Replace PhantomJS by HtmlUnit

Closes #9979

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

.github/actions/build-keycloak/action.yml

@@ -24,10 +24,6 @@ runs:
       with:
         create-cache-if-it-doesnt-exist: true
 
-    - id: phantomjs-cache
-      name: PhantomJS cache
-      uses: ./.github/actions/phantomjs-cache
-
     - id: frontend-plugin-cache
       name: Frontend Plugin Cache
       uses: ./.github/actions/frontend-plugin-cache

.github/actions/integration-test-setup/action.yml

@@ -25,10 +25,6 @@ runs:
       name: Maven cache
       uses: ./.github/actions/maven-cache
 
-    - id: phantomjs-cache
-      name: PhantomJS cache
-      uses: ./.github/actions/phantomjs-cache
-
     - id: frontend-plugin-cache
       name: Frontend Plugin Cache
       uses: ./.github/actions/frontend-plugin-cache

.github/actions/phantomjs-cache/action.yml

@@ -1,26 +0,0 @@
-name: PhantomJS Cache
-description: Caches PhantomJS driver
-
-inputs:
-  version:
-    description: PhantomJS Driver version
-    required: false
-    default: 2.1.1
-
-runs:
-  using: composite
-  steps:
-    - id: cache-phantomjs-driver
-      name: PhantomJS Driver cache
-      uses: actions/cache@v4
-      with:
-        path: ~/.arquillian/drone
-        key: phantomjs-${{ inputs.version }}
-
-    - id: download-phantomjs-driver
-      name: Download PhantomJS Driver
-      if: steps.cache-phantomjs-driver.outputs.cache-hit != 'true'
-      shell: bash
-      run: |
-        mkdir -p ~/.arquillian/drone/phantomjs/${{ inputs.version }}/
-        curl -L https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2 --output ~/.arquillian/drone/phantomjs/${{ inputs.version }}/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2

testsuite/integration-arquillian/pom.xml

@@ -626,30 +626,6 @@
                 <dballocator.skip>false</dballocator.skip>
             </properties>
         </profile>
-
-        <!-- Workaround for issues related to PhantomJS in some newer linux environment. See for example here for more details https://github.com/nodejs/node/issues/43132 -->
-        <profile>
-            <id>phantomjs-openssl-workaround</id>
-            <activation>
-                <os>
-                    <family>unix</family>
-                </os>
-            </activation>
-            <build>
-                <pluginManagement>
-                    <plugins>
-                        <plugin>
-                            <artifactId>maven-surefire-plugin</artifactId>
-                            <configuration>
-                                <environmentVariables>
-                                    <OPENSSL_CONF>/dev/null</OPENSSL_CONF>
-                                </environmentVariables>
-                            </configuration>
-                        </plugin>
-                    </plugins>
-                </pluginManagement>
-            </build>
-        </profile>
     </profiles>
 
 </project>

testsuite/integration-arquillian/servers/auth-server/quarkus/pom.xml

@@ -63,7 +63,7 @@
                             <goal>copy-resources</goal>
                         </goals>
                         <configuration>
-                            <outputDirectory>${auth.server.home}</outputDirectory>
+                            <outputDirectory>${auth.server.home}/conf</outputDirectory>
                             <resources>
                                 <resource>
                                     <directory>${common.resources}/keystore</directory>
@@ -71,6 +71,7 @@
                                         <include>ca.crt</include>
                                         <include>client.crt</include>
                                         <include>client.key</include>
+                                        <include>client.p12</include>
                                         <include>client-ca.crt</include>
                                         <include>client-ca.key</include>
                                         <include>*.crl</include>
@@ -80,7 +81,9 @@
                                     <directory>${common.resources}/pki/root/ca</directory>
                                     <includes>
                                         <include>certs/clients/test-user-san@localhost.cert.pem</include>
+                                        <include>certs/clients/test-user-san@localhost.p12</include>
                                         <include>certs/clients/test-user@localhost.key.pem</include>
+                                        <include>certs/clients/test-user-san-cert-test-user-key@localhost.p12</include>
                                     </includes>
                                 </resource>
                             </resources>

