keycloak-uncached
Changes
model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java 4(+2 -2)
model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_9_2.java 4(+2 -2)
server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java 56(+13 -43)
server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProviderFactory.java 54(+54 -0)
server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha256PasswordHashProviderFactory.java 39(+39 -0)
server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha512PasswordHashProviderFactory.java 39(+39 -0)
server-spi-private/src/main/java/org/keycloak/policy/HashAlgorithmPasswordPolicyProviderFactory.java 12(+11 -1)
services/src/main/resources/META-INF/services/org.keycloak.credential.hash.PasswordHashProviderFactory 4(+3 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java 4(+2 -2)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java 48(+28 -20)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServer.java 32(+32 -0)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServerWrapper.java 12(+12 -0)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/ModuleUtil.java 35(+35 -0)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunHelpers.java 44(+44 -0)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServer.java 31(+31 -0)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServerException.java 12(+12 -0)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/SerializationUtil.java 70(+70 -0)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml 1(+1 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java 5(+5 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java 64(+64 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java 17(+7 -10)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java 2(+0 -2)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java 22(+16 -6)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java 201(+201 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java 25(+17 -8)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java 22(+19 -3)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/InternalComponentRepresentation.java 27(+27 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerDeployment.java 23(+23 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerTest.java 97(+97 -0)
Details
diff --git a/core/src/main/java/org/keycloak/util/JsonSerialization.java b/core/src/main/java/org/keycloak/util/JsonSerialization.java
index c94ee96..ed43e69 100755
--- a/core/src/main/java/org/keycloak/util/JsonSerialization.java
+++ b/core/src/main/java/org/keycloak/util/JsonSerialization.java
@@ -77,6 +77,10 @@ public class JsonSerialization {
return readValue(bytes, type, false);
}
+ public static <T> T readValue(String string, TypeReference<T> type) throws IOException {
+ return mapper.readValue(string, type);
+ }
+
public static <T> T readValue(InputStream bytes, TypeReference<T> type) throws IOException {
return mapper.readValue(bytes, type);
}
diff --git a/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java b/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java
index 34ffeea..26848fa 100644
--- a/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java
+++ b/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_8_0.java
@@ -21,7 +21,7 @@ import com.mongodb.BasicDBList;
import com.mongodb.BasicDBObject;
import com.mongodb.DBCollection;
import com.mongodb.WriteResult;
-import org.keycloak.credential.hash.Pbkdf2PasswordHashProvider;
+import org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserCredentialModel;
@@ -46,7 +46,7 @@ public class Update1_8_0 extends Update {
BasicDBObject query = new BasicDBObject("credentials", new BasicDBObject("$elemMatch", elemMatch));
- BasicDBObject update = new BasicDBObject("$set", new BasicDBObject("credentials.$.algorithm", Pbkdf2PasswordHashProvider.ID));
+ BasicDBObject update = new BasicDBObject("$set", new BasicDBObject("credentials.$.algorithm", Pbkdf2PasswordHashProviderFactory.ID));
DBCollection users = db.getCollection("users");
diff --git a/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_9_2.java b/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_9_2.java
