[KEYCLOAK-11330] - Quarkus tests

vidhya03 · Jun 17, 2020 · d331091 · d331091
1 parent d71e81e
commit d331091
Show file tree

Hide file tree

Showing 56 changed files with 446 additions and 44 deletions.
diff --git a/distribution/server-x/src/main/content/bin/kc.sh b/distribution/server-x/src/main/content/bin/kc.sh
@@ -23,7 +23,7 @@ fi
 GREP="grep"
 DIRNAME=`dirname "$RESOLVED_NAME"`
 
-SERVER_OPTS="-Dkeycloak.home.dir=$DIRNAME/../ -Dkeycloak.theme.dir=$DIRNAME/../themes -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
+SERVER_OPTS="-Dkeycloak.home.dir=$DIRNAME/../ -Djboss.server.config.dir=$DIRNAME/../conf -Dkeycloak.theme.dir=$DIRNAME/../themes -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
 
 DEBUG_MODE="${DEBUG:-false}"
 DEBUG_PORT="${DEBUG_PORT:-8787}"

diff --git a/...ain/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java b/...ain/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java
@@ -1037,7 +1037,8 @@ private <R extends Policy, Q extends PolicyQuery> List<R> cacheQuery(String cach
                     return null;
                 }
 
-                return policies.stream().map(resourceId -> (R) findById(resourceId, resourceServerId)).collect(Collectors.toList());
+                return policies.stream().map(resourceId -> (R) findById(resourceId, resourceServerId))
+                        .filter(Objects::nonNull).collect(Collectors.toList());
             }
         }
     }

diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java
@@ -92,23 +92,23 @@ public class PolicyEntity {
     @MapKeyColumn(name = "NAME")
     @Column(name = "VALUE", columnDefinition = "TEXT")
     @CollectionTable(name = "POLICY_CONFIG", joinColumns = {@JoinColumn(name = "POLICY_ID")})
-    private Map<String, String> config = new HashMap();
+    private Map<String, String> config;
 
     @ManyToOne(optional = false, fetch = FetchType.LAZY)
     @JoinColumn(name = "RESOURCE_SERVER_ID")
     private ResourceServerEntity resourceServer;
 
     @OneToMany(fetch = FetchType.LAZY, cascade = {})
     @JoinTable(name = "ASSOCIATED_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "ASSOCIATED_POLICY_ID"))
-    private Set<PolicyEntity> associatedPolicies = new HashSet<>();
+    private Set<PolicyEntity> associatedPolicies;
 
     @OneToMany(fetch = FetchType.LAZY, cascade = {})
     @JoinTable(name = "RESOURCE_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "RESOURCE_ID"))
-    private Set<ResourceEntity> resources = new HashSet<>();
+    private Set<ResourceEntity> resources;
 
     @OneToMany(fetch = FetchType.LAZY, cascade = {})
     @JoinTable(name = "SCOPE_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "SCOPE_ID"))
-    private Set<ScopeEntity> scopes = new HashSet<>();
+    private Set<ScopeEntity> scopes;
 
     @Column(name = "OWNER")
     private String owner;
@@ -146,6 +146,9 @@ public void setLogic(Logic logic) {
     }
 
     public Map<String, String> getConfig() {
+        if (config == null) {
+            config = new HashMap<>();
+        }
         return this.config;
     }
 
@@ -178,6 +181,9 @@ public void setResourceServer(ResourceServerEntity resourceServer) {
     }
 
     public Set<ResourceEntity> getResources() {
+        if (resources == null) {
+            resources = new HashSet<>();
+        }
         return this.resources;
     }
 
@@ -186,6 +192,9 @@ public void setResources(Set<ResourceEntity> resources) {
     }
 
     public Set<ScopeEntity> getScopes() {
+        if (scopes == null) {
+            scopes = new HashSet<>();
+        }
         return this.scopes;
     }
 
@@ -194,6 +203,9 @@ public void setScopes(Set<ScopeEntity> scopes) {
     }
 
     public Set<PolicyEntity> getAssociatedPolicies() {
+        if (associatedPolicies == null) {
+            associatedPolicies = new HashSet<>();
+        }
         return associatedPolicies;
     }
 

diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceEntity.java
@@ -87,7 +87,7 @@ public class ResourceEntity {
     @ElementCollection(fetch = FetchType.LAZY)
     @Column(name = "VALUE")
     @CollectionTable(name = "RESOURCE_URIS", joinColumns = { @JoinColumn(name="RESOURCE_ID") })
-    private Set<String> uris = new HashSet<>();
+    private Set<String> uris;
 
     @Column(name = "TYPE")
     private String type;
@@ -107,16 +107,16 @@ public class ResourceEntity {
 
