libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-14233 Support for generating SSL keystore before running testsuite

Browse source 
Move profile for app server to base
This commit is contained in:
vmuzikar 2020-05-26 16:33:16 +02:00 committed by Bruno Oliveira da Silva
parent 8b0760a6d1
commit b192ac4ea7
4 changed files with 248 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
testsuite/integration-arquillian/pom.xml
View file

@ -273,6 +273,11 @@
<artifactId>download-maven-plugin</artifactId> <artifactId>download-maven-plugin</artifactId>
<version>1.4.1</version> <version>1.4.1</version>
</plugin> </plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<version>1.5</version>
</plugin>
</plugins> </plugins>
</pluginManagement> </pluginManagement>

100
testsuite/integration-arquillian/tests/base/pom.xml
View file

@ -943,6 +943,106 @@
<surefire.memory.Xmx>1024m</surefire.memory.Xmx> <surefire.memory.Xmx>1024m</surefire.memory.Xmx>
</properties> </properties>
</profile> </profile>
<profile>
<id>generate-certs-for-custom-app-server-host</id>
<activation>
<property>
<name>app.server.host</name>
</property>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<executions>
<execution>
<id>remove-old-app-server-key</id>
<phase>generate-test-resources</phase>
<goals>
<goal>deleteAlias</goal>
</goals>
<configuration>
<keystore>${app.server.keystore}</keystore>
<storepass>${app.server.keystore.password}</storepass>
<alias>localhost</alias>
<skip>${app.server.skip.unpack}</skip>
</configuration>
</execution>
<execution>
<id>generate-new-app-server-cert</id>
<phase>generate-test-resources</phase>
<goals>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<keystore>${app.server.keystore}</keystore>
<storepass>${app.server.keystore.password}</storepass>
<alias>${app.server.host}</alias>
<dname>CN=${app.server.host}, OU=Keycloak, O=Red Hat, L=Westword, ST=MA, C=US</dname>
<keyalg>RSA</keyalg>
<keysize>2048</keysize>
<sigalg>SHA256withRSA</sigalg>
</configuration>
</execution>
<execution>
<id>export-app-server-cert</id>
<phase>generate-test-resources</phase>
<goals>
<goal>exportCertificate</goal>
</goals>
<configuration>
<keystore>${app.server.keystore}</keystore>
<storepass>${app.server.keystore.password}</storepass>
<alias>${app.server.host}</alias>
<file>${dependency.keystore.root}/${app.server.host}.pem</file>
</configuration>
</execution>
<execution>
<id>import-app-server-cert-to-truststore</id>
<phase>generate-test-resources</phase>
<goals>
<goal>importCertificate</goal>
</goals>
<configuration>
<keystore>${dependency.truststore}</keystore>
<storepass>${dependency.truststore.password}</storepass>
<alias>${app.server.host}</alias>
<file>${dependency.keystore.root}/${app.server.host}.pem</file>
<trustcacerts>true</trustcacerts>
<noprompt>true</noprompt>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-processed-truststore-to-app-server</id>
<phase>process-test-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.home}</outputDirectory>
<resources>
<resource>
<directory>${dependency.keystore.root}</directory>
</resource>
</resources>
<overwrite>true</overwrite>
<skip>${app.server.skip.unpack}</skip>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
</profiles> </profiles>
</project> </project>