testsuite/integration-arquillian/tests/base/pom.xml

@@ -46,9 +46,9 @@
         <systemrules.version>1.19.0</systemrules.version>
         <common.resources>${basedir}/../../servers/auth-server/common</common.resources>
         <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
-        <maven.compiler.release>11</maven.compiler.release>
-        <maven.compiler.target>11</maven.compiler.target>
-        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.release>17</maven.compiler.release>
+        <maven.compiler.target>17</maven.compiler.target>
+        <maven.compiler.source>17</maven.compiler.source>
     </properties>
     
     <dependencies>

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakDronePostSetup.java

@@ -39,10 +39,16 @@ import org.openqa.selenium.firefox.FirefoxOptions;
 import org.openqa.selenium.htmlunit.HtmlUnitDriver;
 import org.openqa.selenium.remote.RemoteWebDriver;
 
+import java.io.File;
+import java.net.MalformedURLException;
+
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
  */
 public class KeycloakDronePostSetup {
+    public static final String HTML_UNIT_SSL_KEYSTORE_PROP = "htmlunit-ssl-keystore";
+    public static final String HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP = "htmlunit-ssl-keystore-password";
+    public static final String HTML_UNIT_SSL_KEYSTORE_TYPE_PROP = "htmlunit-ssl-keystore-type";
 
     @Inject
     @ClassScoped // needed in BrowserDriverIgnoreDecider
@@ -54,22 +60,19 @@ public class KeycloakDronePostSetup {
         DronePoint<?> dronePoint = event.getDronePoint();
         Object drone = droneContext.get(dronePoint).getInstance();
 
-        if (drone instanceof RemoteWebDriver) {
-            RemoteWebDriver remoteWebDriver = (RemoteWebDriver) drone;
+        if (drone instanceof RemoteWebDriver remoteWebDriver) {
             log.infof("Detected browser: %s %s", remoteWebDriver.getCapabilities().getBrowserName(), remoteWebDriver.getCapabilities().getBrowserVersion());
             webDriverProducer.set(remoteWebDriver);
         }
 
-        if (drone instanceof WebDriver && !(drone instanceof AppiumDriver)) {
-            WebDriver webDriver = (WebDriver) drone;
+        if (drone instanceof WebDriver webDriver && !(drone instanceof AppiumDriver)) {
             configureDriverSettings(webDriver);
             webDriverProducer.set(webDriver);
         } else {
             log.warn("Drone is not instanceof WebDriver for a desktop browser! Drone is " + drone);
         }
 
-        if (drone instanceof GrapheneProxyInstance) {
-            GrapheneProxyInstance droneProxy = (GrapheneProxyInstance) drone;
+        if (drone instanceof GrapheneProxyInstance droneProxy) {
             if (drone instanceof HtmlUnitDriver) {
                 droneProxy.registerInterceptor(new HtmlUnitInterceptor());
             }
@@ -89,11 +92,11 @@ public class KeycloakDronePostSetup {
         driver.manage().window().maximize();
 
         configureFirefoxDriver(driver);
+        configureHtmlUnitDriver(driver);
     }
 
     private void configureFirefoxDriver(WebDriver driver) {
-        if (driver instanceof FirefoxDriver) {
-            FirefoxDriver firefoxDriver = (FirefoxDriver) driver;
+        if (driver instanceof FirefoxDriver firefoxDriver) {
             Capabilities capabilities = firefoxDriver.getCapabilities();
             FirefoxOptions options = new FirefoxOptions(capabilities);
             // disables extension automatic updates as we don't need it when running the test suite
@@ -102,6 +105,28 @@ public class KeycloakDronePostSetup {
         }
     }
 