index 340887d..cc2728f 100644
--- a/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_9_2.java
+++ b/model/mongo/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_9_2.java
@@ -21,7 +21,7 @@ import com.mongodb.BasicDBList;
import com.mongodb.BasicDBObject;
import com.mongodb.DBCollection;
import com.mongodb.WriteResult;
-import org.keycloak.credential.hash.Pbkdf2PasswordHashProvider;
+import org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.utils.HmacOTP;
@@ -47,7 +47,7 @@ public class Update1_9_2 extends Update {
BasicDBObject query = new BasicDBObject("credentials", new BasicDBObject("$elemMatch", elemMatch));
- BasicDBObject update = new BasicDBObject("$set", new BasicDBObject("credentials.$.algorithm", Pbkdf2PasswordHashProvider.ID));
+ BasicDBObject update = new BasicDBObject("$set", new BasicDBObject("credentials.$.algorithm", Pbkdf2PasswordHashProviderFactory.ID));
DBCollection users = db.getCollection("users");
diff --git a/server-spi/src/main/java/org/keycloak/credential/hash/PasswordHashProvider.java b/server-spi/src/main/java/org/keycloak/credential/hash/PasswordHashProvider.java
index 0a4013e..ee555c2 100644
--- a/server-spi/src/main/java/org/keycloak/credential/hash/PasswordHashProvider.java
+++ b/server-spi/src/main/java/org/keycloak/credential/hash/PasswordHashProvider.java
@@ -27,8 +27,7 @@ import org.keycloak.provider.Provider;
public interface PasswordHashProvider extends Provider {
boolean policyCheck(PasswordPolicy policy, CredentialModel credentia);
- void encode(String rawPassword, PasswordPolicy policy, CredentialModel credential);
+ void encode(String rawPassword, int iterations, CredentialModel credential);
boolean verify(String rawPassword, CredentialModel credential);
-
}
diff --git a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java
index b3f8459..6c170e1 100644
--- a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java
+++ b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.java
@@ -17,11 +17,8 @@
package org.keycloak.credential.hash;
-import org.keycloak.Config;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.UserCredentialModel;
@@ -35,42 +32,34 @@ import java.security.spec.KeySpec;
/**
* @author <a href="mailto:me@tsudot.com">Kunal Kerkar</a>
*/
-public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory, PasswordHashProvider {
+public class Pbkdf2PasswordHashProvider implements PasswordHashProvider {
- public static final String ID = "pbkdf2";
+ private final String providerId;
- private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
- private static final int DERIVED_KEY_SIZE = 512;
+ private final String pbkdf2Algorithm;
- public CredentialModel encode(String rawPassword, int iterations) {
- byte[] salt = getSalt();
- String encodedPassword = encode(rawPassword, iterations, salt);
+ public static final int DERIVED_KEY_SIZE = 512;
- CredentialModel credentials = new CredentialModel();
- credentials.setAlgorithm(ID);
- credentials.setType(UserCredentialModel.PASSWORD);
- credentials.setSalt(salt);
- credentials.setHashIterations(iterations);
- credentials.setValue(encodedPassword);
- return credentials;
+ public Pbkdf2PasswordHashProvider(String providerId, String pbkdf2Algorithm) {
+ this.providerId = providerId;
+ this.pbkdf2Algorithm = pbkdf2Algorithm;
}
@Override
public boolean policyCheck(PasswordPolicy policy, CredentialModel credential) {
- return credential.getHashIterations() == policy.getHashIterations() && ID.equals(credential.getAlgorithm());
+ return credential.getHashIterations() == policy.getHashIterations() && providerId.equals(credential.getAlgorithm());
}
@Override
- public void encode(String rawPassword, PasswordPolicy policy, CredentialModel credential) {
+ public void encode(String rawPassword, int iterations, CredentialModel credential) {
byte[] salt = getSalt();
- String encodedPassword = encode(rawPassword, policy.getHashIterations(), salt);
+ String encodedPassword = encode(rawPassword, iterations, salt);
- credential.setAlgorithm(ID);
+ credential.setAlgorithm(providerId);
credential.setType(UserCredentialModel.PASSWORD);
