Merge pull request #12845 from rabbitmq/fix-selenium-issues-on-v4.0.x

Fix selenium issues on v4.0.x

Author: michaelklishin

selenium/.gitignore

@@ -7,3 +7,10 @@ suites/screens/*
 test/oauth/*/h2/*.trace.db
 test/oauth/*/h2/*.lock.db
 */target/*
+tls-gen
+test/*/certs/*.pem
+test/*/certs/*.p12
+test/*/certs/*.jks
+test/*/*/*.pem
+test/*/*/*.p12
+test/*/*/*.jks

selenium/bin/components/devkeycloak

@@ -9,6 +9,9 @@ init_devkeycloak() {
   print "> DEVKEYCLOAK_CONFIG_DIR: ${DEVKEYCLOAK_CONFIG_DIR}"
   print "> DEVKEYCLOAK_URL: ${DEVKEYCLOAK_URL}"
   print "> DEVKEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
+
+  generate-ca-server-client-kpi devkeycloak $DEVKEYCLOAK_CONFIG_DIR
+
 }
 ensure_devkeycloak() {
   if docker ps | grep devkeycloak &> /dev/null; then
@@ -45,7 +48,7 @@ start_devkeycloak() {
     --https-certificate-key-file=/opt/keycloak/data/import/server_devkeycloak_key.pem \
     --hostname=devkeycloak --hostname-admin=devkeycloak --https-port=8442
 
-  wait_for_oidc_endpoint devkeycloak $DEVKEYCLOAK_URL $MOUNT_DEVKEYCLOAK_CONF_DIR/ca_certificate.pem
+  wait_for_oidc_endpoint devkeycloak $DEVKEYCLOAK_URL $MOUNT_DEVKEYCLOAK_CONF_DIR/ca_devkeycloak_certificate.pem
   end "devkeycloak is ready"
   print " Note: If you modify devkeycloak configuration, make sure to run the following command to export the configuration."
   print " docker exec -it devkeycloak /opt/keycloak/bin/kc.sh export --users realm_file --realm test --dir /opt/keycloak/data/import/"

selenium/bin/components/keycloak

@@ -17,6 +17,9 @@ init_keycloak() {
   print "> KEYCLOAK_CONFIG_DIR: ${KEYCLOAK_CONFIG_DIR}"
   print "> KEYCLOAK_URL: ${KEYCLOAK_URL}"
   print "> KEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
+
+  generate-ca-server-client-kpi keycloak $KEYCLOAK_CONFIG_DIR
+
 }
 start_keycloak() {
   begin "Starting keycloak ..."
@@ -44,7 +47,7 @@ start_keycloak() {
     --https-certificate-file=/opt/keycloak/data/import/server_keycloak_certificate.pem \
     --https-certificate-key-file=/opt/keycloak/data/import/server_keycloak_key.pem
 
-  wait_for_oidc_endpoint keycloak $KEYCLOAK_URL $MOUNT_KEYCLOAK_CONF_DIR/ca_certificate.pem
+  wait_for_oidc_endpoint keycloak $KEYCLOAK_URL $MOUNT_KEYCLOAK_CONF_DIR/ca_keycloak_certificate.pem
   end "Keycloak is ready"
 
   print " Note: If you modify keycloak configuration. Make sure to run the following command to export the configuration."

selenium/bin/components/prodkeycloak

@@ -16,6 +16,8 @@ init_prodkeycloak() {
   print "> PRODKEYCLOAK_CONFIG_DIR: ${PRODKEYCLOAK_CONFIG_DIR}"
   print "> PRODKEYCLOAK_URL: ${PRODKEYCLOAK_URL}"
   print "> KEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
+
+  generate-ca-server-client-kpi prodkeycloak $PRODKEYCLOAK_CONFIG_DIR
 }
 start_prodkeycloak() {
   begin "Starting prodkeycloak ..."
@@ -44,7 +46,7 @@ start_prodkeycloak() {
     --https-certificate-key-file=/opt/keycloak/data/import/server_prodkeycloak_key.pem \
     --hostname=prodkeycloak --hostname-admin=prodkeycloak --https-port=8443
 