130
testsuite/integration-arquillian/tests/pom.xml
View file

@ -68,8 +68,10 @@
<auth.server.memory.settings>-Xms64m -Xmx512m</auth.server.memory.settings> <auth.server.memory.settings>-Xms64m -Xmx512m</auth.server.memory.settings>
<auth.server.config.property.name>serverConfig</auth.server.config.property.name> <auth.server.config.property.name>serverConfig</auth.server.config.property.name>
<auth.server.adapter.impl.class>org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</auth.server.adapter.impl.class> <auth.server.adapter.impl.class>org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</auth.server.adapter.impl.class>
<auth.server.truststore>&#36;{jboss.home.dir}/standalone/configuration/keycloak.truststore</auth.server.truststore> <auth.server.truststore>${auth.server.config.dir}/keycloak.truststore</auth.server.truststore>
<auth.server.truststore.password>secret</auth.server.truststore.password> <auth.server.truststore.password>secret</auth.server.truststore.password>
<auth.server.keystore>${auth.server.config.dir}/keycloak.jks</auth.server.keystore>
<auth.server.keystore.password>secret</auth.server.keystore.password>
<auth.server.jvm.args.extra/> <auth.server.jvm.args.extra/>
<auth.server.jboss.artifactId>integration-arquillian-servers-auth-server-${auth.server}</auth.server.jboss.artifactId> <auth.server.jboss.artifactId>integration-arquillian-servers-auth-server-${auth.server}</auth.server.jboss.artifactId>
@ -90,6 +92,7 @@
<app.server.skip.unpack>true</app.server.skip.unpack> <app.server.skip.unpack>true</app.server.skip.unpack>
<app.server.artifactId>integration-arquillian-servers-app-server-${app.server}</app.server.artifactId> <app.server.artifactId>integration-arquillian-servers-app-server-${app.server}</app.server.artifactId>
<app.server.home>${containers.home}/app-server-${app.server}</app.server.home> <app.server.home>${containers.home}/app-server-${app.server}</app.server.home>
<app.server.config.dir>${app.server.home}/standalone/configuration</app.server.config.dir>
<app.server.port.offset>200</app.server.port.offset> <app.server.port.offset>200</app.server.port.offset>
<app.server.http.port>8280</app.server.http.port> <app.server.http.port>8280</app.server.http.port>
<app.server.https.port>8643</app.server.https.port> <app.server.https.port>8643</app.server.https.port>
@ -108,6 +111,10 @@
<app.server.memory.Xmx>512m</app.server.memory.Xmx> <app.server.memory.Xmx>512m</app.server.memory.Xmx>
<app.server.memory.settings>-Xms${app.server.memory.Xms} -Xmx${app.server.memory.Xmx} -XX:MetaspaceSize=${surefire.memory.metaspace} -XX:MaxMetaspaceSize=${surefire.memory.metaspace.max}</app.server.memory.settings> <app.server.memory.settings>-Xms${app.server.memory.Xms} -Xmx${app.server.memory.Xmx} -XX:MetaspaceSize=${surefire.memory.metaspace} -XX:MaxMetaspaceSize=${surefire.memory.metaspace.max}</app.server.memory.settings>
<app.server.ssl.required>false</app.server.ssl.required> <app.server.ssl.required>false</app.server.ssl.required>
<app.server.truststore>${app.server.config.dir}/keycloak.truststore</app.server.truststore>
<app.server.truststore.password>secret</app.server.truststore.password>
<app.server.keystore>${app.server.config.dir}/adapter.jks</app.server.keystore>
<app.server.keystore.password>secret</app.server.keystore.password>
<app.server.jvm.args.extra/> <app.server.jvm.args.extra/>
<cache.server>undefined</cache.server> <cache.server>undefined</cache.server>
@ -119,6 +126,12 @@
<cache.server.2.management.port>12000</cache.server.2.management.port> <cache.server.2.management.port>12000</cache.server.2.management.port>
<cache.server.console.output>true</cache.server.console.output> <cache.server.console.output>true</cache.server.console.output>
<dependency.keystore.root>${project.build.directory}/dependency/keystore</dependency.keystore.root>
<dependency.truststore>${dependency.keystore.root}/keycloak.truststore</dependency.truststore>
<dependency.truststore.password>secret</dependency.truststore.password>
<dependency.keystore>${dependency.keystore.root}/keycloak.jks</dependency.keystore>
<dependency.keystore.password>secret</dependency.keystore.password>
<keycloak.connectionsInfinispan.remoteStoreServer>localhost</keycloak.connectionsInfinispan.remoteStoreServer> <keycloak.connectionsInfinispan.remoteStoreServer>localhost</keycloak.connectionsInfinispan.remoteStoreServer>
<keycloak.connectionsInfinispan.remoteStorePort>12232</keycloak.connectionsInfinispan.remoteStorePort> <keycloak.connectionsInfinispan.remoteStorePort>12232</keycloak.connectionsInfinispan.remoteStorePort>
<keycloak.connectionsInfinispan.remoteStorePort.2>13232</keycloak.connectionsInfinispan.remoteStorePort.2> <keycloak.connectionsInfinispan.remoteStorePort.2>13232</keycloak.connectionsInfinispan.remoteStorePort.2>
@ -463,6 +476,8 @@
<auth.server.jboss.jvm.debug.args>${auth.server.jboss.jvm.debug.args}</auth.server.jboss.jvm.debug.args> <auth.server.jboss.jvm.debug.args>${auth.server.jboss.jvm.debug.args}</auth.server.jboss.jvm.debug.args>
<auth.server.truststore>${auth.server.truststore}</auth.server.truststore> <auth.server.truststore>${auth.server.truststore}</auth.server.truststore>
<auth.server.truststore.password>${auth.server.truststore.password}</auth.server.truststore.password> <auth.server.truststore.password>${auth.server.truststore.password}</auth.server.truststore.password>
<auth.server.keystore>${auth.server.keystore}</auth.server.keystore>
<auth.server.keystore.password>${auth.server.keystore.password}</auth.server.keystore.password>
<auth.server.jvm.args.extra>${auth.server.jvm.args.extra}</auth.server.jvm.args.extra> <auth.server.jvm.args.extra>${auth.server.jvm.args.extra}</auth.server.jvm.args.extra>