credential.setSalt(salt);
- credential.setHashIterations(policy.getHashIterations());
+ credential.setHashIterations(iterations);
credential.setValue(encodedPassword);
-
}
@Override
@@ -78,27 +67,9 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory,
return encode(rawPassword, credential.getHashIterations(), credential.getSalt()).equals(credential.getValue());
}
- @Override
- public PasswordHashProvider create(KeycloakSession session) {
- return this;
- }
-
- @Override
- public void init(Config.Scope config) {
- }
-
- @Override
- public void postInit(KeycloakSessionFactory factory) {
- }
-
public void close() {
}
- @Override
- public String getId() {
- return ID;
- }
-
private String encode(String rawPassword, int iterations, byte[] salt) {
KeySpec spec = new PBEKeySpec(rawPassword.toCharArray(), salt, iterations, DERIVED_KEY_SIZE);
@@ -122,10 +93,9 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory,
private SecretKeyFactory getSecretKeyFactory() {
try {
- return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
+ return SecretKeyFactory.getInstance(pbkdf2Algorithm);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("PBKDF2 algorithm not found", e);
}
}
-
}
diff --git a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProviderFactory.java b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProviderFactory.java
new file mode 100644
index 0000000..ecd917d
--- /dev/null
+++ b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2PasswordHashProviderFactory.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.credential.hash;
+
+import org.keycloak.Config;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+
+/**
+ * @author <a href="mailto:me@tsudot.com">Kunal Kerkar</a>
+ */
+public class Pbkdf2PasswordHashProviderFactory implements PasswordHashProviderFactory {
+
+ public static final String ID = "pbkdf2";
+
+ public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
+
+ @Override
+ public PasswordHashProvider create(KeycloakSession session) {
+ return new Pbkdf2PasswordHashProvider(ID, PBKDF2_ALGORITHM);
+ }
+
+ @Override
+ public void init(Config.Scope config) {
+ }
+
+ @Override
+ public void postInit(KeycloakSessionFactory factory) {
+ }
+
+ @Override
+ public String getId() {
+ return ID;
+ }
+
+ @Override
+ public void close() {
+ }
+}
diff --git a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha256PasswordHashProviderFactory.java b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha256PasswordHashProviderFactory.java
new file mode 100644
index 0000000..c6453d1
--- /dev/null
+++ b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha256PasswordHashProviderFactory.java
@@ -0,0 +1,39 @@
+package org.keycloak.credential.hash;
+
+import org.keycloak.Config;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+
+/**
+ * PBKDF2 Password Hash provider with HMAC using SHA256
+ *
+ * @author <a href"mailto:abkaplan07@gmail.com">Adam Kaplan</a>
+ */
+public class Pbkdf2Sha256PasswordHashProviderFactory implements PasswordHashProviderFactory {
+
+ public static final String ID = "pbkdf2-sha256";
+
+ public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA256";
+
+ @Override
+ public PasswordHashProvider create(KeycloakSession session) {
+ return new Pbkdf2PasswordHashProvider(ID, PBKDF2_ALGORITHM);
+ }
+
+ @Override
+ public void init(Config.Scope config) {
+ }
+
+ @Override
+ public void postInit(KeycloakSessionFactory factory) {
+ }
+
+ @Override
+ public String getId() {
+ return ID;
+ }
+
+ @Override
+ public void close() {
+ }
+}
diff --git a/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha512PasswordHashProviderFactory.java b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha512PasswordHashProviderFactory.java
new file mode 100644
index 0000000..5f838a1
--- /dev/null
+++ b/server-spi-private/src/main/java/org/keycloak/credential/hash/Pbkdf2Sha512PasswordHashProviderFactory.java
@@ -0,0 +1,39 @@
+package org.keycloak.credential.hash;
+
+import org.keycloak.Config;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+
+/**
+ * Provider factory for SHA512 variant of the PBKDF2 password hash algorithm.