+    private void configureHtmlUnitDriver(WebDriver driver) {
+        if (driver instanceof HtmlUnitDriver htmlUnitDriver) {
+            final var keystore = System.getProperty(HTML_UNIT_SSL_KEYSTORE_PROP);
+            final var keystorePassword = System.getProperty(HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP);
+            final var keystoreType = System.getProperty(HTML_UNIT_SSL_KEYSTORE_TYPE_PROP);
+
+            log.info("Check HtmlUnit driver TLS settings");
+
+            if (keystore != null && keystorePassword != null && keystoreType != null) {
+                log.infof("Keystore '%s', password '%s', type '%s'", keystore, keystorePassword, keystoreType);
+
+                var options = htmlUnitDriver.getWebClient().getOptions();
+                options.setUseInsecureSSL(true);
+                try {
+                    options.setSSLClientCertificateKeyStore(new File(keystore).toURI().toURL(), keystorePassword, keystoreType);
+                } catch (MalformedURLException e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        }
+    }
+
     public static class HtmlUnitInterceptor implements Interceptor {
 
         @Override

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakWebDriverConfigurator.java

@@ -27,7 +27,6 @@ import org.jboss.arquillian.drone.webdriver.spi.BrowserCapabilities;
 import org.jboss.arquillian.drone.webdriver.spi.BrowserCapabilitiesRegistry;
 import org.jboss.logging.Logger;
 import org.openqa.selenium.Capabilities;
-import org.openqa.selenium.phantomjs.PhantomJSDriverService;
 import org.openqa.selenium.remote.CapabilityType;
 import org.openqa.selenium.remote.DesiredCapabilities;
 
@@ -53,7 +52,6 @@ public class KeycloakWebDriverConfigurator {
         DesiredCapabilities capabilitiesToAdd = new DesiredCapabilities();
         updateCapabilityKeys("htmlUnit", webDriverCfg, capabilitiesToAdd);
         updateCapabilityKeys("appium", webDriverCfg, capabilitiesToAdd);
-        configurePhantomJSDriver(webDriverCfg, capabilitiesToAdd);
         acceptAllSSLCerts(webDriverCfg, capabilitiesToAdd);
 
         BrowserCapabilities browserCap = registryInstance.get().getEntryFor(webDriverCfg.getBrowser());
@@ -64,21 +62,6 @@ public class KeycloakWebDriverConfigurator {
         capabilitiesToAdd.setCapability(CapabilityType.ACCEPT_INSECURE_CERTS, true);
     }
 
-    private void configurePhantomJSDriver(WebDriverConfiguration webDriverCfg, DesiredCapabilities capabilitiesToAdd) {
-        if (!webDriverCfg.getBrowser().equals("phantomjs")) {
-            return;
-        }
-
-        String cliArgs = System.getProperty("keycloak.phantomjs.cli.args");
-
-        if (cliArgs == null) {
-            cliArgs = "--ignore-ssl-errors=true --web-security=false";
-        }
-
-        capabilitiesToAdd.setCapability(PhantomJSDriverService.PHANTOMJS_CLI_ARGS, cliArgs);
-    }
-
-
     // This is to ensure that default value of capabilities like "version" will be used just for the HtmlUnitDriver, but not for other drivers.
     // Hence in configs we have "htmlUnit.version" instead of "version"
     private void updateCapabilityKeys(String browser, WebDriverConfiguration webDriverCfg, DesiredCapabilities capabilitiesToAdd, String... exclude) {

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/HtmlUnitBrowser.java

@@ -26,5 +26,5 @@ import java.lang.annotation.Target;
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ElementType.FIELD, ElementType.PARAMETER})
 @Qualifier
-public @interface PhantomJSBrowser {
+public @interface HtmlUnitBrowser {
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/hal/ConsoleProtectionTest.java

@@ -77,8 +77,6 @@ public class ConsoleProtectionTest extends AbstractAdapterTest {
 
     @Before
     public void beforeConsoleProtectionTest() throws IOException, OperationException {
-        Assume.assumeTrue("This testClass doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
-
         try (OnlineManagementClient clientWorkerNodeClient = AppServerTestEnricher.getManagementClient()) {
 
             Operations operations = new Operations(clientWorkerNodeClient);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/javascript/JavascriptAdapterTest.java