<auth.server.profile>${auth.server.profile}</auth.server.profile> <auth.server.profile>${auth.server.profile}</auth.server.profile>
@ -470,6 +485,7 @@
<app.server>${app.server}</app.server> <app.server>${app.server}</app.server>
<app.server.home>${app.server.home}</app.server.home> <app.server.home>${app.server.home}</app.server.home>
<app.server.config.dir>${app.server.config.dir}</app.server.config.dir>
<app.server.java.home>${app.server.java.home}</app.server.java.home> <app.server.java.home>${app.server.java.home}</app.server.java.home>
<app.server.memory.settings>${app.server.memory.settings}</app.server.memory.settings> <app.server.memory.settings>${app.server.memory.settings}</app.server.memory.settings>
<app.server.port.offset>${app.server.port.offset}</app.server.port.offset> <app.server.port.offset>${app.server.port.offset}</app.server.port.offset>
@ -484,6 +500,10 @@
<app.server.2.port.offset>${app.server.2.port.offset}</app.server.2.port.offset> <app.server.2.port.offset>${app.server.2.port.offset}</app.server.2.port.offset>
<app.server.2.management.port>${app.server.2.management.port}</app.server.2.management.port> <app.server.2.management.port>${app.server.2.management.port}</app.server.2.management.port>
<app.server.jboss.jvm.debug.args>${app.server.jboss.jvm.debug.args}</app.server.jboss.jvm.debug.args> <app.server.jboss.jvm.debug.args>${app.server.jboss.jvm.debug.args}</app.server.jboss.jvm.debug.args>
<app.server.truststore>${app.server.truststore}</app.server.truststore>
<app.server.truststore.password>${app.server.truststore.password}</app.server.truststore.password>
<app.server.keystore>${app.server.keystore}</app.server.keystore>
<app.server.keystore.password>${app.server.keystore.password}</app.server.keystore.password>
<app.server.jvm.args.extra>${app.server.jvm.args.extra}</app.server.jvm.args.extra> <app.server.jvm.args.extra>${app.server.jvm.args.extra}</app.server.jvm.args.extra>
<frontend.console.output>${frontend.console.output}</frontend.console.output> <frontend.console.output>${frontend.console.output}</frontend.console.output>
@ -502,6 +522,12 @@
<cli.log.output>${cli.log.output}</cli.log.output> <cli.log.output>${cli.log.output}</cli.log.output>
<test.intermittent>${test.intermittent}</test.intermittent> <test.intermittent>${test.intermittent}</test.intermittent>
<dependency.keystore.root>${dependency.keystore.root}</dependency.keystore.root>
<dependency.truststore>${dependency.truststore}</dependency.truststore>
<dependency.truststore.password>${dependency.truststore.password}</dependency.truststore.password>
<dependency.keystore>${dependency.keystore}</dependency.keystore>
<dependency.keystore.password>${dependency.keystore.password}</dependency.keystore.password>
<browser>${browser}</browser> <browser>${browser}</browser>
<js.browser>${js.browser}</js.browser> <js.browser>${js.browser}</js.browser>
<js.chromeArguments>${js.chromeArguments}</js.chromeArguments> <js.chromeArguments>${js.chromeArguments}</js.chromeArguments>
@ -1685,6 +1711,10 @@
<groupId>org.liquibase</groupId> <groupId>org.liquibase</groupId>
<artifactId>liquibase-maven-plugin</artifactId> <artifactId>liquibase-maven-plugin</artifactId>
</plugin> </plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
</plugin>
</plugins> </plugins>
</build> </build>
</profile> </profile>
@ -1721,6 +1751,104 @@
</properties> </properties>
</profile> </profile>
<profile>
<id>generate-certs-for-custom-auth-server-host</id>
<activation>
<property>
<name>auth.server.host</name>
</property>
</activation>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<executions>
<execution>
<id>remove-old-auth-server-key</id>
<phase>generate-test-resources</phase>
<goals>
<goal>deleteAlias</goal>
</goals>
<configuration>
<keystore>${dependency.keystore}</keystore>
<storepass>${dependency.keystore.password}</storepass>
<alias>localhost</alias>
</configuration>
</execution>
<execution>
<id>generate-new-auth-server-cert</id>
<phase>generate-test-resources</phase>
<goals>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<keystore>${dependency.keystore}</keystore>
<storepass>${dependency.keystore.password}</storepass>
<alias>${auth.server.host}</alias>
<dname>CN=${auth.server.host}, OU=Keycloak, O=Red Hat, L=Westword, ST=MA, C=US</dname>
<keyalg>RSA</keyalg>
<keysize>2048</keysize>
<sigalg>SHA256withRSA</sigalg>
</configuration>
</execution>
<execution>
<id>export-auth-server-cert</id>
<phase>generate-test-resources</phase>
<goals>
<goal>exportCertificate</goal>
</goals>
<configuration>
<keystore>${dependency.keystore}</keystore>
<storepass>${dependency.keystore.password}</storepass>
<alias>${auth.server.host}</alias>
<file>${dependency.keystore.root}/${auth.server.host}.pem</file>
</configuration>
</execution>
<execution>
<id>import-auth-server-cert-to-truststore</id>
<phase>generate-test-resources</phase>
<goals>
<goal>importCertificate</goal>
</goals>
<configuration>
<keystore>${dependency.truststore}</keystore>
<storepass>${dependency.truststore.password}</storepass>
<alias>${auth.server.host}</alias>
<file>${dependency.keystore.root}/${auth.server.host}.pem</file>
<trustcacerts>true</trustcacerts>
<noprompt>true</noprompt>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-processed-truststore-to-auth-server</id>
<phase>process-test-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${auth.server.config.dir}</outputDirectory>
<resources>
<resource>
<directory>${dependency.keystore.root}</directory>
</resource>
</resources>
<overwrite>true</overwrite>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
</profile>
</profiles> </profiles>
</project> </project>

