From ffcd797ca9127b9a02eca170481ffa2988b831a4 Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Thu, 12 Dec 2024 14:07:44 +0000
Subject: [PATCH] Generate certificates in the OIDC integration test

---
 integration-tests/oidc-mtls/pom.xml           | 52 +++++++++----------
 integration-tests/oidc/pom.xml                | 27 ++++++++++
 .../src/main/resources/application.properties | 15 +++---
 .../AbstractBearerTokenAuthorizationTest.java |  4 +-
 ...KeycloakXTestResourceLifecycleManager.java |  4 +-
 .../it/keycloak/WebsocketOidcTestCase.java    |  4 +-
 .../keycloak/client/KeycloakTestClient.java   |  5 +-
 7 files changed, 74 insertions(+), 37 deletions(-)

diff --git a/integration-tests/oidc-mtls/pom.xml b/integration-tests/oidc-mtls/pom.xml
index 719118f28efca8..7b6b331e319bed 100644
--- a/integration-tests/oidc-mtls/pom.xml
+++ b/integration-tests/oidc-mtls/pom.xml
@@ -87,32 +87,32 @@
     <build>
         <plugins>
             <plugin>
-    <groupId>io.smallrye.certs</groupId>
-    <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
-    <executions>
-        <execution>
-            <phase>generate-test-resources</phase>
-            <goals>
-                <goal>generate</goal>
-            </goals>
-        </execution>
-    </executions>
-    <configuration>
-        <certificates>
-            <certificate>
-                <name>oidc</name> <!-- the name of the certificate -->
-                <formats>  <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
-                    <format>PEM</format>
-                    <format>PKCS12</format>
-                </formats>
-                <password>password</password> <!-- Password for the key store if supported -->
-                <cn>backend-service</cn> <!-- Common Name -->
-                <duration>2</duration> <!-- in days -->
-                <client>true</client> <!-- Generate a client certificate -->
-            </certificate>
-        </certificates>
-    </configuration>
-</plugin>
+	        <groupId>io.smallrye.certs</groupId>
+	        <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
+	        <executions>
+		    <execution>
+		        <phase>generate-test-resources</phase>
+		        <goals>
+		            <goal>generate</goal>
+		        </goals>
+		    </execution>
+	        </executions>
+	        <configuration>
+		    <certificates>
+		        <certificate>
+		            <name>oidc</name> <!-- the name of the certificate -->
+		            <formats>  <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
+		                <format>PEM</format>
+		                <format>PKCS12</format>
+		            </formats>
+		            <password>password</password> <!-- Password for the key store if supported -->
+		            <cn>backend-service</cn> <!-- Common Name -->
+		            <duration>2</duration> <!-- in days -->
+		            <client>true</client> <!-- Generate a client certificate -->
+		        </certificate>
+		    </certificates>
+	        </configuration>
+	    </plugin>
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
diff --git a/integration-tests/oidc/pom.xml b/integration-tests/oidc/pom.xml
index ff0b6fdd56069d..e63f4b8707ff2d 100644
--- a/integration-tests/oidc/pom.xml
+++ b/integration-tests/oidc/pom.xml
@@ -132,6 +132,33 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+	        <groupId>io.smallrye.certs</groupId>
+	        <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
+	        <executions>
+		    <execution>
+		        <phase>generate-test-resources</phase>
+		        <goals>
+		            <goal>generate</goal>
+		        </goals>
+		    </execution>
+	        </executions>
+	        <configuration>
+		    <certificates>
+		        <certificate>
+		            <name>oidc</name> <!-- the name of the certificate -->
+		            <formats>  <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
+		                <format>PEM</format>
+		                <format>PKCS12</format>
+		            </formats>
+		            <password>password</password> <!-- Password for the key store if supported -->
+		            <cn>backend-service</cn> <!-- Common Name -->
+		            <duration>2</duration> <!-- in days -->
+		            <client>true</client> <!-- Generate a client certificate -->
+		        </certificate>
+		    </certificates>
+	        </configuration>
+	    </plugin>
         </plugins>
     </build>
 
diff --git a/integration-tests/oidc/src/main/resources/application.properties b/integration-tests/oidc/src/main/resources/application.properties
index d8b1ec529ad7c1..e4552113a34b48 100644
--- a/integration-tests/oidc/src/main/resources/application.properties
+++ b/integration-tests/oidc/src/main/resources/application.properties
@@ -1,23 +1,24 @@
 quarkus.keycloak.devservices.create-realm=false
 quarkus.keycloak.devservices.start-command=start --https-client-auth=required --hostname-strict=false --https-key-store-file=/etc/server-keystore.p12 --https-trust-store-file=/etc/server-truststore.p12 --https-trust-store-password=password --spi-user-profile-declarative-user-profile-config-file=/opt/keycloak/upconfig.json
-quarkus.keycloak.devservices.resource-aliases.keystore=server-keystore.p12
-quarkus.keycloak.devservices.resource-aliases.truststore=server-truststore.p12
+quarkus.keycloak.devservices.resource-aliases.keystore=target/certificates/oidc-keystore.p12
+quarkus.keycloak.devservices.resource-aliases.truststore=target/certificates/oidc-server-truststore.p12
 quarkus.keycloak.devservices.resource-mappings.keystore=/etc/server-keystore.p12
 quarkus.keycloak.devservices.resource-mappings.truststore=/etc/server-truststore.p12
 