-  wait_for_oidc_endpoint prodkeycloak $PRODKEYCLOAK_URL $MOUNT_PRODKEYCLOAK_CONF_DIR/ca_certificate.pem
+  wait_for_oidc_endpoint prodkeycloak $PRODKEYCLOAK_URL $MOUNT_PRODKEYCLOAK_CONF_DIR/ca_prodkeycloak_certificate.pem
   end "prodkeycloak is ready"
   print " Note: If you modify prodkeycloak configuration, make sure to run the following command to export the configuration."
   print " docker exec -it prodkeycloak /opt/keycloak/bin/kc.sh export --users realm_file --realm test --dir /opt/keycloak/data/import/"

selenium/bin/components/rabbitmq

@@ -10,6 +10,13 @@ init_rabbitmq() {
   [[ -z "${OAUTH_SERVER_CONFIG_BASEDIR}" ]] || print "> OAUTH_SERVER_CONFIG_BASEDIR: ${OAUTH_SERVER_CONFIG_BASEDIR}"
   [[ -z "${OAUTH_SERVER_CONFIG_DIR}" ]] || print "> OAUTH_SERVER_CONFIG_DIR: ${OAUTH_SERVER_CONFIG_DIR}"
 
+  if [[ ! -d "${RABBITMQ_CONFIG_DIR}/certs" ]]; then 
+    mkdir ${RABBITMQ_CONFIG_DIR}/certs
+  fi 
+  generate-ca-server-client-kpi rabbitmq $RABBITMQ_CONFIG_DIR/certs
+  generate-server-keystore-if-required rabbitmq $RABBITMQ_CONFIG_DIR/certs
+  generate-client-keystore-if-required rabbitmq $RABBITMQ_CONFIG_DIR/certs
+  generate-truststore-if-required rabbitmq $RABBITMQ_CONFIG_DIR/certs
 }
 
 start_rabbitmq() {

selenium/bin/components/uaa

@@ -16,6 +16,9 @@ init_uaa() {
   print "> UAA_CONFIG_DIR: ${UAA_CONFIG_DIR}"
   print "> UAA_URL: ${UAA_URL}"
   print "> UAA_DOCKER_IMAGE: ${UAA_DOCKER_IMAGE}"
+
+  generate-ca-server-client-kpi uaa $UAA_CONFIG_DIR
+  generate-server-keystore-if-required uaa $UAA_CONFIG_DIR
 }
 start_uaa() {
   begin "Starting UAA ..."

