Generate certificates in the OIDC integration test

integration-tests/oidc-mtls/pom.xml

@@ -87,32 +87,32 @@
     <build>
         <plugins>
             <plugin>
-    <groupId>io.smallrye.certs</groupId>
-    <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
-    <executions>
-        <execution>
-            <phase>generate-test-resources</phase>
-            <goals>
-                <goal>generate</goal>
-            </goals>
-        </execution>
-    </executions>
-    <configuration>
-        <certificates>
-            <certificate>
-                <name>oidc</name> <!-- the name of the certificate -->
-                <formats>  <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
-                    <format>PEM</format>
-                    <format>PKCS12</format>
-                </formats>
-                <password>password</password> <!-- Password for the key store if supported -->
-                <cn>backend-service</cn> <!-- Common Name -->
-                <duration>2</duration> <!-- in days -->
-                <client>true</client> <!-- Generate a client certificate -->
-            </certificate>
-        </certificates>
-    </configuration>
-</plugin>
+			    <groupId>io.smallrye.certs</groupId>
+			    <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
+			    <executions>
+			        <execution>
+			            <phase>generate-test-resources</phase>
+			            <goals>
+			                <goal>generate</goal>
+			            </goals>
+			        </execution>
+			    </executions>
+			    <configuration>
+			        <certificates>
+			            <certificate>
+			                <name>oidc</name> <!-- the name of the certificate -->
+			                <formats>  <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
+			                    <format>PEM</format>
+			                    <format>PKCS12</format>
+			                </formats>
+			                <password>password</password> <!-- Password for the key store if supported -->
+			                <cn>backend-service</cn> <!-- Common Name -->
+			                <duration>2</duration> <!-- in days -->
+			                <client>true</client> <!-- Generate a client certificate -->
+			            </certificate>
+			        </certificates>
+			    </configuration>
+			</plugin>
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>

integration-tests/oidc/pom.xml

@@ -132,6 +132,33 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+			    <groupId>io.smallrye.certs</groupId>
+			    <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
+			    <executions>
+			        <execution>
+			            <phase>generate-test-resources</phase>
+			            <goals>
+			                <goal>generate</goal>
+			            </goals>
+			        </execution>
+			    </executions>
+			    <configuration>
+			        <certificates>
+			            <certificate>
+			                <name>oidc</name> <!-- the name of the certificate -->
+			                <formats>  <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
+			                    <format>PEM</format>
+			                    <format>PKCS12</format>
+			                </formats>
+			                <password>password</password> <!-- Password for the key store if supported -->
+			                <cn>backend-service</cn> <!-- Common Name -->
+			                <duration>2</duration> <!-- in days -->
+			                <client>true</client> <!-- Generate a client certificate -->
+			            </certificate>
+			        </certificates>
+			    </configuration>
+			</plugin>
         </plugins>
     </build>
 

integration-tests/oidc/src/main/resources/application.properties

@@ -1,23 +1,24 @@
 quarkus.keycloak.devservices.create-realm=false
 quarkus.keycloak.devservices.start-command=start --https-client-auth=required --hostname-strict=false --https-key-store-file=/etc/server-keystore.p12 --https-trust-store-file=/etc/server-truststore.p12 --https-trust-store-password=password --spi-user-profile-declarative-user-profile-config-file=/opt/keycloak/upconfig.json
-quarkus.keycloak.devservices.resource-aliases.keystore=server-keystore.p12
-quarkus.keycloak.devservices.resource-aliases.truststore=server-truststore.p12
+quarkus.keycloak.devservices.resource-aliases.keystore=target/certificates/oidc-keystore.p12
+quarkus.keycloak.devservices.resource-aliases.truststore=target/certificates/oidc-server-truststore.p12
 quarkus.keycloak.devservices.resource-mappings.keystore=/etc/server-keystore.p12
 quarkus.keycloak.devservices.resource-mappings.truststore=/etc/server-truststore.p12
 
 quarkus.oidc.token.principal-claim=email
 
-quarkus.oidc.tls.verification=required
-quarkus.oidc.tls.trust-store-file=client-truststore.p12
+quarkus.oidc.tls.verification=certificate-validation
+quarkus.oidc.tls.trust-store-file=target/certificates/oidc-client-truststore.p12
 quarkus.oidc.tls.trust-store-password=password
-quarkus.oidc.tls.key-store-file=client-keystore.p12
+quarkus.oidc.tls.key-store-file=target/certificates/oidc-client-keystore.p12
 quarkus.oidc.tls.key-store-password=password
 
