libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-9512 Run x509 tests by default

Browse source
This commit is contained in:
Sebastian Laskawiec 2019-02-11 14:28:38 +01:00 committed by Marek Posolda
parent e01562d7cf
commit 996389d61b
12 changed files with 166 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
testsuite/integration-arquillian/HOW-TO-RUN.md
View file

@ -511,17 +511,6 @@ To use a mobile browser you need to create a virtual device. The most convenient
* **Supported mobile OS version:** iOS 11.x
* **Run with:** `mvn clean test -Pios -Dappium.deviceName=device_name` where the device name is your device identification (e.g. `iPhone X`)
## Run X.509 tests
To run the X.509 client certificate authentication tests:
mvn -f testsuite/integration-arquillian/pom.xml \
clean install \
-Pauth-server-wildfly \
-Dauth.server.ssl.required \
-Dbrowser=phantomjs \
"-Dtest=*.x509.*"
## Disabling TLS (SSL) in the tests
All tests are executed with TLS by default. In order to disable it, you need to switch the `auth.server.ssl.required` property off.

6
testsuite/integration-arquillian/tests/base/pom.xml
View file

@ -41,10 +41,6 @@
<!--exclude cluster tests by default, enabled by 'auth-server-*-cluster' profiles in tests/pom.xml-->
<exclude.cluster>**/cluster/**/*Test.java</exclude.cluster>
<exclude.crossdc>**/crossdc/**/*Test.java</exclude.crossdc>
<!-- exclude x509 tests by default, enabled by 'ssl' profile -->
<exclude.x509>**/x509/*Test.java</exclude.x509>
<!-- KEYCLOAK-6771 exclude Mutual TLS Holder of Key Token x509 tests by default, enabled by 'ssl' profile -->
<exclude.HoK>**/hok/**/*Test.java</exclude.HoK>
</properties>
<dependencies>
@ -185,8 +181,6 @@
<exclude>${exclude.client}</exclude>
<exclude>${exclude.cluster}</exclude>
<exclude>${exclude.crossdc}</exclude>
<exclude>${exclude.x509}</exclude>
<exclude>${exclude.HoK}</exclude>
</excludes>
<systemPropertyVariables>
<com.mchange.v2.c3p0.VMID>testsuiteVmId</com.mchange.v2.c3p0.VMID>

5
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AbstractPage.java
View file

@ -60,4 +60,9 @@ public abstract class AbstractPage {
abstract public void open() throws Exception;
public void setDriver(WebDriver driver) {
this.driver = driver ;
oauth.setDriver(driver);
}
}

30
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/PhantomJSBrowser.java Normal file
View file

@ -0,0 +1,30 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.util;
import org.jboss.arquillian.drone.api.annotation.Qualifier;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.FIELD, ElementType.PARAMETER})
@Qualifier
public @interface PhantomJSBrowser {
}

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/hok/HoKTest.java
View file

@ -29,10 +29,7 @@ import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.impl.client.CloseableHttpClient;
import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.*;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.admin.client.resource.ClientResource;
@ -113,6 +110,11 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
configTestRealmForTokenIntrospection(testRealm);
}
@BeforeClass
public static void checkIfTLSIsTurnedOn() {
Assume.assumeTrue(AUTH_SERVER_SSL_REQUIRED);
}
private void addRedirectUrlForTls(RealmRepresentation testRealm, String clientId) {
for (ClientRepresentation client : testRealm.getClients()) {
if (client.getClientId().equals(clientId)) {

