Skip to content

Commit fc237a6

Browse files
sberyozkinsberyozkin
authored
Merge pull request #45066 from sberyozkin/oidc_mtls_generate_certs
Update OIDC MTLS test to use generated certificates
2 parents 3554bbc + f8b8736 commit fc237a6

File tree

8 files changed

+44
-13
lines changed

8 files changed

+44
-13
lines changed

build-parent/pom.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -660,6 +660,11 @@
660660
</execution>
661661
</executions>
662662
</plugin>
663+
<plugin>
664+
<groupId>io.smallrye.certs</groupId>
665+
<artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
666+
<version>${smallrye-certificate-generator.version}</version>
667+
</plugin>
663668
</plugins>
664669
</pluginManagement>
665670
</build>

integration-tests/oidc-mtls/pom.xml

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@
2727
<groupId>io.quarkus</groupId>
2828
<artifactId>quarkus-tls-registry</artifactId>
2929
</dependency>
30-
3130
<dependency>
3231
<groupId>io.quarkus</groupId>
3332
<artifactId>quarkus-junit5</artifactId>
@@ -88,6 +87,33 @@
8887
<build>
8988
<plugins>
9089
<plugin>
90+
<groupId>io.smallrye.certs</groupId>
91+
<artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
92+
<executions>
93+
<execution>
94+
<phase>generate-test-resources</phase>
95+
<goals>
96+
<goal>generate</goal>
97+
</goals>
98+
</execution>
99+
</executions>
100+
<configuration>
101+
<certificates>
102+
<certificate>
103+
<name>oidc</name> <!-- the name of the certificate -->
104+
<formats> <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
105+
<format>PEM</format>
106+
<format>PKCS12</format>
107+
</formats>
108+
<password>password</password> <!-- Password for the key store if supported -->
109+
<cn>backend-service</cn> <!-- Common Name -->
110+
<duration>2</duration> <!-- in days -->
111+
<client>true</client> <!-- Generate a client certificate -->
112+
</certificate>
113+
</certificates>
114+
</configuration>
115+
</plugin>
116+
<plugin>
91117
<artifactId>maven-surefire-plugin</artifactId>
92118
<configuration>
93119
<skip>true</skip>

integration-tests/oidc-mtls/src/main/resources/application.properties

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
quarkus.http.tls-configuration-name=oidc-mtls
2-
quarkus.tls.oidc-mtls.key-store.jks.path=server-keystore.jks
3-
quarkus.tls.oidc-mtls.key-store.jks.password=secret
4-
quarkus.tls.oidc-mtls.trust-store.jks.path=server-truststore.jks
5-
quarkus.tls.oidc-mtls.trust-store.jks.password=password
2+
quarkus.tls.oidc-mtls.key-store.p12.path=target/certificates/oidc-keystore.p12
3+
quarkus.tls.oidc-mtls.key-store.p12.password=password
4+
quarkus.tls.oidc-mtls.trust-store.p12.path=target/certificates/oidc-server-truststore.p12
5+
quarkus.tls.oidc-mtls.trust-store.p12.password=password
66

77
quarkus.http.auth.inclusive=true
88

99
quarkus.http.ssl.client-auth=REQUIRED
1010
quarkus.http.insecure-requests=DISABLED
11-
quarkus.native.additional-build-args=-H:IncludeResources=.*\\.jks
11+
quarkus.native.additional-build-args=-H:IncludeResources=target/certificates/.*\\.p12

integration-tests/oidc-mtls/src/main/resources/server-keystore.jks

-2.37 KB
Binary file not shown.

integration-tests/oidc-mtls/src/main/resources/server-truststore.jks

-925 Bytes
Binary file not shown.

integration-tests/oidc-mtls/src/test/java/io/quarkus/it/oidc/OidcMtlsTest.java

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
@QuarkusTest
2828
public class OidcMtlsTest {
2929

30-
@TestHTTPResource(ssl = true)
30+
@TestHTTPResource(tls = true)
3131
URL url;
3232

3333
KeycloakTestClient keycloakClient = new KeycloakTestClient();
@@ -46,7 +46,7 @@ public void testGetIdentityNames() throws Exception {
4646
.indefinitely();
4747
assertEquals(200, resp.statusCode());
4848
String name = resp.bodyAsString();
49-
assertEquals("Identities: CN=client, alice", name);
49+
assertEquals("Identities: CN=backend-service, alice", name);
5050

5151
// HTTP 401, invalid token
5252
resp = webClient.get("/service/name")
@@ -63,18 +63,18 @@ private WebClientOptions createWebClientOptions() throws Exception {
6363
WebClientOptions webClientOptions = new WebClientOptions().setDefaultHost(url.getHost())
6464
.setDefaultPort(url.getPort()).setSsl(true).setVerifyHost(false);
6565

66-
byte[] keyStoreData = getFileContent(Paths.get("client-keystore.jks"));
66+
byte[] keyStoreData = getFileContent(Paths.get("target/certificates/oidc-client-keystore.p12"));
6767
KeyStoreOptions keyStoreOptions = new KeyStoreOptions()
6868
.setPassword("password")
6969
.setValue(Buffer.buffer(keyStoreData))
70-
.setType("JKS");
70+
.setType("PKCS12");
7171
webClientOptions.setKeyCertOptions(keyStoreOptions);
7272

73-
byte[] trustStoreData = getFileContent(Paths.get("client-truststore.jks"));
73+
byte[] trustStoreData = getFileContent(Paths.get("target/certificates/oidc-client-truststore.p12"));
7474
KeyStoreOptions trustStoreOptions = new KeyStoreOptions()
75-
.setPassword("secret")
75+
.setPassword("password")
7676
.setValue(Buffer.buffer(trustStoreData))
77-
.setType("JKS");
77+
.setType("PKCS12");
7878
webClientOptions.setTrustOptions(trustStoreOptions);
7979

8080
return webClientOptions;

integration-tests/oidc-mtls/src/test/resources/client-keystore.jks

-2.16 KB
Binary file not shown.

integration-tests/oidc-mtls/src/test/resources/client-truststore.jks

-2.37 KB
Binary file not shown.

0 commit comments

Comments
 (0)