src/test/scala/keycloak/AdminConsoleScenarioBuilder.scala @@ -6,12 +6,11 @@ import keycloak.AdminConsoleScenarioBuilder._ import java.time.ZonedDateTime import java.time.format.DateTimeFormatter - import io.gatling.core.pause.Normal import io.gatling.http.request.StringBody import org.jboss.perf.util.Util import org.jboss.perf.util.Util.randomUUID -import org.keycloak.gatling.Utils.{urlEncodedRoot, urlencode} +import org.keycloak.gatling.Utils.{generateCodeChallenge, generateCodeVerifier, urlEncodedRoot, urlencode} import org.keycloak.performance.TestConfig import org.keycloak.performance.templates.DatasetTemplate @@ -60,6 +59,8 @@ class AdminConsoleScenarioBuilder { var chainBuilder = exec(s => { val realm = realmsIterator.next val serverUrl = TestConfig.serverUrisIterator.next() + val codeVerifier = generateCodeVerifier() + val codeChallenge = generateCodeChallenge(codeVerifier) s.setAll( "keycloakServer" -> serverUrl, "keycloakServerUrlEncoded" -> urlencode(serverUrl), @@ -70,7 +71,9 @@ class AdminConsoleScenarioBuilder { "realm" -> realm.getRepresentation.getRealm, "username" -> TestConfig.authUser, "password" -> TestConfig.authPassword, - "clientId" -> "security-admin-console" + "clientId" -> "security-admin-console", + "codeVerifier" -> codeVerifier, + "codeChallenge" -> codeChallenge ) }).exitHereIfFailed @@ -135,7 +138,7 @@ class AdminConsoleScenarioBuilder { def loginThroughLoginForm() : AdminConsoleScenarioBuilder = { chainBuilder = chainBuilder .exec(http("JS Adapter Auth - Login Form Redirect") - .get("/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=${keycloakServerUrlEncoded}%2Fadmin%2Fmaster%2Fconsole%2F&state=${state}&nonce=${nonce}&response_mode=fragment&response_type=code&scope=openid") + .get("/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=${keycloakServerUrlEncoded}%2Fadmin%2Fmaster%2Fconsole%2F&state=${state}&nonce=${nonce}&response_mode=fragment&response_type=code&scope=openid&code_challenge=${codeChallenge}&code_challenge_method=S256") .headers(UI_HEADERS) .check(status.is(200), regex("action=\"([^\"]*)\"").find.transform(_.replaceAll("&", "&")).saveAs("login-form-uri"))) .exitHereIfFailed @@ -170,6 +173,7 @@ class AdminConsoleScenarioBuilder { .post("/auth/realms/master/protocol/openid-connect/token") .headers(ACCEPT_ALL) .formParam("code", "${code}") + .formParam("code_verifier", "${codeVerifier}") .formParam("grant_type", "authorization_code") .formParam("client_id", "security-admin-console") .formParam("redirect_uri", APP_URL) @@ -260,22 +264,6 @@ class AdminConsoleScenarioBuilder { .get("/auth/resources/${resourceVersion}/admin/keycloak/templates/kc-menu.html") //.headers(UI_HEADERS ++ Map("Referer" -> "")) // TODO fix referer .headers(UI_HEADERS) - .check(status.is(200)), - - // request fonts for css also set referer - http("OpenSans-Semibold-webfont.woff") - .get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Semibold-webfont.woff") - .headers(UI_HEADERS) - .check(status.is(200)), - - http("OpenSans-Bold-webfont.woff") - .get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Bold-webfont.woff") - .headers(UI_HEADERS) - .check(status.is(200)), - - http("OpenSans-Light-webfont.woff") - .get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Light-webfont.woff") - .headers(UI_HEADERS) .check(status.is(200)) ) )