@@ -1,7 +1,6 @@
 package org.keycloak.testsuite.javascript;
 
 import org.jboss.arquillian.graphene.page.Page;
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -318,8 +317,6 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
 
     @Test
     public void grantBrowserBasedApp() {
-        Assume.assumeTrue("This test doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
-
         ClientResource clientResource = ApiUtil.findClientResourceByClientId(adminClient.realm(REALM_NAME), CLIENT_ID);
         ClientRepresentation client = clientResource.toRepresentation();
         try {
@@ -455,13 +452,10 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
                 // Possibility of 0 and 401 is caused by this issue: https://issues.redhat.com/browse/KEYCLOAK-12686
                 .sendXMLHttpRequest(request, response -> assertThat(response, hasEntry(is("status"), anyOf(is(0L), is(401L)))))
                 .refresh();
-        if (!"phantomjs".equals(System.getProperty("js.browser"))) {
-            // I have no idea why, but this request doesn't work with phantomjs, it works in chrome
-            testExecutor.logInAndInit(defaultArguments(), unauthorizedUser, this::assertInitAuth)
-                    .sendXMLHttpRequest(request, output -> assertThat(output, hasEntry("status", 403L)))
-                    .logout(this::assertOnTestAppUrl)
-                    .refresh();
-        }
+        testExecutor.logInAndInit(defaultArguments(), unauthorizedUser, this::assertInitAuth)
+                .sendXMLHttpRequest(request, output -> assertThat(output, hasEntry("status", 403L)))
+                .logout(this::assertOnTestAppUrl)
+                .refresh();
         testExecutor.logInAndInit(defaultArguments(), testUser, this::assertInitAuth)
                 .sendXMLHttpRequest(request, assertResponseStatus(200));
     }
@@ -711,10 +705,6 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
 
     @Test
     public void spaceInRealmNameTest() {
-        // Unfortunately this test doesn't work on phantomjs
-        // it looks like phantomjs double encode %20 => %25%20
-        Assume.assumeTrue("This test doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
-
         try {
             adminClient.realm(REALM_NAME).update(RealmBuilder.edit(adminClient.realm(REALM_NAME).toRepresentation()).name(SPACE_REALM_NAME).build());
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/welcomepage/WelcomePageTest.java

@@ -33,7 +33,7 @@ import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
 import org.keycloak.testsuite.auth.page.WelcomePage;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
 import org.keycloak.testsuite.util.DroneUtils;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 import java.net.InetAddress;
@@ -54,15 +54,15 @@ import static org.keycloak.testsuite.util.URLUtils.navigateToUri;
 public class WelcomePageTest extends AbstractKeycloakTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected OIDCLogin loginPage;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected WelcomePage welcomePage;
 
     @Override
@@ -80,7 +80,7 @@ public class WelcomePageTest extends AbstractKeycloakTest {
         Assume.assumeThat("Test skipped",
                 suiteContext.getAuthServerInfo().isJBossBased(),
                 Matchers.is(true));
-        DroneUtils.replaceDefaultWebDriver(this, phantomJS);
+        DroneUtils.replaceDefaultWebDriver(this, htmlUnit);
         setDefaultPageUriParameters();
     }
 
@@ -150,8 +150,7 @@ public class WelcomePageTest extends AbstractKeycloakTest {
     public void test_5_AccessCreatedAdminAccount() throws Exception {
         welcomePage.navigateTo();
         welcomePage.navigateToAdminConsole();
-        // TODO PhantomJS is not loading the new admin console for some reason, so is not redirecting to the login page. It works with Chrome though.
-        Assert.assertEquals("Keycloak Administration Console", phantomJS.getTitle());
+        Assert.assertEquals("Keycloak Administration Console", htmlUnit.getTitle());
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java

@@ -18,6 +18,7 @@
 
 package org.keycloak.testsuite.x509;
 