41
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java
View file

@ -18,8 +18,10 @@
package org.keycloak.testsuite.x509;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.logging.Logger;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
@ -42,14 +44,21 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AbstractPage;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.AssertAdminEvents;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.DroneUtils;
import org.keycloak.testsuite.util.PhantomJSBrowser;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.core.Response;
import java.lang.reflect.Field;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -67,7 +76,6 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
* @version $Revision: 1 $
* @since 10/28/2016
*/
public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKeycloakTest {
public static final String EMPTY_CRL_PATH = "empty.crl";
@ -103,9 +111,15 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
return true;
}
@Before
public void validateConfiguration() {
Assume.assumeTrue("Only JBoss AS has proper certificate configuration", isAuthServerJBoss());
Assume.assumeTrue(AUTH_SERVER_SSL_REQUIRED);
}
@BeforeClass
public static void onBeforeTestClass() {
if (Boolean.parseBoolean(System.getProperty("auth.server.jboss"))) {
if (isAuthServerJBoss()) {
String authServerHome = System.getProperty("auth.server.home");
if (authServerHome != null && System.getProperty("auth.server.ssl.required") != null) {
@ -124,6 +138,10 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
}
}
private static boolean isAuthServerJBoss() {
return Boolean.parseBoolean(System.getProperty("auth.server.jboss"));
}
@Before
public void configureFlows() {
authMgmtResource = adminClient.realms().realm(REALM_NAME).flows();
@ -373,4 +391,23 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
updateUser(user);
}
public void replaceDefaultWebDriver(WebDriver driver) {
this.driver = driver;
DroneUtils.addWebDriver(driver);
List<Field> allFields = new ArrayList<>();
allFields.addAll(Arrays.asList(this.getClass().getDeclaredFields()));
allFields.addAll(Arrays.asList(this.getClass().getFields()));
for (Field f : allFields) {
if (f.getAnnotation(Page.class) != null) {
try {
AbstractPage page = (AbstractPage) f.get(this);
page.setDriver(driver);
} catch (IllegalAccessException e) {
throw new IllegalStateException("Could not replace the driver in " + f, e);
}
}
}
}
}

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectAltNameEmailTest.java
View file

@ -17,8 +17,10 @@
package org.keycloak.testsuite.x509;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
@ -28,6 +30,8 @@ import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.x509.X509IdentityConfirmationPage;
import org.keycloak.testsuite.util.PhantomJSBrowser;
import org.openqa.selenium.WebDriver;
/**
* @author <a href="mailto:brat000012001@gmail.com">Peter Nalyvayko</a>
@ -38,14 +42,26 @@ import org.keycloak.testsuite.pages.x509.X509IdentityConfirmationPage;
public class X509BrowserLoginSubjectAltNameEmailTest extends AbstractX509AuthenticationTest {
@Page
@PhantomJSBrowser
protected AppPage appPage;
@Page
@PhantomJSBrowser
protected X509IdentityConfirmationPage loginConfirmationPage;
@Page
@PhantomJSBrowser
protected LoginPage loginPage;
@Drone
@PhantomJSBrowser
private WebDriver phantomJS;
@Before
public void replaceTheDefaultDriver() {
replaceDefaultWebDriver(phantomJS);
}
@BeforeClass
public static void onBeforeTestClass() {
if (Boolean.parseBoolean(System.getProperty("auth.server.jboss"))) {