+ *
+ * @author @author <a href="mailto:abkaplan07@gmail.com">Adam Kaplan</a>
+ */
+public class Pbkdf2Sha512PasswordHashProviderFactory implements PasswordHashProviderFactory {
+
+ public static final String ID = "pbkdf2-sha512";
+
+ public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA512";
+
+ @Override
+ public PasswordHashProvider create(KeycloakSession session) {
+ return new Pbkdf2PasswordHashProvider(ID, PBKDF2_ALGORITHM);
+ }
+
+ @Override
+ public void init(Config.Scope config) {
+ }
+
+ @Override
+ public void postInit(KeycloakSessionFactory factory) {
+ }
+
+ @Override
+ public String getId() {
+ return ID;
+ }
+
+ @Override
+ public void close() {
+ }
+}
diff --git a/server-spi-private/src/main/java/org/keycloak/policy/HashAlgorithmPasswordPolicyProviderFactory.java b/server-spi-private/src/main/java/org/keycloak/policy/HashAlgorithmPasswordPolicyProviderFactory.java
index 303ba79..c1c6218 100644
--- a/server-spi-private/src/main/java/org/keycloak/policy/HashAlgorithmPasswordPolicyProviderFactory.java
+++ b/server-spi-private/src/main/java/org/keycloak/policy/HashAlgorithmPasswordPolicyProviderFactory.java
@@ -18,8 +18,10 @@
package org.keycloak.policy;
import org.keycloak.Config;
+import org.keycloak.credential.hash.PasswordHashProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.ModelException;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
@@ -29,8 +31,11 @@ import org.keycloak.models.UserModel;
*/
public class HashAlgorithmPasswordPolicyProviderFactory implements PasswordPolicyProviderFactory, PasswordPolicyProvider {
+ private KeycloakSession session;
+
@Override
public PasswordPolicyProvider create(KeycloakSession session) {
+ this.session = session;
return this;
}
@@ -83,7 +88,12 @@ public class HashAlgorithmPasswordPolicyProviderFactory implements PasswordPolic
@Override
public Object parseConfig(String value) {
- return value != null ? value : PasswordPolicy.HASH_ALGORITHM_DEFAULT;
+ String providerId = value != null && value.length() > 0 ? value : PasswordPolicy.HASH_ALGORITHM_DEFAULT;
+ PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, providerId);
+ if (provider == null) {
+ throw new ModelException("Password hashing provider not found");
+ }
+ return providerId;
}
}
diff --git a/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java b/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java
index dc6827d..a3f468e 100644
--- a/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java
+++ b/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java
@@ -95,7 +95,7 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
newPassword.setType(CredentialModel.PASSWORD);
long createdDate = Time.currentTimeMillis();
newPassword.setCreatedDate(createdDate);
- hash.encode(cred.getValue(), policy, newPassword);
+ hash.encode(cred.getValue(), policy.getHashIterations(), newPassword);
getCredentialStore().createCredential(realm, user, newPassword);
UserCache userCache = session.userCache();
if (userCache != null) {
@@ -207,7 +207,7 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
return true;
}
- hash.encode(cred.getValue(), policy, password);
+ hash.encode(cred.getValue(), policy.getHashIterations(), password);
getCredentialStore().updateCredential(realm, user, password);
UserCache userCache = session.userCache();
if (userCache != null) {
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 133a903..bc2c9ce 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -43,6 +43,7 @@ import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelDuplicateException;
+import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.cache.CacheRealmProvider;
@@ -327,6 +328,8 @@ public class RealmAdminResource {
return ErrorResponse.error("Specified regex pattern(s) is invalid.", Response.Status.BAD_REQUEST);
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Realm with same name exists");
+ } catch (ModelException e) {
+ return ErrorResponse.error(e.getMessage(), Status.BAD_REQUEST);
} catch (Exception e) {
logger.error(e.getMessage(), e);
return ErrorResponse.error("Failed to update realm", Response.Status.INTERNAL_SERVER_ERROR);
diff --git a/services/src/main/resources/META-INF/services/org.keycloak.credential.hash.PasswordHashProviderFactory b/services/src/main/resources/META-INF/services/org.keycloak.credential.hash.PasswordHashProviderFactory
index e72e56d..48f56fc 100644
--- a/services/src/main/resources/META-INF/services/org.keycloak.credential.hash.PasswordHashProviderFactory
+++ b/services/src/main/resources/META-INF/services/org.keycloak.credential.hash.PasswordHashProviderFactory
@@ -1 +1,3 @@
-org.keycloak.credential.hash.Pbkdf2PasswordHashProvider
\ No newline at end of file
+org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory
+org.keycloak.credential.hash.Pbkdf2Sha256PasswordHashProviderFactory
+org.keycloak.credential.hash.Pbkdf2Sha512PasswordHashProviderFactory
\ No newline at end of file
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java
index 651afc5..fb23bcd 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adduser/AddUserTest.java
@@ -26,7 +26,7 @@ import org.junit.rules.TemporaryFolder;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
-import org.keycloak.credential.hash.Pbkdf2PasswordHashProvider;
+import org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory;
import org.keycloak.models.Constants;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
@@ -85,7 +85,7 @@ public class AddUserTest {
CredentialRepresentation credentials = user.getCredentials().get(0);
- assertEquals(Pbkdf2PasswordHashProvider.ID, credentials.getAlgorithm());
+ assertEquals(Pbkdf2PasswordHashProviderFactory.ID, credentials.getAlgorithm());
assertEquals(new Integer(100000), credentials.getHashIterations());
KeycloakServer server = new KeycloakServer();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java
index 6eccb21..8a1bf5d 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/FederatedStorageExportImportTest.java
@@ -103,7 +103,7 @@ public class FederatedStorageExportImportTest {
session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
CredentialModel credential = new CredentialModel();
getHashProvider(session, realm.getPasswordPolicy()).encode("password", realm.
