From 8fc5b00d91572b0be95f639928ee191b63c8869b Mon Sep 17 00:00:00 2001
From: mhajas <mhajas@redhat.com>
Date: Wed, 16 Nov 2016 15:12:57 +0100
Subject: [PATCH] KEYCLOAK-3653 Tests for cert endpoint

---
 .../js-console/src/main/webapp/index.html     | 25 +++++++++++++++++++
 .../adapter/page/JSConsoleTestApp.java        |  6 +++++
 .../AbstractJSConsoleExampleAdapterTest.java  | 20 +++++++++++++++
 3 files changed, 51 insertions(+)

diff --git a/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html b/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html
index 1c2b61d95d..65540f13f3 100755
--- a/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html
+++ b/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html
@@ -43,6 +43,7 @@
     <button onclick="output(keycloak.createRegisterUrl())">Show Register URL</button>
     <button onclick="createBearerRequest()">Create Bearer Request</button>
     <button onclick="output(showTime())">Show current time</button>
+    <button onclick="cert()">Cert request</button>
     <input id="timeSkewInput"/>
     <button onclick="addToTimeSkew()">timeSkew offset</button>
     <button onclick="refreshTimeSkew()">refresh timeSkew</button>
@@ -215,6 +216,30 @@ TimeSkew: <div id="timeSkew"></div>
         req.send();
     }
 
+    function cert() {
+        var url = 'http://localhost:8180/auth/realms/example/protocol/openid-connect/certs';
+        if (window.location.href.indexOf("8543") > -1) {
+            url = url.replace("8180","8543");
+            url = url.replace("http","https");
+        }
+        var req = new XMLHttpRequest();
+        req.open('GET', url, true);
+        req.setRequestHeader('Accept', 'application/json');
+        req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);
+        req.onreadystatechange = function () {
+            if (req.readyState == 4) {
+                if (req.status == 200) {
+                    output('Success');
+                } else if (req.status == 403) {
+                    output('Forbidden');
+                } else if (req.status == 401) {
+                    output('Unauthorized');
+                }
+            }
+        };
+        req.send();
+    }
+
     var keycloak;
 
     function keycloakInit() {
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java
index 4822c4befa..069481f929 100755
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java
@@ -77,6 +77,8 @@ public class JSConsoleTestApp extends AbstractPageWithInjectedUrl {
     private WebElement createBearerRequest;
     @FindBy(xpath = "//button[text() = 'Bearer to keycloak']")
     private WebElement createBearerRequestToKeycloakButton;
+    @FindBy(xpath = "//button[text() = 'Cert request']")
+    private WebElement certRequestButton;
     @FindBy(xpath = "//button[text() = 'refresh timeSkew']")
     private WebElement refreshTimeSkewButton;
 
@@ -178,4 +180,8 @@ public class JSConsoleTestApp extends AbstractPageWithInjectedUrl {
     public void refreshTimeSkew() {
         refreshTimeSkewButton.click();
     }
+
+    public void sendCertRequest() {
+        certRequestButton.click();
+    }
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java
index e36bc36b60..179bb0fef5 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java
@@ -189,6 +189,15 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
         waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("\"username\": \"user\"");
     }
 
+    @Test
+    public void testCertEndpoint() {
+        logInAndInit("standard");
+        waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Init Success (Authenticated)");
+
+        jsConsoleTestAppPage.sendCertRequest();
+        waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Success");
+    }
+
     @Test
     public void grantBrowserBasedApp() {
         testRealmPage.setAuthRealm(EXAMPLE);
@@ -322,6 +331,16 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
         waitUntilElement(jsConsoleTestAppPage.getEventsElement()).text().contains("Access token expired");
     }
 
+    @Test
+    public void implicitFlowCertEndpoint() {
+        setImplicitFlowForClient();
+        logInAndInit("implicit");
+        waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Init Success (Authenticated)");
+
+        jsConsoleTestAppPage.sendCertRequest();
+        waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Success");
+    }
+
     @Test
     public void testBearerRequest() {
         jsConsoleTestAppPage.navigateTo();
@@ -406,6 +425,7 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
         jsConsoleTestAppPage.setFlow(flow);
         jsConsoleTestAppPage.init();
         jsConsoleTestAppPage.logIn();
+        waitUntilElement(By.xpath("//body")).is().present();
         testRealmLoginPage.form().login(user, "password");
         jsConsoleTestAppPage.setFlow(flow);
         jsConsoleTestAppPage.init();