quarkus-next: SunCertPathBuilderException: unable to find valid certi…

…fication path to requested target

Closes: keycloak#33475

Signed-off-by: Peter Zaoral <[email protected]>

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java

@@ -118,13 +118,6 @@ public static ResteasyClient createResteasyClient() {
     public static ResteasyClient createResteasyClient(boolean ignoreUnknownProperties, Boolean followRedirects) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
         ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder();
 
-        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
-            File truststore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
-            resteasyClientBuilder.sslContext(getSSLContextWithTruststore(truststore, "secret"));
-
-            System.setProperty("javax.net.ssl.trustStore", truststore.getAbsolutePath());
-        }
-
         // We need to ignore unknown JSON properties e.g. in the adapter configuration representation
         // during adapter backward compatibility testing
         if (ignoreUnknownProperties) {
@@ -157,6 +150,17 @@ private static SSLContext getSSLContextWithTruststore(File file, String password
     }
 
     public static ClientHttpEngine getCustomClientHttpEngine(ResteasyClientBuilder resteasyClientBuilder, int validateAfterInactivity, Boolean followRedirects) {
+        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
+            File truststore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
+            try {
+                resteasyClientBuilder.sslContext(getSSLContextWithTruststore(truststore, "secret"));
+            } catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException |
+                     KeyManagementException e) {
+                throw new RuntimeException(e);
+            }
+
+            System.setProperty("javax.net.ssl.trustStore", truststore.getAbsolutePath());
+        }
         return new CustomClientHttpEngineBuilder43(validateAfterInactivity, followRedirects).resteasyClientBuilder(resteasyClientBuilder).build();
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java

@@ -63,8 +63,12 @@
 import jakarta.ws.rs.ClientErrorException;
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.Response;
+
+import javax.net.ssl.SSLContext;
 import java.io.IOException;
 import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -387,6 +391,18 @@ Keycloak createAdminClient(String realm, String clientId, String username, Strin
             password = username.equals("admin") ? "admin" : "password";
         }
 
+        if (resteasyClient == null) {
+            try {
+                SSLContext tlsContext = SSLContext.getInstance("TLS");
+                tlsContext.init(null, null, null);
+                resteasyClient = (ResteasyClient) ResteasyClientBuilder.newBuilder()
+                        .sslContext(tlsContext)
+                        .build();
+            } catch (NoSuchAlgorithmException | KeyManagementException e) {
+                throw new RuntimeException("Failed to initialize SSLContext", e);
+            }
+        }
+
         return KeycloakBuilder.builder().serverUrl(getAuthServerContextRoot() + "/auth")
                 .realm(realm)
                 .username(username)