Example 86 with ComponentRepresentation
use of org.keycloak.representations.idm.ComponentRepresentation in project keycloak by keycloak.
the class GeneratedHmacKeyProviderTest method defaultKeysize.
@Test
public void defaultKeysize() throws Exception {
long priority = System.currentTimeMillis();
ComponentRepresentation rep = createRep("valid", GeneratedHmacKeyProviderFactory.ID);
rep.setConfig(new MultivaluedHashMap<>());
rep.getConfig().putSingle("priority", Long.toString(priority));
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
assertEquals(1, createdRep.getConfig().size());
assertEquals(Long.toString(priority), createdRep.getConfig().getFirst("priority"));
KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
KeysMetadataRepresentation.KeyMetadataRepresentation key = null;
for (KeysMetadataRepresentation.KeyMetadataRepresentation k : keys.getKeys()) {
if (k.getAlgorithm().equals(Algorithm.HS256)) {
key = k;
break;
}
}
assertEquals(id, key.getProviderId());
assertEquals(KeyType.OCT, key.getType());
assertEquals(priority, key.getProviderPriority());
ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
assertEquals(64, Base64Url.decode(component.getConfig().getFirst("secret")).length);
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
Response(javax.ws.rs.core.Response)
KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Example 87 with ComponentRepresentation
use of org.keycloak.representations.idm.ComponentRepresentation in project keycloak by keycloak.
the class GeneratedHmacKeyProviderTest method invalidKeysize.
@Test
public void invalidKeysize() throws Exception {
ComponentRepresentation rep = createRep("invalid", GeneratedHmacKeyProviderFactory.ID);
rep.getConfig().putSingle("secretSize", "1234");
Response response = adminClient.realm("test").components().add(rep);
assertErrror(response, "'Secret size' should be 16, 24, 32, 64, 128, 256 or 512");
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
Response(javax.ws.rs.core.Response)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Example 88 with ComponentRepresentation
use of org.keycloak.representations.idm.ComponentRepresentation in project keycloak by keycloak.
the class GeneratedHmacKeyProviderTest method createRep.
protected ComponentRepresentation createRep(String name, String providerId) {
ComponentRepresentation rep = new ComponentRepresentation();
rep.setName(name);
rep.setParentId("test");
rep.setProviderId(providerId);
rep.setProviderType(KeyProvider.class.getName());
rep.setConfig(new MultivaluedHashMap<>());
return rep;
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
KeyProvider(org.keycloak.keys.KeyProvider)
Example 89 with ComponentRepresentation
use of org.keycloak.representations.idm.ComponentRepresentation in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testProtocolMappersCreate.
// PROTOCOL MAPPERS
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testProtocolMappersCreate() throws Exception {
setTrustedHost("localhost");
// Try to add client with some "hardcoded role" mapper. Should fail
ClientRepresentation clientRep = createRep("test-app");
clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed");
// Try the same authenticated. Should still fail.
ClientInitialAccessPresentation token = adminClient.realm(REALM_NAME).clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10));
reg.auth(Auth.token(token));
assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed");
// Update the "authenticated" policy and allow hardcoded role mapper
ComponentRepresentation protocolMapperPolicyRep = findPolicyByProviderAndAuth(ProtocolMappersClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAuth());
protocolMapperPolicyRep.getConfig().add(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
// Check authenticated registration is permitted
ClientRepresentation registeredClient = reg.create(clientRep);
Assert.assertNotNull(registeredClient.getRegistrationAccessToken());
// Check "anonymous" registration still fails
clientRep = createRep("test-app-2");
clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
reg.auth(null);
assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed");
// Revert policy change
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation)
ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
Example 90 with ComponentRepresentation
use of org.keycloak.representations.idm.ComponentRepresentation in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testClientScopesPolicyWithPermittedScope.
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testClientScopesPolicyWithPermittedScope() throws Exception {
setTrustedHost("localhost");
// Add some clientScope through Admin REST
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName("foo");
clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Response response = realmResource().clientScopes().create(clientScope);
String clientScopeId = ApiUtil.getCreatedId(response);
response.close();
// I can't register new client with this scope
ClientRepresentation clientRep = createRep("test-app");
clientRep.setDefaultClientScopes(Collections.singletonList("foo"));
assertFail(ClientRegOp.CREATE, clientRep, 403, "Not permitted to use specified clientScope");
// Update the policy to allow the "foo" scope
ComponentRepresentation clientScopesPolicyRep = findPolicyByProviderAndAuth(ClientScopesClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
clientScopesPolicyRep.getConfig().putSingle(ClientScopesClientRegistrationPolicyFactory.ALLOWED_CLIENT_SCOPES, "foo");
realmResource().components().component(clientScopesPolicyRep.getId()).update(clientScopesPolicyRep);
// Check that I can register client now
ClientRepresentation registeredClient = reg.create(clientRep);
Assert.assertNotNull(registeredClient.getRegistrationAccessToken());
// Revert client scope
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
realmResource().clientScopes().get(clientScopeId).remove();
}
Also used :
Response(javax.ws.rs.core.Response)
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
Aggregations
ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)120
Test (org.junit.Test)56
Response (javax.ws.rs.core.Response)44
UserStorageProvider (org.keycloak.storage.UserStorageProvider)22
KeyProvider (org.keycloak.keys.KeyProvider)17
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)13
Before (org.junit.Before)12
KeysMetadataRepresentation (org.keycloak.representations.idm.KeysMetadataRepresentation)12
RealmModel (org.keycloak.models.RealmModel)10
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)10
KeyPair (java.security.KeyPair)9
UserModel (org.keycloak.models.UserModel)9
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)8
RealmResource (org.keycloak.admin.client.resource.RealmResource)7
MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)7
ComponentModel (org.keycloak.component.ComponentModel)7
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)7
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)6
AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)6
List (java.util.List)5
