Search in sources :

Example 11 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509DirectGrantTest method loginWithNonMatchingRegex.

@Test
public void loginWithNonMatchingRegex() throws Exception {
    X509AuthenticatorConfigModel config = createLoginIssuerDN_OU2CustomAttributeConfig();
    config.setRegularExpression("INVALID=(.*?)(?:,|$)");
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    assertEquals(401, response.getStatusCode());
    AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().user((String) null).session((String) null).error("invalid_user_credentials").client("resource-owner").removeDetail(Details.CODE_ID).removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI);
    addX509CertificateDetails(expectedEvent).assertEvent();
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AssertEvents(org.keycloak.testsuite.AssertEvents) X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 12 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509DirectGrantTest method loginCertificateNotExpired.

@Test
public void loginCertificateNotExpired() throws Exception {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCertValidationEnabled(true).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    assertEquals(200, response.getStatusCode());
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 13 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509DirectGrantTest method loginResourceOwnerCredentialsSuccess.

@Test
public void loginResourceOwnerCredentialsSuccess() throws Exception {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    doResourceOwnerCredentialsLogin("resource-owner", "secret", "test-user@localhost", "");
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 14 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509DirectGrantTest method loginCertificateExpired.

@Test
public void loginCertificateExpired() throws Exception {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCertValidationEnabled(true).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    setTimeOffset(50 * 365 * 24 * 60 * 60);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    setTimeOffset(0);
    assertEquals(401, response.getStatusCode());
    assertEquals("invalid_request", response.getError());
    Assert.assertThat(response.getErrorDescription(), containsString("has expired on:"));
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 15 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509OCSPResponderSpecificCertTest method loginFailedInvalidResponderOnOCSPResponderRevocationCheck.

@Test
public void loginFailedInvalidResponderOnOCSPResponderRevocationCheck() throws Exception {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setOCSPEnabled(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), response.getStatusCode());
    assertEquals("invalid_request", response.getError());
    Assert.assertThat(response.getErrorDescription(), containsString("Responder's certificate is not authorized to sign OCSP responses"));
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Aggregations

X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)28 Test (org.junit.Test)27 Matchers.containsString (org.hamcrest.Matchers.containsString)24 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)12 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)2