- getPasswordPolicy(), credential);
+ getPasswordPolicy().getHashIterations(), credential);
session.userFederatedStorage().createCredential(realm, userId, credential);
session.userFederatedStorage().grantRole(realm, userId, role);
session.userFederatedStorage().joinGroup(realm, userId, group);
@@ -170,7 +170,7 @@ public class FederatedStorageExportImportTest {
session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
CredentialModel credential = new CredentialModel();
getHashProvider(session, realm.getPasswordPolicy()).encode("password", realm.
- getPasswordPolicy(), credential);
+ getPasswordPolicy().getHashIterations(), credential);
session.userFederatedStorage().createCredential(realm, userId, credential);
session.userFederatedStorage().grantRole(realm, userId, role);
session.userFederatedStorage().joinGroup(realm, userId, group);
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
index 25045a8..0264eef 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
@@ -56,6 +56,10 @@
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.wildfly.core</groupId>
+ <artifactId>wildfly-controller</artifactId>
+ </dependency>
</dependencies>
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java
index cfcef5a..a4ae8c2 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java
@@ -17,13 +17,10 @@
package org.keycloak.testsuite.rest;
-import org.infinispan.Cache;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
-import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
-import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
import org.keycloak.events.Event;
import org.keycloak.events.EventQuery;
import org.keycloak.events.EventStoreProvider;
@@ -62,6 +59,11 @@ import org.keycloak.testsuite.forms.PassThroughClientAuthenticator;
import org.keycloak.testsuite.rest.representation.AuthenticatorState;
import org.keycloak.testsuite.rest.resource.TestCacheResource;
import org.keycloak.testsuite.rest.resource.TestingExportImportResource;
+import org.keycloak.testsuite.runonserver.ModuleUtil;
+import org.keycloak.testsuite.runonserver.FetchOnServer;
+import org.keycloak.testsuite.runonserver.RunOnServer;
+import org.keycloak.testsuite.runonserver.SerializationUtil;
+import org.keycloak.util.JsonSerialization;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
@@ -82,8 +84,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import static org.keycloak.exportimport.ExportImportConfig.PROVIDER;
-
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@@ -637,21 +637,6 @@ public class TestingResourceProvider implements RealmResourceProvider {
}
@GET
- @Path("/component")
- @Produces(MediaType.APPLICATION_JSON)
- public MultivaluedHashMap<String, String> getComponentConfig(@QueryParam("componentId") String componentId) {
- RealmModel realm = session.getContext().getRealm();
- return realm.getComponent(componentId).getConfig();
- }
-
- @GET
- @Path("/smtp-config")
- @Produces(MediaType.APPLICATION_JSON)
- public Map<String, String> getSmtpConfig() {
- return session.getContext().getRealm().getSmtpConfig();
- }
-
- @GET
@Path("/identity-config")
@Produces(MediaType.APPLICATION_JSON)
public Map<String, String> getIdentityProviderConfig(@QueryParam("alias") String alias) {
@@ -665,6 +650,29 @@ public class TestingResourceProvider implements RealmResourceProvider {
System.setProperty("java.security.krb5.conf", krb5ConfFile);
}
+ @POST
+ @Path("/run-on-server")
+ @Consumes(MediaType.TEXT_PLAIN)
+ @Produces(MediaType.TEXT_PLAIN)
+ public String runOnServer(String runOnServer) throws Exception {
+ try {
+ ClassLoader cl = ModuleUtil.isModules() ? ModuleUtil.getClassLoader() : getClass().getClassLoader();
+ Object r = SerializationUtil.decode(runOnServer, cl);
+
+ if (r instanceof FetchOnServer) {
+ Object result = ((FetchOnServer) r).run(session);
+ return result != null ? JsonSerialization.writeValueAsString(result) : null;
+ } else if (r instanceof RunOnServer) {
+ ((RunOnServer) r).run(session);
+ return null;
+ } else {
+ throw new IllegalArgumentException();
+ }
+ } catch (Throwable t) {
+ return SerializationUtil.encodeException(t);
+ }
+ }
+
private RealmModel getRealmByName(String realmName) {
RealmProvider realmProvider = session.getProvider(RealmProvider.class);
return realmProvider.getRealmByName(realmName);
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServer.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServer.java