+import jakarta.ws.rs.core.Response;
 import org.hamcrest.Matchers;
 import org.jboss.arquillian.graphene.page.Page;
 import org.jboss.logging.Logger;
@@ -62,14 +63,14 @@ import org.keycloak.testsuite.util.AdminEventPaths;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.DroneUtils;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.UserBuilder;
 import org.keycloak.testsuite.util.WaitUtils;
 import org.keycloak.userprofile.UserProfileConstants;
+import org.keycloak.utils.StringUtil;
 import org.openqa.selenium.WebDriver;
 
-import jakarta.ws.rs.core.Response;
 import java.lang.reflect.Field;
 import java.net.URI;
 import java.util.ArrayList;
@@ -90,7 +91,11 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
 import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN;
 import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_CN;
 import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_EMAIL;
+import static org.keycloak.testsuite.drone.KeycloakDronePostSetup.HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP;
+import static org.keycloak.testsuite.drone.KeycloakDronePostSetup.HTML_UNIT_SSL_KEYSTORE_PROP;
+import static org.keycloak.testsuite.drone.KeycloakDronePostSetup.HTML_UNIT_SSL_KEYSTORE_TYPE_PROP;
 import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
+import static org.keycloak.utils.StringUtil.isBlank;
 
 /**
  * @author <a href="mailto:brat000012001@gmail.com">Peter Nalyvayko</a>
@@ -126,7 +131,7 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
 
     protected AuthenticationExecutionInfoRepresentation directGrantExecution;
 
-    private static SetSystemProperty phantomjsCliArgs;
+    private static final List<SetSystemProperty> systemProperties = new ArrayList<>(10);
 
     @Rule
     public AssertEvents events = new AssertEvents(this);
@@ -135,15 +140,15 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
     public AssertAdminEvents assertAdminEvents = new AssertAdminEvents(this);
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected AppPage appPage;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected X509IdentityConfirmationPage loginConfirmationPage;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected LoginPage loginPage;
 
 
@@ -160,48 +165,31 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/client.crt", "/client.key", "password");
+        configureHtmlUnit("/client.p12");
     }
 
     @AfterClass
     public static void onAfterTestClass() {
-        phantomjsCliArgs.revert();
+        systemProperties.forEach(SetSystemProperty::revert);
     }
 
-    /**
-     * Setup phantom JS to be used for mutual TLS testing. All file paths are relative to "authServerHome"
-     *
-     * @param certificatesPath
-     * @param clientCertificateFile
-     * @param clientKeyFile
-     * @param clientKeyPassword
-     */
-    protected static void configurePhantomJS(String certificatesPath, String clientCertificateFile, String clientKeyFile, String clientKeyPassword) {
+    protected static void configureHtmlUnit(String keystore) {
+        configureHtmlUnit(keystore, "password", "pkcs12");
+    }
+
+    protected static void configureHtmlUnit(String keystore, String keystorePassword, String keystoreType) {
         String authServerHome = getAuthServerHome();
 
         if (authServerHome != null && System.getProperty("auth.server.ssl.required") != null) {
-            StringBuilder cliArgs = new StringBuilder();
-
-            cliArgs.append("--ignore-ssl-errors=true ");
-            cliArgs.append("--web-security=false ");
-            if (certificatesPath != null) {
-                cliArgs.append("--ssl-certificates-path=").append(authServerHome).append(certificatesPath).append(" ");
+            if (isBlank(keystore) || isBlank(keystorePassword) || isBlank(keystoreType)) {
+                throw new IllegalArgumentException("You need to specify keystore name, password, and type.");
             }
-            if (clientCertificateFile != null) {
-                cliArgs.append("--ssl-client-certificate-file=").append(authServerHome).append(clientCertificateFile).append(" ");
-            }
-            if (clientKeyFile != null) {
-                cliArgs.append("--ssl-client-key-file=").append(authServerHome).append(clientKeyFile).append(" ");
-            }
-            if (clientKeyPassword != null) {
-                cliArgs.append("--ssl-client-key-passphrase=").append(clientKeyPassword).append(" ");
-            }
-
-            phantomjsCliArgs = new SetSystemProperty("keycloak.phantomjs.cli.args", cliArgs.toString());
+            systemProperties.add(new SetSystemProperty(HTML_UNIT_SSL_KEYSTORE_PROP, authServerHome + keystore));
+            systemProperties.add(new SetSystemProperty(HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP, keystorePassword));
+            systemProperties.add(new SetSystemProperty(HTML_UNIT_SSL_KEYSTORE_TYPE_PROP, keystoreType));
         }
     }
 