     @OneToMany(fetch = FetchType.LAZY, cascade = {})
     @JoinTable(name = "RESOURCE_SCOPE", joinColumns = @JoinColumn(name = "RESOURCE_ID"), inverseJoinColumns = @JoinColumn(name = "SCOPE_ID"))
-    private List<ScopeEntity> scopes = new LinkedList<>();
+    private List<ScopeEntity> scopes;
 
     @ManyToMany(fetch = FetchType.LAZY, cascade = {})
     @JoinTable(name = "RESOURCE_POLICY", joinColumns = @JoinColumn(name = "RESOURCE_ID"), inverseJoinColumns = @JoinColumn(name = "POLICY_ID"))
-    private List<PolicyEntity> policies = new LinkedList<>();
+    private List<PolicyEntity> policies;
 
     @OneToMany(cascade = CascadeType.REMOVE, orphanRemoval = true, mappedBy="resource", fetch = FetchType.LAZY)
     @Fetch(FetchMode.SELECT)
     @BatchSize(size = 20)
-    private Collection<ResourceAttributeEntity> attributes = new ArrayList<>();
+    private Collection<ResourceAttributeEntity> attributes;
 
     public String getId() {
         return id;
@@ -143,6 +143,9 @@ public void setDisplayName(String displayName) {
     }
 
     public Set<String> getUris() {
+        if (uris == null) {
+            uris = new HashSet<>();
+        }
         return uris;
     }
 
@@ -159,6 +162,9 @@ public void setType(String type) {
     }
 
     public List<ScopeEntity> getScopes() {
+        if (scopes == null) {
+            scopes = new LinkedList<>();
+        }
         return this.scopes;
     }
 
@@ -195,6 +201,9 @@ public boolean isOwnerManagedAccess() {
     }
 
     public List<PolicyEntity> getPolicies() {
+        if (policies == null) {
+            policies = new LinkedList<>();
+        }
         return this.policies;
     }
 
@@ -204,6 +213,9 @@ public void setPolicies(List<PolicyEntity> policies) {
     }
 
     public Collection<ResourceAttributeEntity> getAttributes() {
+        if (attributes == null) {
+            attributes = new LinkedList<>();
+        }
         return attributes;
     }
 

diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ScopeEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ScopeEntity.java
@@ -32,7 +32,7 @@
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
 import javax.persistence.UniqueConstraint;
-import java.util.ArrayList;
+import java.util.LinkedList;
 import java.util.List;
 
 /**
@@ -71,7 +71,7 @@ public class ScopeEntity {
 
     @ManyToMany(fetch = FetchType.LAZY, cascade = {})
     @JoinTable(name = "SCOPE_POLICY", joinColumns = @JoinColumn(name = "SCOPE_ID"), inverseJoinColumns = @JoinColumn(name = "POLICY_ID"))
-    private List<PolicyEntity> policies = new ArrayList<>();
+    private List<PolicyEntity> policies;
 
     public String getId() {
         return id;
@@ -114,6 +114,9 @@ public ResourceServerEntity getResourceServer() {
     }
 
     public List<PolicyEntity> getPolicies() {
+        if (policies == null) {
+            policies = new LinkedList<>();
+        }
         return policies;
     }
 

diff --git a/quarkus/pom.xml b/quarkus/pom.xml
@@ -31,7 +31,7 @@
     <packaging>pom</packaging>
 
     <properties>
-        <quarkus.version>1.5.0.CR1</quarkus.version>
+        <quarkus.version>1.5.1.Final</quarkus.version>
         <resteasy.version>4.5.3.Final</resteasy.version>
         <jackson.version>2.10.2</jackson.version>
         <jackson.databind.version>${jackson.version}</jackson.databind.version>

diff --git a/quarkus/runtime/src/main/java/org/keycloak/QuarkusKeycloakSessionFactory.java b/quarkus/runtime/src/main/java/org/keycloak/QuarkusKeycloakSessionFactory.java
@@ -14,6 +14,7 @@
 import org.keycloak.provider.ProviderFactory;
 import org.keycloak.provider.ProviderLoader;
 import org.keycloak.provider.ProviderManager;
+import org.keycloak.provider.ProviderManagerRegistry;
 import org.keycloak.provider.Spi;
 import org.keycloak.services.DefaultKeycloakSessionFactory;
 import org.keycloak.services.ServicesLogger;
@@ -81,6 +82,8 @@ public void init() {
         }
 
         AdminPermissions.registerListener(this);
+        // make the session factory ready for hot deployment
+        ProviderManagerRegistry.SINGLETON.setDeployer(this);
     }
 
     private Set<Spi> loadRuntimeSpis(ProviderLoader runtimeLoader) {
@@ -99,16 +102,6 @@ private Set<Spi> loadRuntimeSpis(ProviderLoader runtimeLoader) {
         return spis;
     }
 