new file mode 100644
index 0000000..c167ae7
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServer.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.runonserver;
+
+import org.keycloak.models.KeycloakSession;
+
+import java.io.Serializable;
+import java.util.function.Function;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public interface FetchOnServer extends Serializable {
+
+ Object run(KeycloakSession session);
+
+}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServerWrapper.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServerWrapper.java
new file mode 100644
index 0000000..d83a760
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/FetchOnServerWrapper.java
@@ -0,0 +1,12 @@
+package org.keycloak.testsuite.runonserver;
+
+/**
+ * Created by st on 26.01.17.
+ */
+public interface FetchOnServerWrapper<T> {
+
+ FetchOnServer getRunOnServer();
+
+ Class<T> getResultClass();
+
+}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/ModuleUtil.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/ModuleUtil.java
new file mode 100644
index 0000000..dfe3358
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/ModuleUtil.java
@@ -0,0 +1,35 @@
+package org.keycloak.testsuite.runonserver;
+
+import org.jboss.modules.Module;
+import org.jboss.modules.ModuleIdentifier;
+
+/**
+ * Created by st on 26.01.17.
+ */
+public class ModuleUtil {
+
+ private static boolean modules;
+
+ static {
+ try {
+ Module.getContextModuleLoader().loadModule(ModuleIdentifier.fromString("org.wildfly.common"));
+ modules = true;
+ } catch (Throwable t) {
+ modules = false;
+ }
+ }
+
+ public static boolean isModules() {
+ return modules;
+ }
+
+ public static ClassLoader getClassLoader() {
+ try {
+ Module m = Module.getContextModuleLoader().loadModule(ModuleIdentifier.fromString("deployment.run-on-server-classes.war"));
+ return m.getClassLoader();
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to load 'deployment.run-on-server-classes.war', did you include RunOnServerDeployment?", e);
+ }
+ }
+
+}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunHelpers.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunHelpers.java
new file mode 100644
index 0000000..59f20a8
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunHelpers.java
@@ -0,0 +1,44 @@
+package org.keycloak.testsuite.runonserver;
+
+import org.keycloak.models.utils.ModelToRepresentation;
+import org.keycloak.representations.idm.ComponentRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+
+/**
+ * Created by st on 26.01.17.
+ */
+public class RunHelpers {
+
+ public static FetchOnServerWrapper<RealmRepresentation> internalRealm() {
+ return new FetchOnServerWrapper() {
+
+ @Override
+ public FetchOnServer getRunOnServer() {
+ return (FetchOnServer) session -> ModelToRepresentation.toRepresentation(session.getContext().getRealm(), true);
+ }
+
+ @Override
+ public Class<RealmRepresentation> getResultClass() {
+ return RealmRepresentation.class;
+ }
+
+ };
+ }
+
+ public static FetchOnServerWrapper<ComponentRepresentation> internalComponent(String componentId) {
+ return new FetchOnServerWrapper() {
+
+ @Override
+ public FetchOnServer getRunOnServer() {
+ return (FetchOnServer) session -> ModelToRepresentation.toRepresentation(session, session.getContext().getRealm().getComponent(componentId), true);
+ }
+
+ @Override
+ public Class<ComponentRepresentation> getResultClass() {
+ return ComponentRepresentation.class;
+ }
+
+ };
+ }
+
+}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServer.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServer.java
new file mode 100644
index 0000000..bd9524b
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServer.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.runonserver;
+
+import org.keycloak.models.KeycloakSession;
+
+import java.io.Serializable;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public interface RunOnServer extends Serializable {
+
+ void run(KeycloakSession session);
+
+}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServerException.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServerException.java
new file mode 100644
index 0000000..cfe8ed0
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/RunOnServerException.java
@@ -0,0 +1,12 @@
+package org.keycloak.testsuite.runonserver;
+
+/**
+ * Created by st on 26.01.17.
