KEYCLOAK-14233 Support for generating SSL keystore before running testsuite
Move profile for app server to base
This commit is contained in:
vmuzikar
Bruno Oliveira da Silva
parent
8b0760a6d1
commit
b192ac4ea7
4 changed files with 248 additions and 3 deletions
|
|
@ -273,6 +273,11 @@
|
|||
<artifactId>download-maven-plugin</artifactId>
|
||||
<version>1.4.1</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>keytool-maven-plugin</artifactId>
|
||||
<version>1.5</version>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
|
||||
|
|
|
|||
|
|
@ -943,6 +943,106 @@
|
|||
<surefire.memory.Xmx>1024m</surefire.memory.Xmx>
|
||||
</properties>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>generate-certs-for-custom-app-server-host</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>app.server.host</name>
|
||||
</property>
|
||||
</activation>
|
||||
<build>
|
||||
<pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>keytool-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>remove-old-app-server-key</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>deleteAlias</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${app.server.keystore}</keystore>
|
||||
<storepass>${app.server.keystore.password}</storepass>
|
||||
<alias>localhost</alias>
|
||||
<skip>${app.server.skip.unpack}</skip>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>generate-new-app-server-cert</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>generateKeyPair</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${app.server.keystore}</keystore>
|
||||
<storepass>${app.server.keystore.password}</storepass>
|
||||
<alias>${app.server.host}</alias>
|
||||
<dname>CN=${app.server.host}, OU=Keycloak, O=Red Hat, L=Westword, ST=MA, C=US</dname>
|
||||
<keyalg>RSA</keyalg>
|
||||
<keysize>2048</keysize>
|
||||
<sigalg>SHA256withRSA</sigalg>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>export-app-server-cert</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>exportCertificate</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${app.server.keystore}</keystore>
|
||||
<storepass>${app.server.keystore.password}</storepass>
|
||||
<alias>${app.server.host}</alias>
|
||||
<file>${dependency.keystore.root}/${app.server.host}.pem</file>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>import-app-server-cert-to-truststore</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>importCertificate</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${dependency.truststore}</keystore>
|
||||
<storepass>${dependency.truststore.password}</storepass>
|
||||
<alias>${app.server.host}</alias>
|
||||
<file>${dependency.keystore.root}/${app.server.host}.pem</file>
|
||||
<trustcacerts>true</trustcacerts>
|
||||
<noprompt>true</noprompt>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-processed-truststore-to-app-server</id>
|
||||
<phase>process-test-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${app.server.home}</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>${dependency.keystore.root}</directory>
|
||||
</resource>
|
||||
</resources>
|
||||
<overwrite>true</overwrite>
|
||||
<skip>${app.server.skip.unpack}</skip>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -68,8 +68,10 @@
|
|||
<auth.server.memory.settings>-Xms64m -Xmx512m</auth.server.memory.settings>
|
||||
<auth.server.config.property.name>serverConfig</auth.server.config.property.name>
|
||||
<auth.server.adapter.impl.class>org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</auth.server.adapter.impl.class>
|
||||
<auth.server.truststore>${jboss.home.dir}/standalone/configuration/keycloak.truststore</auth.server.truststore>
|
||||
<auth.server.truststore>${auth.server.config.dir}/keycloak.truststore</auth.server.truststore>
|
||||
<auth.server.truststore.password>secret</auth.server.truststore.password>
|
||||
<auth.server.keystore>${auth.server.config.dir}/keycloak.jks</auth.server.keystore>
|
||||
<auth.server.keystore.password>secret</auth.server.keystore.password>
|
||||
<auth.server.jvm.args.extra/>
|
||||
|
||||
<auth.server.jboss.artifactId>integration-arquillian-servers-auth-server-${auth.server}</auth.server.jboss.artifactId>
|
||||
|
|
@ -90,6 +92,7 @@
|
|||
<app.server.skip.unpack>true</app.server.skip.unpack>
|
||||
<app.server.artifactId>integration-arquillian-servers-app-server-${app.server}</app.server.artifactId>
|
||||
<app.server.home>${containers.home}/app-server-${app.server}</app.server.home>
|
||||
<app.server.config.dir>${app.server.home}/standalone/configuration</app.server.config.dir>
|
||||
<app.server.port.offset>200</app.server.port.offset>
|
||||
<app.server.http.port>8280</app.server.http.port>
|
||||
<app.server.https.port>8643</app.server.https.port>
|
||||
|
|