-    @Override
-    public void deploy(ProviderManager pm) {
-        throw new RuntimeException("Not supported");
-    }
-
-    @Override
-    public void undeploy(ProviderManager pm) {
-        throw new RuntimeException("Not supported");
-    }
-
     private ProviderLoader createUserProviderLoader() {
         return UserProviderLoader
                 .create(KeycloakDeploymentInfo.create().services(), Thread.currentThread().getContextClassLoader());

diff --git a/...kus/runtime/src/main/java/org/keycloak/provider/quarkus/VertxClientCertificateLookup.java b/...kus/runtime/src/main/java/org/keycloak/provider/quarkus/VertxClientCertificateLookup.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2020 Analytical Graphics, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.keycloak.provider.quarkus;
+
+import java.security.cert.X509Certificate;
+
+import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.spi.CDI;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+
+import io.vertx.core.http.HttpServerRequest;
+import org.jboss.logging.Logger;
+import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.services.x509.X509ClientCertificateLookup;
+
+import io.vertx.ext.web.RoutingContext;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public class VertxClientCertificateLookup implements X509ClientCertificateLookup {
+
+    private static final Logger logger = Logger.getLogger(VertxClientCertificateLookup.class);
+
+    public VertxClientCertificateLookup() {
+    }
+
+    @Override
+    public void close() {
+
+    }
+
+    @Override
+    public X509Certificate[] getCertificateChain(HttpRequest httpRequest) {
+        Instance<RoutingContext> instances = CDI.current().select(RoutingContext.class);
+
+        if (instances.isResolvable()) {
+            RoutingContext context = instances.get();
+
+            try {
+                SSLSession sslSession = context.request().sslSession();
+
+                if (sslSession == null) {
+                    return null;
+                }
+
+                X509Certificate[] certificates = (X509Certificate[]) sslSession.getPeerCertificates();
+
+                if (logger.isTraceEnabled() && certificates != null) {
+                    for (X509Certificate cert : certificates) {
+                        logger.tracef("Certificate's SubjectDN => \"%s\"", cert.getSubjectDN().getName());
+                    }
+                }
+
+                return certificates;
+            } catch (SSLPeerUnverifiedException ignore) {
+                // client not authenticated
+            }
+        }
+
+        return null;
+    }
+}
diff --git a/...time/src/main/java/org/keycloak/provider/quarkus/VertxClientCertificateLookupFactory.java b/...time/src/main/java/org/keycloak/provider/quarkus/VertxClientCertificateLookupFactory.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2020 Analytical Graphics, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.keycloak.provider.quarkus;
+
+import org.keycloak.Config;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.services.x509.X509ClientCertificateLookup;
+import org.keycloak.services.x509.X509ClientCertificateLookupFactory;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public class VertxClientCertificateLookupFactory implements X509ClientCertificateLookupFactory {
+
+    private static X509ClientCertificateLookup SINGLETON;
+
+    @Override
+    public X509ClientCertificateLookup create(KeycloakSession session) {
+        return SINGLETON;
+    }
+
+    @Override
+    public void init(Config.Scope config) {
+        SINGLETON = new VertxClientCertificateLookup();
+    }
+
+    @Override
+    public void postInit(KeycloakSessionFactory factory) {
+
+    }
+
+    @Override
+    public void close() {
+
+    }
+
+    @Override
+    public String getId() {
+        return "quarkus";
+    }
+
+    @Override
+    public int order() {
+        return 100;
+    }
+}
diff --git a/...resources/META-INF/services/org.keycloak.services.x509.X509ClientCertificateLookupFactory b/...resources/META-INF/services/org.keycloak.services.x509.X509ClientCertificateLookupFactory
@@ -0,0 +1,18 @@
+#
+# Copyright 2020 Analytical Graphics, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+org.keycloak.provider.quarkus.VertxClientCertificateLookupFactory
diff --git a/...a/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticator.java b/...a/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticator.java
@@ -234,7 +234,9 @@ private boolean containsMatchingRequestHeader(MultivaluedMap<String, String> req
 
         //TODO cache RequestHeader Patterns
         //TODO how to deal with pattern syntax exceptions?
-        Pattern pattern = Pattern.compile(headerPattern, Pattern.DOTALL);
+        // need CASE_INSENSITIVE flag so that we also have matches when the underlying container use a different case than what
+        // is usually expected (e.g.: vertx)
+        Pattern pattern = Pattern.compile(headerPattern, Pattern.DOTALL | Pattern.CASE_INSENSITIVE);
 
         for (Map.Entry<String, List<String>> entry : requestHeaders.entrySet()) {