Configure UAA with tls

MarcialRosales · MarcialRosales · commit 89a290a25da3 · 2024-11-06T15:07:59.000+01:00
And RabbitMq with TLS too
diff --git a/selenium/bin/components/uaa b/selenium/bin/components/uaa
@@ -16,6 +16,9 @@ init_uaa() {
   print "> UAA_CONFIG_DIR: ${UAA_CONFIG_DIR}"
   print "> UAA_URL: ${UAA_URL}"
   print "> UAA_DOCKER_IMAGE: ${UAA_DOCKER_IMAGE}"
+  
+  generate-ca-server-client-kpi uaa $UAA_CONFIG_DIR
+  generate-keystore-if-required uaa $UAA_CONFIG_DIR
 }
 start_uaa() {
   begin "Starting UAA ..."
@@ -35,11 +38,13 @@ start_uaa() {
     --name uaa \
     --net ${DOCKER_NETWORK} \
     --publish 8080:8080 \
+    --publish 8443:8443 \
     --mount "type=bind,source=$MOUNT_UAA_CONF_DIR,target=/uaa" \
+    -v ${UAA_CONFIG_DIR}/server.xml:/layers/paketo-buildpacks_apache-tomcat/catalina-base/conf/server.xml \
     --env UAA_CONFIG_PATH="/uaa" \
-    --env JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom" \
+    --env JAVA_OPTS="-Djava.security.policy=unlimited -Djava.security.egd=file:/dev/./urandom" \
     ${UAA_DOCKER_IMAGE}
-
+   
   wait_for_oidc_endpoint uaa $UAA_URL
   end "UAA is ready"
 }
diff --git a/selenium/bin/suite_template b/selenium/bin/suite_template
@@ -420,6 +420,25 @@ do_generate-ca-server-client-kpi() {
   end "SSL Certificates generated for $NAME under $FOLDER"
 }
 
+generate-keystore-if-required() {
+  NAME=$1
+  FOLDER=$2
+  if [[ ! -f "${FOLDER}/${NAME}.jks " ]]; then
+	keytool -importkeystore \
+			-destkeystore ${FOLDER}/${NAME}.jks \
+			-srckeystore ${FOLDER}/server_${NAME}.p12 \
+			-deststoretype pkcs12 \
+			-srcstoretype pkcs12 \
+      -alias 1 \
+			-destalias ${NAME}-tls \
+			-deststorepass foobar \
+			-destkeypass foobar \
+			-srcstorepass "" \
+			-srckeypass "" \
+			-noprompt
+  fi
+}
+
 run() {
   runWith rabbitmq
 }
diff --git a/selenium/suites/authnz-mgt/oauth-with-uaa.sh b/selenium/suites/authnz-mgt/oauth-with-uaa.sh
@@ -4,7 +4,7 @@ SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 TEST_CASES_PATH=/oauth/with-sp-initiated
 TEST_CONFIG_PATH=/oauth
-PROFILES="uaa uaa-oauth-provider uaa-mgt-oauth-provider"
+PROFILES="uaa uaa-oauth-provider uaa-mgt-oauth-provider tls"
 
 source $SCRIPT/../../bin/suite_template $@
 runWith uaa
diff --git a/selenium/test/oauth/env.docker.uaa b/selenium/test/oauth/env.docker.uaa
@@ -1 +1 @@
-export UAA_URL=https://uaa:8443
+export UAA_URL=http://uaa:8080
diff --git a/selenium/test/oauth/env.local.uaa b/selenium/test/oauth/env.local.uaa
@@ -1 +1 @@
-export UAA_URL=https://localhost:8443
+export UAA_URL=http://localhost:8080
diff --git a/selenium/test/oauth/uaa/server.xml b/selenium/test/oauth/uaa/server.xml
@@ -0,0 +1,43 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Server port="-1">
+    <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+    <Service name="Catalina">
+    <Connector class="org.apache.coyote.http11.Http11NioProtocol" protocol="HTTP/1.1" connectionTimeout="20000"
+                scheme="https"
+                port="8443"
+                SSLEnabled="true"
+                sslEnabledProtocols="TLSv1.2"
+                ciphers="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+                secure="true"
+                clientAuth="false"
+                sslProtocol="TLS"
+                keystoreFile="/uaa/uaa.jks"
+                keystoreType="PKCS12"
+                keyAlias="uaa-tls"
+                keystorePass="foobar"
+                bindOnInit="false"/>
+    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
+                connectionTimeout="20000"
+                port="8989"
+                address="127.0.0.1"
+                bindOnInit="true"/>
+    <Engine name="Catalina" defaultHost="localhost">
+        <Host name="localhost"
+            appBase="webapps"
+            unpackWARs="true"
+            autoDeploy="false"
+            failCtxIfServletStartFails="true">
+        <Valve className="org.apache.catalina.valves.RemoteIpValve"
+                remoteIpHeader="x-forwarded-for"
+                protocolHeader="x-forwarded-proto"
+                internalProxies="10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}"/>
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+                prefix="localhost_access" suffix=".log" rotatable="false" pattern="%h %l %u %t &quot;%r&quot; %s %b"/>
+        </Host>
+    </Engine>
+    </Service>
+</Server>
diff --git a/selenium/test/oauth/uaa/uaa.jks b/selenium/test/oauth/uaa/uaa.jks
diff --git a/selenium/test/oauth/uaa/uaa.yml b/selenium/test/oauth/uaa/uaa.yml
@@ -1,3 +1,6 @@
+require_https: true
+https_port: 8443
+
 logging:
   config: /uaa/log4j2.properties
 

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-export UAA_URL=https://uaa:8443`
	`1`	`+export UAA_URL=http://uaa:8080`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-export UAA_URL=https://localhost:8443`
	`1`	`+export UAA_URL=http://localhost:8080`