 quarkus.oidc.token.principal-claim=email
 
-quarkus.oidc.tls.verification=required
-quarkus.oidc.tls.trust-store-file=client-truststore.p12
+quarkus.oidc.tls.verification=certificate-validation
+quarkus.oidc.tls.trust-store-file=target/certificates/oidc-client-truststore.p12
 quarkus.oidc.tls.trust-store-password=password
-quarkus.oidc.tls.key-store-file=client-keystore.p12
+quarkus.oidc.tls.key-store-file=target/certificates/oidc-client-keystore.p12
 quarkus.oidc.tls.key-store-password=password
 
 %tls-registry.quarkus.oidc.tls.tls-configuration-name=oidc-tls
-%tls-registry.quarkus.tls.oidc-tls.key-store.jks.path=client-keystore.p12
+%tls-registry.quarkus.tls.oidc-tls.key-store.jks.path=target/certificates/oidc-client-keystore.p12
 %tls-registry.quarkus.tls.oidc-tls.key-store.jks.password=password
-%tls-registry.quarkus.tls.oidc-tls.trust-store.jks.path=client-truststore.p12
+%tls-registry.quarkus.tls.oidc-tls.trust-store.jks.path=target/certificates/oidc-client-truststore.p12
 %tls-registry.quarkus.tls.oidc-tls.trust-store.jks.password=password
+%tls-registry.quarkus.tls.oidc-tls.hostname-verification-algorithm=NONE
 %tls-registry.quarkus.oidc.tls.verification=
 %tls-registry.quarkus.oidc.tls.trust-store-file=
 %tls-registry.quarkus.oidc.tls.trust-store-password=
diff --git a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/AbstractBearerTokenAuthorizationTest.java b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/AbstractBearerTokenAuthorizationTest.java
index a1ec95be5d378c..608e8af04fcebd 100644
--- a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/AbstractBearerTokenAuthorizationTest.java
+++ b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/AbstractBearerTokenAuthorizationTest.java
@@ -16,7 +16,9 @@
 
 public abstract class AbstractBearerTokenAuthorizationTest {
 
-    KeycloakTestClient client = new KeycloakTestClient(new Tls());
+    KeycloakTestClient client = new KeycloakTestClient(
+            new Tls("target/certificates/oidc-client-keystore.p12",
+                    "target/certificates/oidc-client-truststore.p12"));
 
     @Test
     public void testSecureAccessSuccessWithCors() {
diff --git a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/KeycloakXTestResourceLifecycleManager.java b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/KeycloakXTestResourceLifecycleManager.java
index 57e855d482d073..dc9863d5956837 100644
--- a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/KeycloakXTestResourceLifecycleManager.java
+++ b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/KeycloakXTestResourceLifecycleManager.java
@@ -22,7 +22,9 @@ public class KeycloakXTestResourceLifecycleManager
     private static final String KEYCLOAK_REALM = "quarkus";
     private static final String KEYCLOAK_SERVICE_CLIENT = "quarkus-app";
 
-    final KeycloakTestClient client = new KeycloakTestClient(new Tls());
+    final KeycloakTestClient client = new KeycloakTestClient(
+            new Tls("target/certificates/oidc-client-keystore.p12",
+                    "target/certificates/oidc-client-truststore.p12"));
 
     @Override
     public Map<String, String> start() {
diff --git a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/WebsocketOidcTestCase.java b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/WebsocketOidcTestCase.java
index 3a75d88294dc4a..3c3323e40562d9 100644
--- a/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/WebsocketOidcTestCase.java
+++ b/integration-tests/oidc/src/test/java/io/quarkus/it/keycloak/WebsocketOidcTestCase.java
@@ -27,7 +27,9 @@ public class WebsocketOidcTestCase {
     @TestHTTPResource("secured-hello")
     URI wsUri;
 
-    KeycloakTestClient client = new KeycloakTestClient(new Tls());
+    KeycloakTestClient client = new KeycloakTestClient(
+            new Tls("target/certificates/oidc-client-keystore.p12",
+                    "target/certificates/oidc-client-truststore.p12"));
 
     @Test
     public void websocketTest() throws Exception {
diff --git a/test-framework/keycloak-server/src/main/java/io/quarkus/test/keycloak/client/KeycloakTestClient.java b/test-framework/keycloak-server/src/main/java/io/quarkus/test/keycloak/client/KeycloakTestClient.java
index 55d2b70561e229..f510c3dac6ec31 100644
--- a/test-framework/keycloak-server/src/main/java/io/quarkus/test/keycloak/client/KeycloakTestClient.java
+++ b/test-framework/keycloak-server/src/main/java/io/quarkus/test/keycloak/client/KeycloakTestClient.java
@@ -455,6 +455,9 @@ public record Tls(String keystore, String keystorePassword,
         public Tls() {
             this("client-keystore.p12", "password", "client-truststore.p12", "password");
         }
-    };
 
+        public Tls(String keystore, String truststore) {
+            this(keystore, "password", truststore, "password");
+        }
+    };
 }