 %tls-registry.quarkus.oidc.tls.tls-configuration-name=oidc-tls
-%tls-registry.quarkus.tls.oidc-tls.key-store.jks.path=client-keystore.p12
+%tls-registry.quarkus.tls.oidc-tls.key-store.jks.path=target/certificates/oidc-client-keystore.p12
 %tls-registry.quarkus.tls.oidc-tls.key-store.jks.password=password
-%tls-registry.quarkus.tls.oidc-tls.trust-store.jks.path=client-truststore.p12
+%tls-registry.quarkus.tls.oidc-tls.trust-store.jks.path=target/certificates/oidc-client-truststore.p12
 %tls-registry.quarkus.tls.oidc-tls.trust-store.jks.password=password
+%tls-registry.quarkus.tls.oidc-tls.hostname-verification-algorithm=NONE
 %tls-registry.quarkus.oidc.tls.verification=
 %tls-registry.quarkus.oidc.tls.trust-store-file=
 %tls-registry.quarkus.oidc.tls.trust-store-password=

integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/AbstractBearerTokenAuthorizationTest.java

@@ -16,7 +16,9 @@
 
 public abstract class AbstractBearerTokenAuthorizationTest {
 
-    KeycloakTestClient client = new KeycloakTestClient(new Tls());
+    KeycloakTestClient client = new KeycloakTestClient(
+            new Tls("target/certificates/oidc-client-keystore.p12",
+                    "target/certificates/oidc-client-truststore.p12"));
 
     @Test
     public void testSecureAccessSuccessWithCors() {

integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/KeycloakXTestResourceLifecycleManager.java

@@ -22,7 +22,9 @@ public class KeycloakXTestResourceLifecycleManager
     private static final String KEYCLOAK_REALM = "quarkus";
     private static final String KEYCLOAK_SERVICE_CLIENT = "quarkus-app";
 
-    final KeycloakTestClient client = new KeycloakTestClient(new Tls());
+    final KeycloakTestClient client = new KeycloakTestClient(
+            new Tls("target/certificates/oidc-client-keystore.p12",
+                    "target/certificates/oidc-client-truststore.p12"));
 
     @Override
     public Map<String, String> start() {

integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/WebsocketOidcTestCase.java

@@ -27,7 +27,9 @@ public class WebsocketOidcTestCase {
     @TestHTTPResource("secured-hello")
     URI wsUri;
 
-    KeycloakTestClient client = new KeycloakTestClient(new Tls());
+    KeycloakTestClient client = new KeycloakTestClient(
+            new Tls("target/certificates/oidc-client-keystore.p12",
+                    "target/certificates/oidc-client-truststore.p12"));
 
     @Test
     public void websocketTest() throws Exception {

test-framework/keycloak-server/src/main/java/io/quarkus/test/keycloak/client/KeycloakTestClient.java

@@ -444,6 +444,7 @@ private RequestSpecification getSpec() {
         if (tls != null) {
             spec = spec.keyStore(tls.keystore(), tls.keystorePassword())
                     .trustStore(tls.truststore(), tls.truststorePassword());
+
         } else {
             spec = spec.relaxedHTTPSValidation();
         }
@@ -455,6 +456,9 @@ public record Tls(String keystore, String keystorePassword,
         public Tls() {
             this("client-keystore.p12", "password", "client-truststore.p12", "password");
         }
-    };
 
+        public Tls(String keystore, String truststore) {
+            this(keystore, "password", truststore, "password");
+        }
+    };
 }