-
     private static boolean isAuthServerJBoss() {
         return Boolean.parseBoolean(System.getProperty("auth.server.jboss"));
     }
@@ -219,6 +207,10 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
             authServerHome = authServerHome + "/standalone/configuration";
         }
 
+        if (AuthServerTestEnricher.isAuthServerQuarkus()) {
+            authServerHome = authServerHome + "/conf";
+        }
+
         return authServerHome;
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java

@@ -29,7 +29,7 @@ import org.keycloak.models.Constants;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.util.ContainerAssume;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 import static org.hamcrest.Matchers.containsString;
@@ -46,13 +46,13 @@ public class X509BrowserCRLTest extends AbstractX509AuthenticationTest {
     public static CRLRule crlRule = new CRLRule();
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
 
@@ -176,6 +176,9 @@ public class X509BrowserCRLTest extends AbstractX509AuthenticationTest {
 
     @Test
     public void loginWithMultipleRevocationListsUsingInvalidCert() {
+        // not sure why it is failing on Undertow - works with Quarkus
+        ContainerAssume.assumeNotAuthServerUndertow();
+
         X509AuthenticatorConfigModel config =
                 new X509AuthenticatorConfigModel()
                         .setCRLEnabled(true)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginIssuerDnTest.java

@@ -27,10 +27,9 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
-
 /**
  * @author Sebastian Loesch
  * @date 02/14/2019
@@ -39,12 +38,12 @@ import org.openqa.selenium.WebDriver;
 public class X509BrowserLoginIssuerDnTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @BeforeClass
@@ -59,8 +58,7 @@ public class X509BrowserLoginIssuerDnTest extends AbstractX509AuthenticationTest
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/certs/clients/test-user-san@localhost.cert.pem",
-                           "/certs/clients/test-user@localhost.key.pem", "password");
+        configureHtmlUnit("/certs/clients/test-user-san-cert-test-user-key@localhost.p12");
     }
 
     private String setup(boolean canonicalDnEnabled) throws Exception {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectAltNameTest.java

@@ -20,8 +20,9 @@ package org.keycloak.testsuite.x509;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Ignore;
 import org.junit.Test;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -33,18 +34,17 @@ import org.openqa.selenium.WebDriver;
 public class X509BrowserLoginSubjectAltNameTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/certs/clients/test-user-san@localhost.cert.pem",
-                "/certs/clients/test-user@localhost.key.pem", "password");
+        configureHtmlUnit("/certs/clients/test-user-san-cert-test-user-key@localhost.p12");
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectDnTest.java

@@ -17,17 +17,12 @@
 
 package org.keycloak.testsuite.x509;
 
-import java.security.NoSuchProviderException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
 import org.jboss.arquillian.drone.api.annotation.Drone;
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -38,28 +33,17 @@ import org.openqa.selenium.WebDriver;
 public class X509BrowserLoginSubjectDnTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
-    }
-
-    @BeforeClass
-    public static void checkAssumption() {
-        try {
-            CertificateFactory.getInstance("X.509", "SUN");
-        }
-        catch (CertificateException | NoSuchProviderException e) {
-            Assume.assumeNoException("Test assumes the SUN security provider", e);
-        }
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/certs/clients/test-user-san@localhost.cert.pem",
-                           "/certs/clients/test-user@localhost.key.pem", "password");
+        configureHtmlUnit("/certs/clients/test-user-san-cert-test-user-key@localhost.p12");
     }
 
     private String setup(boolean canonicalDnEnabled) throws Exception {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java

