libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-17304 ClientPoliciesTest - exclude mTLS tests for non-required SSL

Browse source
This commit is contained in:
Martin Bartoš 2021-03-03 11:18:04 +01:00 committed by Pavel Drozd
parent da6a017e86
commit d452041d7d
1 changed files with 17 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesTest.java
View file

@ -27,7 +27,6 @@ import java.net.URISyntaxException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
@ -41,6 +40,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.hamcrest.Matchers; import org.hamcrest.Matchers;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException; import org.keycloak.OAuthErrorException;
@ -102,12 +102,14 @@ import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
import org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject; import org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject;
import org.keycloak.testsuite.services.clientpolicy.condition.TestRaiseExeptionConditionFactory; import org.keycloak.testsuite.services.clientpolicy.condition.TestRaiseExeptionConditionFactory;
import org.keycloak.testsuite.services.clientpolicy.executor.TestRaiseExeptionExecutorFactory; import org.keycloak.testsuite.services.clientpolicy.executor.TestRaiseExeptionExecutorFactory;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.util.MutualTLSUtils; import org.keycloak.testsuite.util.MutualTLSUtils;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.admin.client.resource.RolesResource; import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.testsuite.util.RoleBuilder; import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@EnableFeature(value = Profile.Feature.CLIENT_POLICIES, skipRestart = true) @EnableFeature(value = Profile.Feature.CLIENT_POLICIES, skipRestart = true)
@ -1251,33 +1253,30 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
@Test @Test
public void testHolderOfKeyEnforceExecutor() throws Exception { public void testHolderOfKeyEnforceExecutor() throws Exception {
String policyName = POLICY_NAME; Assume.assumeTrue("This test must be executed with enabled TLS.", ServerURLs.AUTH_SERVER_SSL_REQUIRED);
final String policyName = POLICY_NAME;
createPolicy(policyName, DefaultClientPolicyProviderFactory.PROVIDER_ID, null, null, null); createPolicy(policyName, DefaultClientPolicyProviderFactory.PROVIDER_ID, null, null, null);
logger.info("... Created Policy : " + policyName); logger.info("... Created Policy : " + policyName);
String conditionName = AnyClientCondition_NAME; final String conditionName = AnyClientCondition_NAME;
createCondition(conditionName, AnyClientConditionFactory.PROVIDER_ID, null, (ComponentRepresentation provider) -> {}); createCondition(conditionName, AnyClientConditionFactory.PROVIDER_ID, null, (ComponentRepresentation provider) -> {
});
registerCondition(conditionName, policyName); registerCondition(conditionName, policyName);
logger.info("... Registered Condition : " + conditionName); logger.info("... Registered Condition : " + conditionName);
String executorName = HolderOfKeyEnforceExecutor_NAME; final String executorName = HolderOfKeyEnforceExecutor_NAME;
createExecutor(executorName, HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, null, (ComponentRepresentation provider) -> { createExecutor(executorName, HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, null, this::setExecutorAugmentActivate);
setExecutorAugmentActivate(provider);
});
registerExecutor(executorName, policyName); registerExecutor(executorName, policyName);
logger.info("... Registered Executor : " + executorName); logger.info("... Registered Executor : " + executorName);
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(REALM_NAME), TEST_CLIENT); try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, TEST_CLIENT)) {
ClientRepresentation clientRep = clientResource.toRepresentation(); ClientRepresentation clientRep = cau.getResource().toRepresentation();
Assert.assertNotNull(clientRep);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseMtlsHoKToken(true); OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseMtlsHoKToken(true);
clientResource.update(clientRep); cau.update();
try {
checkMtlsFlow(); checkMtlsFlow();
} finally {
clientResource = ApiUtil.findClientByClientId(adminClient.realm(REALM_NAME), TEST_CLIENT);
clientRep = clientResource.toRepresentation();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseMtlsHoKToken(false);
clientResource.update(clientRep);
} }
} }