@ -108,6 +111,10 @@
|
|||
<app.server.memory.Xmx>512m</app.server.memory.Xmx>
|
||||
<app.server.memory.settings>-Xms${app.server.memory.Xms} -Xmx${app.server.memory.Xmx} -XX:MetaspaceSize=${surefire.memory.metaspace} -XX:MaxMetaspaceSize=${surefire.memory.metaspace.max}</app.server.memory.settings>
|
||||
<app.server.ssl.required>false</app.server.ssl.required>
|
||||
<app.server.truststore>${app.server.config.dir}/keycloak.truststore</app.server.truststore>
|
||||
<app.server.truststore.password>secret</app.server.truststore.password>
|
||||
<app.server.keystore>${app.server.config.dir}/adapter.jks</app.server.keystore>
|
||||
<app.server.keystore.password>secret</app.server.keystore.password>
|
||||
<app.server.jvm.args.extra/>
|
||||
|
||||
<cache.server>undefined</cache.server>
|
||||
|
|
@ -119,6 +126,12 @@
|
|||
<cache.server.2.management.port>12000</cache.server.2.management.port>
|
||||
<cache.server.console.output>true</cache.server.console.output>
|
||||
|
||||
<dependency.keystore.root>${project.build.directory}/dependency/keystore</dependency.keystore.root>
|
||||
<dependency.truststore>${dependency.keystore.root}/keycloak.truststore</dependency.truststore>
|
||||
<dependency.truststore.password>secret</dependency.truststore.password>
|
||||
<dependency.keystore>${dependency.keystore.root}/keycloak.jks</dependency.keystore>
|
||||
<dependency.keystore.password>secret</dependency.keystore.password>
|
||||
|
||||
<keycloak.connectionsInfinispan.remoteStoreServer>localhost</keycloak.connectionsInfinispan.remoteStoreServer>
|
||||
<keycloak.connectionsInfinispan.remoteStorePort>12232</keycloak.connectionsInfinispan.remoteStorePort>
|
||||
<keycloak.connectionsInfinispan.remoteStorePort.2>13232</keycloak.connectionsInfinispan.remoteStorePort.2>
|
||||
|
|
@ -463,6 +476,8 @@
|
|||
<auth.server.jboss.jvm.debug.args>${auth.server.jboss.jvm.debug.args}</auth.server.jboss.jvm.debug.args>
|
||||
<auth.server.truststore>${auth.server.truststore}</auth.server.truststore>
|
||||
<auth.server.truststore.password>${auth.server.truststore.password}</auth.server.truststore.password>
|
||||
<auth.server.keystore>${auth.server.keystore}</auth.server.keystore>
|
||||
<auth.server.keystore.password>${auth.server.keystore.password}</auth.server.keystore.password>
|
||||
<auth.server.jvm.args.extra>${auth.server.jvm.args.extra}</auth.server.jvm.args.extra>
|
||||
|
||||
<auth.server.profile>${auth.server.profile}</auth.server.profile>
|
||||
|
|
@ -470,6 +485,7 @@
|
|||
|
||||
<app.server>${app.server}</app.server>
|
||||
<app.server.home>${app.server.home}</app.server.home>
|
||||
<app.server.config.dir>${app.server.config.dir}</app.server.config.dir>
|
||||
<app.server.java.home>${app.server.java.home}</app.server.java.home>
|
||||
<app.server.memory.settings>${app.server.memory.settings}</app.server.memory.settings>
|
||||
<app.server.port.offset>${app.server.port.offset}</app.server.port.offset>
|
||||
|
|
@ -484,6 +500,10 @@
|
|||
<app.server.2.port.offset>${app.server.2.port.offset}</app.server.2.port.offset>
|
||||
<app.server.2.management.port>${app.server.2.management.port}</app.server.2.management.port>
|
||||
<app.server.jboss.jvm.debug.args>${app.server.jboss.jvm.debug.args}</app.server.jboss.jvm.debug.args>
|
||||
<app.server.truststore>${app.server.truststore}</app.server.truststore>
|
||||
<app.server.truststore.password>${app.server.truststore.password}</app.server.truststore.password>
|
||||
<app.server.keystore>${app.server.keystore}</app.server.keystore>
|
||||
<app.server.keystore.password>${app.server.keystore.password}</app.server.keystore.password>
|
||||
<app.server.jvm.args.extra>${app.server.jvm.args.extra}</app.server.jvm.args.extra>
|
||||
|
||||
<frontend.console.output>${frontend.console.output}</frontend.console.output>
|
||||
|
|
@ -502,6 +522,12 @@
|
|||
<cli.log.output>${cli.log.output}</cli.log.output>
|
||||
<test.intermittent>${test.intermittent}</test.intermittent>
|
||||
|
||||
<dependency.keystore.root>${dependency.keystore.root}</dependency.keystore.root>
|
||||
<dependency.truststore>${dependency.truststore}</dependency.truststore>
|
||||
<dependency.truststore.password>${dependency.truststore.password}</dependency.truststore.password>
|
||||
<dependency.keystore>${dependency.keystore}</dependency.keystore>
|
||||
<dependency.keystore.password>${dependency.keystore.password}</dependency.keystore.password>
|
||||
|
||||
<browser>${browser}</browser>
|
||||
<js.browser>${js.browser}</js.browser>
|
||||
<js.chromeArguments>${js.chromeArguments}</js.chromeArguments>
|
||||
|
|
@ -1685,6 +1711,10 @@
|
|||
<groupId>org.liquibase</groupId>
|
||||
<artifactId>liquibase-maven-plugin</artifactId>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>keytool-maven-plugin</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