34
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java
View file

@ -18,8 +18,11 @@
package org.keycloak.testsuite.x509;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.junit.InSequence;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel;
@ -43,6 +46,14 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_EMAIL;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.util.DroneUtils;
import org.keycloak.testsuite.util.JavascriptBrowser;
import org.keycloak.testsuite.util.PhantomJSBrowser;
import org.keycloak.testsuite.util.SecondBrowser;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.phantomjs.PhantomJSDriver;
import java.util.List;
/**
* @author <a href="mailto:brat000012001@gmail.com">Peter Nalyvayko</a>
@ -53,16 +64,27 @@ import org.keycloak.testsuite.util.DroneUtils;
public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
@Page
@PhantomJSBrowser
protected AppPage appPage;
@Page
@PhantomJSBrowser
protected X509IdentityConfirmationPage loginConfirmationPage;
@Page
@PhantomJSBrowser
protected LoginPage loginPage;
private void login(X509AuthenticatorConfigModel config, String userId, String username, String attemptedUsername) {
@Drone
@PhantomJSBrowser
private WebDriver phantomJS;
@Before
public void replaceTheDefaultDriver() {
replaceDefaultWebDriver(phantomJS);
}
private void login(X509AuthenticatorConfigModel config, String userId, String username, String attemptedUsername) {
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
@ -492,28 +514,28 @@ public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
@Test
public void changeLocaleOnX509InfoPage() {
ProfileAssume.assumeCommunity();
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
log.debug("Open confirm page");
loginConfirmationPage.open();
log.debug("check if on confirm page");
Assert.assertThat(loginConfirmationPage.getSubjectDistinguishedNameText(), startsWith("EMAILADDRESS=test-user@localhost"));
log.debug("check if locale is EN");
Assert.assertThat(loginConfirmationPage.getLanguageDropdownText(), is(equalTo("English")));
log.debug("change locale to DE");
loginConfirmationPage.openLanguage("Deutsch");
log.debug("check if locale is DE");
Assert.assertThat(loginConfirmationPage.getLanguageDropdownText(), is(equalTo("Deutsch")));
Assert.assertThat(DroneUtils.getCurrentDriver().getPageSource(), containsString("X509 Client Zertifikat:"));
log.debug("confirm cert");
loginConfirmationPage.confirm();
log.debug("check if logged in");
Assert.assertThat(appPage.getRequestType(), is(equalTo(AppPage.RequestType.AUTH_RESPONSE)));
}

13
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java
View file

@ -18,7 +18,9 @@
package org.keycloak.testsuite.x509;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
@ -30,6 +32,8 @@ import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.PhantomJSBrowser;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.core.Response;
@ -48,6 +52,15 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
public class X509DirectGrantTest extends AbstractX509AuthenticationTest {
@Drone
@PhantomJSBrowser
private WebDriver phantomJS;
@Before
public void replaceTheDefaultDriver() {
replaceDefaultWebDriver(phantomJS);
}
@Test
public void loginFailedOnDuplicateUsers() throws Exception {

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderSpecificCertTest.java
View file

@ -18,6 +18,7 @@
package org.keycloak.testsuite.x509;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@ -35,6 +36,8 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
import io.undertow.Undertow;
import io.undertow.server.handlers.BlockingHandler;
import org.keycloak.testsuite.util.PhantomJSBrowser;
import org.openqa.selenium.WebDriver;
/**
* Verifies Certificate revocation using OCSP responder but specifying specific
@ -53,6 +56,15 @@ public class X509OCSPResponderSpecificCertTest extends AbstractX509Authenticatio
private Undertow ocspResponder;
@Drone
@PhantomJSBrowser
private WebDriver phantomJS;
@Before
public void replaceTheDefaultDriver() {
replaceDefaultWebDriver(phantomJS);
}
@Test
public void loginFailedInvalidResponderOnOCSPResponderRevocationCheck() throws Exception {
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel()

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderTest.java
View file

@ -18,6 +18,7 @@
package org.keycloak.testsuite.x509;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@ -35,6 +36,8 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
import io.undertow.Undertow;
import io.undertow.server.handlers.BlockingHandler;
import org.keycloak.testsuite.util.PhantomJSBrowser;
import org.openqa.selenium.WebDriver;
/**
* Verifies Certificate revocation using OCSP responder.
@ -53,6 +56,15 @@ public class X509OCSPResponderTest extends AbstractX509AuthenticationTest {
private Undertow ocspResponder;
@Drone
@PhantomJSBrowser
private WebDriver phantomJS;
@Before
public void replaceTheDefaultDriver() {
replaceDefaultWebDriver(phantomJS);
}
@Test
public void loginFailedOnOCSPResponderRevocationCheck() throws Exception {
X509AuthenticatorConfigModel config =

5
testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
View file

@ -87,6 +87,11 @@
<property name="chromeArguments">${js.chromeArguments}</property>
</extension>
<extension qualifier="webdriver-phantomjsbrowser">
<property name="browser">phantomjs</property>
<property name="downloadBinaries">${webdriverDownloadBinaries}</property>
</extension>
<extension qualifier="graphene-secondbrowser">
<property name="browser">${browser}</property>
<property name="firefoxBinary">${firefox_binary}</property>