16
testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/tls/TLSUtils.java
View file

@ -6,6 +6,8 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
import java.io.FileInputStream;
import java.nio.file.Paths;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -28,16 +30,26 @@ public class TLSUtils {
public static SSLContext initializeTLS() { public static SSLContext initializeTLS() {
try { try {
String keystorePath = System.getProperty("dependency.keystore");;
if (keystorePath == null) {
keystorePath = Paths.get(TLSUtils.class.getResource("/keycloak.jks").toURI()).toAbsolutePath().toString(); // when executed directly from IDE without Maven
}
KeyStore keystore = KeyStore.getInstance("jks"); KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(TLSUtils.class.getResourceAsStream("/keycloak.jks"), "secret".toCharArray()); keystore.load(new FileInputStream(keystorePath), "secret".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, "secret".toCharArray()); keyManagerFactory.init(keystore, "secret".toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
String truststorePath = System.getProperty("dependency.truststore");;
if (truststorePath == null) {
truststorePath = Paths.get(TLSUtils.class.getResource("/keycloak.truststore").toURI()).toAbsolutePath().toString(); // when executed directly from IDE without Maven
}
// Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert. // Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert.
// However it will challenge him to send it. // However it will challenge him to send it.
KeyStore truststore = KeyStore.getInstance("jks"); KeyStore truststore = KeyStore.getInstance("jks");
truststore.load(TLSUtils.class.getResourceAsStream("/keycloak.truststore"), "secret".toCharArray()); truststore.load(new FileInputStream(truststorePath), "secret".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(truststore); trustManagerFactory.init(truststore);
TrustManager[] trustManagers = new TrustManager[trustManagerFactory.getTrustManagers().length + 1]; TrustManager[] trustManagers = new TrustManager[trustManagerFactory.getTrustManagers().length + 1];