selenium/bin/suite_template

@@ -375,6 +375,99 @@ generate_env_file() {
     source $ENV_FILE
     end "Finished generating env file."
 }
+generate-ca-server-client-kpi() {
+  NAME=$1
+  FOLDER=$2
+  if [[ ! -f "${FOLDER}/server_${NAME}_key.pem" ]]; then
+	  do_generate-ca-server-client-kpi $1 $2
+  fi
+}
+do_generate-ca-server-client-kpi() {
+  NAME=$1
+  FOLDER=$2
+  ROOT=$SELENIUM_ROOT_FOLDER
+
+  begin "Generate certs for $NAME"
+
+  if [ ! -d "$ROOT/tls-gen" ]; then
+    git clone https://github.com/michaelklishin/tls-gen $ROOT/tls-gen
+  fi
+
+  print "Generating CA and Server (localhost and $NAME) PKI under $FOLDER ..."
+  mkdir -p $FOLDER
+
+  CUR_DIR=$(pwd)
+  cd $ROOT/tls-gen/basic
+  cp openssl.cnf openssl.cnf.bak
+  if [ -f "$FOLDER/openssl.cnf.in" ]; then     
+    cp $FOLDER/openssl.cnf.in >> openssl.cnf
+  fi 
+  if [[ ! -z "${DEBUG}" ]]; then
+    print "Used this openssl.conf"
+    cat openssl.cnf
+  fi
+  make CN=$NAME CLIENT_ALT_NAME=internaluser
+  cp openssl.cnf.bak openssl.cnf  
+  cd $CUR_DIR
+
+  cp $ROOT/tls-gen/basic/result/ca_certificate.pem $FOLDER/ca_${NAME}_certificate.pem
+  cp $ROOT/tls-gen/basic/result/server_${NAME}_certificate.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/server_${NAME}_key.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/server_${NAME}.p12 $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}_certificate.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}_key.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}.p12 $FOLDER
+  chmod ugo+r $FOLDER/*.pem
+  end "SSL Certificates generated for $NAME under $FOLDER"
+}
+generate-truststore-if-required() {
+  NAME=$1
+  FOLDER=$2
+  if [[ ! -f "${FOLDER}/truststore.jks" ]]; then
+    keytool -import \
+      -trustcacerts \
+      -file ${FOLDER}/ca_${NAME}_certificate.pem \
+      -keystore ${FOLDER}/truststore.jks \
+      -storepass foobar \
+			-noprompt
+  fi
+}
+generate-server-keystore-if-required() {
+  NAME=$1
+  FOLDER=$2
+  if [ ! -f "${FOLDER}/server_${NAME}.jks" ]; then
+    keytool -importkeystore \
+        -destkeystore ${FOLDER}/server_${NAME}.jks \
+        -srckeystore ${FOLDER}/server_${NAME}.p12 \
+        -deststoretype pkcs12 \
+        -srcstoretype pkcs12 \
+        -alias 1 \
+        -destalias server-${NAME}-tls \
+        -deststorepass foobar \
+        -destkeypass foobar \
+        -srcstorepass "" \
+        -srckeypass "" \
+        -noprompt
+  fi
+}
+generate-client-keystore-if-required() {
+  NAME=$1
+  FOLDER=$2
+  if [ ! -f "${FOLDER}/client_${NAME}.jks" ]; then
+    keytool -importkeystore \
+        -destkeystore ${FOLDER}/client_${NAME}.jks \
+        -srckeystore ${FOLDER}/client_${NAME}.p12 \
+        -deststoretype pkcs12 \
+        -srcstoretype pkcs12 \
+        -alias 1 \
+        -destalias client-${NAME}-tls \
+        -deststorepass foobar \
+        -destkeypass foobar \
+        -srcstorepass "" \
+        -srckeypass "" \
+        -noprompt
+  fi
+}
 run() {
   runWith rabbitmq
 }
@@ -420,13 +513,13 @@ elif [[ "$COMMAND" == "stop-rabbitmq" ]]
   fi
 }
 determine_required_components_including_rabbitmq() {
-  if [[ "$@" != *"rabbitmq"* ]]; then
-    REQUIRED_COMPONENTS+=("rabbitmq")
-  fi
   for (( i=1; i<=$#; i++)) {
     eval val='$'$i
     REQUIRED_COMPONENTS+=( "$val" )
   }
+  if [[ "$@" != *"rabbitmq"* ]]; then
+    REQUIRED_COMPONENTS+=("rabbitmq")
+  fi
 }
 determine_required_components_excluding_rabbitmq() {
   for (( i=1; i<=$#; i++)) {

selenium/full-suite-management-ui

@@ -1,10 +1,10 @@
 authnz-mgt/basic-auth-behind-proxy.sh
 authnz-mgt/basic-auth.sh
 authnz-mgt/basic-auth-with-mgt-prefix.sh
-authnz-mgt/multi-oauth-with-basic-auth-when-idps-down.sh
 authnz-mgt/multi-oauth-with-basic-auth.sh
 authnz-mgt/multi-oauth-without-basic-auth-and-resource-label-and-scopes.sh
 authnz-mgt/multi-oauth-without-basic-auth.sh
+authnz-mgt/multi-oauth-with-basic-auth-when-idps-down.sh
 authnz-mgt/oauth-and-basic-auth.sh
 authnz-mgt/oauth-idp-initiated-with-uaa-and-prefix-via-proxy.sh
 authnz-mgt/oauth-idp-initiated-with-uaa-and-prefix.sh

selenium/package.json

@@ -20,6 +20,7 @@
     "mqtt": "^5.3.3",
     "path": "^0.12.7",
     "proxy": "^1.0.2",
+    "rhea": "^3.0.3",
     "selenium-webdriver": "^4.19.0",
     "xmlhttprequest": "^1.8.0"
   },

selenium/run-suites.sh

@@ -30,7 +30,7 @@ do
   fi
   echo -e "=== $TEST_STATUS $SUITE ==========================================="
   echo " "
-done <<< "$(cat $SCRIPT/$SUITE_FILE | sort)"
+done <<< "$(cat $SCRIPT/$SUITE_FILE)"
 
 echo -e "=== Summary (${TOTAL_SUITES}/${GREEN}${#SUCCESSFUL_SUITES[@]}/${RED}${#FAILED_SUITES[@]}${NC}) ============================================"
 if [ ${#SUCCESSFUL_SUITES[@]} -gt 0 ]; then echo -e " > ${GREEN}Successful suites ${NC}"; fi