|
|
@ -1721,6 +1751,104 @@
|
|||
</properties>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>generate-certs-for-custom-auth-server-host</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>auth.server.host</name>
|
||||
</property>
|
||||
</activation>
|
||||
<build>
|
||||
<pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>keytool-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>remove-old-auth-server-key</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>deleteAlias</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${dependency.keystore}</keystore>
|
||||
<storepass>${dependency.keystore.password}</storepass>
|
||||
<alias>localhost</alias>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>generate-new-auth-server-cert</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>generateKeyPair</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${dependency.keystore}</keystore>
|
||||
<storepass>${dependency.keystore.password}</storepass>
|
||||
<alias>${auth.server.host}</alias>
|
||||
<dname>CN=${auth.server.host}, OU=Keycloak, O=Red Hat, L=Westword, ST=MA, C=US</dname>
|
||||
<keyalg>RSA</keyalg>
|
||||
<keysize>2048</keysize>
|
||||
<sigalg>SHA256withRSA</sigalg>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>export-auth-server-cert</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>exportCertificate</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${dependency.keystore}</keystore>
|
||||
<storepass>${dependency.keystore.password}</storepass>
|
||||
<alias>${auth.server.host}</alias>
|
||||
<file>${dependency.keystore.root}/${auth.server.host}.pem</file>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>import-auth-server-cert-to-truststore</id>
|
||||
<phase>generate-test-resources</phase>
|
||||
<goals>
|
||||
<goal>importCertificate</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keystore>${dependency.truststore}</keystore>
|
||||
<storepass>${dependency.truststore.password}</storepass>
|
||||
<alias>${auth.server.host}</alias>
|
||||
<file>${dependency.keystore.root}/${auth.server.host}.pem</file>
|
||||
<trustcacerts>true</trustcacerts>
|
||||
<noprompt>true</noprompt>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-processed-truststore-to-auth-server</id>
|
||||
<phase>process-test-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${auth.server.config.dir}</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>${dependency.keystore.root}</directory>
|
||||
</resource>
|
||||
</resources>
|
||||
<overwrite>true</overwrite>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
</build>
|
||||
</profile>
|
||||
|
||||
</profiles>
|
||||
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ import javax.net.ssl.SSLContext;
|
|||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
import java.io.FileInputStream;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.KeyStore;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
|
|
@ -28,16 +30,26 @@ public class TLSUtils {
|
|||
|
||||
public static SSLContext initializeTLS() {
|
||||
try {
|
||||
String keystorePath = System.getProperty("dependency.keystore");;
|
||||
if (keystorePath == null) {
|
||||
keystorePath = Paths.get(TLSUtils.class.getResource("/keycloak.jks").toURI()).toAbsolutePath().toString(); // when executed directly from IDE without Maven
|
||||
}
|
||||
|
||||
KeyStore keystore = KeyStore.getInstance("jks");
|
||||
keystore.load(TLSUtils.class.getResourceAsStream("/keycloak.jks"), "secret".toCharArray());
|
||||
keystore.load(new FileInputStream(keystorePath), "secret".toCharArray());
|
||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
keyManagerFactory.init(keystore, "secret".toCharArray());
|
||||
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
|
||||
|
||||
String truststorePath = System.getProperty("dependency.truststore");;
|
||||
if (truststorePath == null) {
|
||||
truststorePath = Paths.get(TLSUtils.class.getResource("/keycloak.truststore").toURI()).toAbsolutePath().toString(); // when executed directly from IDE without Maven
|
||||
}
|
||||
|
||||
// Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert.
|
||||
// However it will challenge him to send it.
|
||||
KeyStore truststore = KeyStore.getInstance("jks");
|
||||
truststore.load(TLSUtils.class.getResourceAsStream("/keycloak.truststore"), "secret".toCharArray());
|
||||
truststore.load(new FileInputStream(truststorePath), "secret".toCharArray());
|
||||
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
trustManagerFactory.init(truststore);
|
||||
TrustManager[] trustManagers = new TrustManager[trustManagerFactory.getTrustManagers().length + 1];
|
||||
|
|
|
|||
Loading…
Reference in a new issue