Search in sources :

Example 26 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509DirectGrantTest method loginCertificateRevoked.

@Test
public void loginCertificateRevoked() throws Exception {
    // Not possible to test file CRL on undertow at this moment - jboss config dir doesn't exist
    ContainerAssume.assumeNotAuthServerUndertow();
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(INTERMEDIATE_CA_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    assertEquals(401, response.getStatusCode());
    assertEquals("invalid_request", response.getError());
    Assert.assertThat(response.getErrorDescription(), containsString("Certificate has been revoked, certificate's subject:"));
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 27 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509BrowserCRLTest method loginFailedWithIntermediateRevocationListFromHttp.

@Test
public void loginFailedWithIntermediateRevocationListFromHttp() {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(CRLRule.CRL_RESPONDER_ORIGIN + "/" + INTERMEDIATE_CA_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    assertLoginFailedDueRevokedCertificate();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 28 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509BrowserCRLTest method loginSuccessWithEmptyRevocationListFromHttp.

@Test
public void loginSuccessWithEmptyRevocationListFromHttp() {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(CRLRule.CRL_RESPONDER_ORIGIN + "/" + EMPTY_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    x509BrowserLogin(config, userId, "test-user@localhost", "test-user@localhost");
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Test(org.junit.Test)

Aggregations

X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)28 Test (org.junit.Test)27 Matchers.containsString (org.hamcrest.Matchers.containsString)24 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)12 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)2