@@ -20,7 +20,7 @@ package org.keycloak.testsuite.x509;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.keycloak.testsuite.AssertEvents;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -58,18 +58,15 @@ import org.openqa.selenium.WebDriver;
 
 public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
 
-
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
-
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
-
     @Test
     public void loginAsUserFromCertSubjectEmail() throws Exception {
         // Login using an e-mail extracted from certificate's subject DN

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java

@@ -20,7 +20,6 @@ package org.keycloak.testsuite.x509;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.junit.Assert;
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -32,11 +31,10 @@ import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.sessions.AuthenticationSessionProvider;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.util.ContainerAssume;
 import org.keycloak.testsuite.util.OAuthClient;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 import jakarta.ws.rs.core.Response;
@@ -58,12 +56,12 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
 public class X509DirectGrantTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderFailOpenTest.java

@@ -14,7 +14,7 @@ import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.testsuite.util.OAuthClient;
@@ -35,12 +35,12 @@ public class X509OCSPResponderFailOpenTest extends AbstractX509AuthenticationTes
     private Undertow ocspResponder;
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderSpecificCertTest.java

@@ -37,7 +37,7 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
 
 import io.undertow.Undertow;
 import io.undertow.server.handlers.BlockingHandler;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -58,12 +58,12 @@ public class X509OCSPResponderSpecificCertTest extends AbstractX509Authenticatio
     private Undertow ocspResponder;
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderTest.java

@@ -44,7 +44,7 @@ import java.nio.file.Paths;
 import java.util.function.Supplier;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.impl.client.CloseableHttpClient;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -65,12 +65,12 @@ public class X509OCSPResponderTest extends AbstractX509AuthenticationTest {
     private Undertow ocspResponder;
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509SingleCertificateBrowserCRLTest.java

@@ -24,7 +24,7 @@ import org.junit.Test;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -37,18 +37,18 @@ public class X509SingleCertificateBrowserCRLTest extends AbstractX509Authenticat
     public static CRLRule crlRule = new CRLRule();
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlunit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlunit);
     }
 
     @BeforeClass
     public static void onBeforeTestClass() {
         // configure single certificate without CA cert
-        configurePhantomJS(null, "/client-ca.crt", "/client-ca.key", "password");
+        configureHtmlUnit("/client-ca.jks", "secret", "jks");
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml

@@ -91,9 +91,10 @@
         <property name="chromeDriverVersion">${chromeDriverVersion}</property>
     </extension>
 
-    <extension qualifier="webdriver-phantomjsbrowser">
-        <property name="browser">phantomjs</property>
-        <property name="downloadBinaries">${webdriverDownloadBinaries}</property>
+    <extension qualifier="webdriver-htmlunitbrowser">
+        <property name="browser">htmlunit</property>
+        <property name="htmlUnit.version">${htmlUnitBrowserVersion}</property>
+        <property name="htmlUnitWebClientOptions">cssEnabled=false;historyPageCacheLimit=1</property>
     </extension>
 
     <extension qualifier="graphene-secondbrowser">

testsuite/integration-arquillian/tests/pom.xml

@@ -290,7 +290,7 @@
                                         <outputDirectory>${containers.home}/auth-server-undertow</outputDirectory>
                                     </artifactItem>
                                 </artifactItems>
-                                <includes>*.jks,*.crt,*.truststore,*.crl,*.key,certs/clients/*</includes>
+                                <includes>*.jks,*.p12,*.crt,*.truststore,*.crl,*.key,certs/clients/*</includes>
                                 <skip>${auth.server.undertow.skip.unpack}</skip>
                             </configuration>
                         </execution>
@@ -1626,11 +1626,6 @@
                     <groupId>org.jboss.arquillian.protocol</groupId>
                     <artifactId>arquillian-protocol-servlet</artifactId>
                 </dependency>
-                <dependency>
-                    <groupId>org.jboss.arquillian.extension</groupId>
-                    <artifactId>arquillian-phantom-driver</artifactId>
-                    <version>1.2.1.Final</version>
-                </dependency>
                 <dependency>
                     <groupId>org.jboss.arquillian.graphene</groupId>
                     <artifactId>arquillian-browser-screenshooter</artifactId>