Merge pull request #45066 from sberyozkin/oidc_mtls_generate_certs

Update OIDC MTLS test to use generated certificates
quarkusio · Dec 11, 2024 · fc237a6 · fc237a6
2 parents 3554bbc + f8b8736
commit fc237a6
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 13 deletions.
diff --git a/build-parent/pom.xml b/build-parent/pom.xml
@@ -660,6 +660,11 @@
                         </execution>
                     </executions>
                 </plugin>
+                <plugin>
+                    <groupId>io.smallrye.certs</groupId>
+                    <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
+                    <version>${smallrye-certificate-generator.version}</version>
+                </plugin>
             </plugins>
         </pluginManagement>
     </build>

diff --git a/integration-tests/oidc-mtls/pom.xml b/integration-tests/oidc-mtls/pom.xml
@@ -27,7 +27,6 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-tls-registry</artifactId>
         </dependency>
-
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-junit5</artifactId>
@@ -88,6 +87,33 @@
     <build>
         <plugins>
             <plugin>
+    <groupId>io.smallrye.certs</groupId>
+    <artifactId>smallrye-certificate-generator-maven-plugin</artifactId>
+    <executions>
+        <execution>
+            <phase>generate-test-resources</phase>
+            <goals>
+                <goal>generate</goal>
+            </goals>
+        </execution>
+    </executions>
+    <configuration>
+        <certificates>
+            <certificate>
+                <name>oidc</name> <!-- the name of the certificate -->
+                <formats>  <!-- List of formats to generate, are supported PEM, JKS and PKCS12 -->
+                    <format>PEM</format>
+                    <format>PKCS12</format>
+                </formats>
+                <password>password</password> <!-- Password for the key store if supported -->
+                <cn>backend-service</cn> <!-- Common Name -->
+                <duration>2</duration> <!-- in days -->
+                <client>true</client> <!-- Generate a client certificate -->
+            </certificate>
+        </certificates>
+    </configuration>
+</plugin>
+            <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
                     <skip>true</skip>

diff --git a/integration-tests/oidc-mtls/src/main/resources/application.properties b/integration-tests/oidc-mtls/src/main/resources/application.properties
@@ -1,11 +1,11 @@
 quarkus.http.tls-configuration-name=oidc-mtls
-quarkus.tls.oidc-mtls.key-store.jks.path=server-keystore.jks
-quarkus.tls.oidc-mtls.key-store.jks.password=secret
-quarkus.tls.oidc-mtls.trust-store.jks.path=server-truststore.jks
-quarkus.tls.oidc-mtls.trust-store.jks.password=password
+quarkus.tls.oidc-mtls.key-store.p12.path=target/certificates/oidc-keystore.p12
+quarkus.tls.oidc-mtls.key-store.p12.password=password
+quarkus.tls.oidc-mtls.trust-store.p12.path=target/certificates/oidc-server-truststore.p12
+quarkus.tls.oidc-mtls.trust-store.p12.password=password
 
 quarkus.http.auth.inclusive=true
 
 quarkus.http.ssl.client-auth=REQUIRED
 quarkus.http.insecure-requests=DISABLED
-quarkus.native.additional-build-args=-H:IncludeResources=.*\\.jks
+quarkus.native.additional-build-args=-H:IncludeResources=target/certificates/.*\\.p12
diff --git a/integration-tests/oidc-mtls/src/main/resources/server-keystore.jks b/integration-tests/oidc-mtls/src/main/resources/server-keystore.jks
diff --git a/integration-tests/oidc-mtls/src/main/resources/server-truststore.jks b/integration-tests/oidc-mtls/src/main/resources/server-truststore.jks
diff --git a/integration-tests/oidc-mtls/src/test/java/io/quarkus/it/oidc/OidcMtlsTest.java b/integration-tests/oidc-mtls/src/test/java/io/quarkus/it/oidc/OidcMtlsTest.java
@@ -27,7 +27,7 @@
 @QuarkusTest
 public class OidcMtlsTest {
 
-    @TestHTTPResource(ssl = true)
+    @TestHTTPResource(tls = true)
     URL url;
 
     KeycloakTestClient keycloakClient = new KeycloakTestClient();
@@ -46,7 +46,7 @@ public void testGetIdentityNames() throws Exception {
                     .indefinitely();
             assertEquals(200, resp.statusCode());
             String name = resp.bodyAsString();
-            assertEquals("Identities: CN=client, alice", name);
+            assertEquals("Identities: CN=backend-service, alice", name);
 
             // HTTP 401, invalid token
             resp = webClient.get("/service/name")
@@ -63,18 +63,18 @@ private WebClientOptions createWebClientOptions() throws Exception {
         WebClientOptions webClientOptions = new WebClientOptions().setDefaultHost(url.getHost())
                 .setDefaultPort(url.getPort()).setSsl(true).setVerifyHost(false);
 
-        byte[] keyStoreData = getFileContent(Paths.get("client-keystore.jks"));
+        byte[] keyStoreData = getFileContent(Paths.get("target/certificates/oidc-client-keystore.p12"));
         KeyStoreOptions keyStoreOptions = new KeyStoreOptions()
                 .setPassword("password")
                 .setValue(Buffer.buffer(keyStoreData))
-                .setType("JKS");
+                .setType("PKCS12");
         webClientOptions.setKeyCertOptions(keyStoreOptions);
 
-        byte[] trustStoreData = getFileContent(Paths.get("client-truststore.jks"));
+        byte[] trustStoreData = getFileContent(Paths.get("target/certificates/oidc-client-truststore.p12"));
         KeyStoreOptions trustStoreOptions = new KeyStoreOptions()
-                .setPassword("secret")
+                .setPassword("password")
                 .setValue(Buffer.buffer(trustStoreData))
-                .setType("JKS");
+                .setType("PKCS12");
         webClientOptions.setTrustOptions(trustStoreOptions);
 
         return webClientOptions;

diff --git a/integration-tests/oidc-mtls/src/test/resources/client-keystore.jks b/integration-tests/oidc-mtls/src/test/resources/client-keystore.jks
diff --git a/integration-tests/oidc-mtls/src/test/resources/client-truststore.jks b/integration-tests/oidc-mtls/src/test/resources/client-truststore.jks