+ */
+public class RunOnServerException extends RuntimeException {
+
+ public RunOnServerException(Throwable throwable) {
+ super(throwable);
+ }
+
+}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/SerializationUtil.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/SerializationUtil.java
new file mode 100644
index 0000000..cd1b216
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/runonserver/SerializationUtil.java
@@ -0,0 +1,70 @@
+package org.keycloak.testsuite.runonserver;
+
+import org.keycloak.common.util.Base64;
+
+import java.io.*;
+
+/**
+ * Created by st on 26.01.17.
+ */
+public class SerializationUtil {
+
+ public static String encode(Object function) {
+ try {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new ObjectOutputStream(os);
+ oos.writeObject(function);
+ oos.close();
+
+ return Base64.encodeBytes(os.toByteArray());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static Object decode(String encoded, ClassLoader classLoader) {
+ try {
+ byte[] bytes = Base64.decode(encoded);
+ ByteArrayInputStream is = new ByteArrayInputStream(bytes);
+ ObjectInputStream ois = new ObjectInputStream(is) {
+ @Override
+ protected Class<?> resolveClass(ObjectStreamClass c) throws IOException, ClassNotFoundException {
+ try {
+ return Class.forName(c.getName(), false, classLoader);
+ } catch (ClassNotFoundException e) {
+ throw e;
+ }
+ }
+ };
+
+ return ois.readObject();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static String encodeException(Throwable t) {
+ try {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new ObjectOutputStream(os);
+ oos.writeObject(t);
+ oos.close();
+
+ return Base64.encodeBytes(os.toByteArray());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static Throwable decodeException(String result) {
+ try {
+ byte[] bytes = Base64.decode(result);
+ ByteArrayInputStream is = new ByteArrayInputStream(bytes);
+ ObjectInputStream ois = new ObjectInputStream(is);
+ return (Throwable) ois.readObject();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml
index 6f20838..1e4b3f7 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml
@@ -38,5 +38,6 @@
<module name="javax.persistence.api"/>
<module name="org.hibernate"/>
<module name="org.javassist"/>
+ <module name="org.jboss.modules"/>
</dependencies>
</module>
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
index 587b195..8b1a6e8 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
@@ -71,6 +71,11 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
@Override
public void process(Archive<?> archive, TestClass testClass) {
+ // Ignore run on server classes
+ if (archive.getName().equals("run-on-server-classes.war")) {
+ return;
+ }
+
log.info("Processing archive " + archive.getName());
// if (isAdapterTest(testClass)) {
modifyAdapterConfigs(archive, testClass);
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java
index ae3a873..1e20944 100755
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java
@@ -23,11 +23,14 @@ import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget;
import org.keycloak.testsuite.client.resources.TestApplicationResource;
import org.keycloak.testsuite.client.resources.TestExampleCompanyResource;
import org.keycloak.testsuite.client.resources.TestingResource;
+import org.keycloak.testsuite.runonserver.*;
+import org.keycloak.util.JsonSerialization;
/**
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
*/
public class KeycloakTestingClient {
+
private final ResteasyWebTarget target;
private final ResteasyClient client;
@@ -52,6 +55,67 @@ public class KeycloakTestingClient {
public TestExampleCompanyResource testExampleCompany() { return target.proxy(TestExampleCompanyResource.class); }
+ public Server server() {
+ return new Server("master");
+ }
+
+ public Server server(String realm) {
+ return new Server(realm);
+ }
+
+ public class Server {
+
+ private String realm;
+
+ public Server(String realm) {
+ this.realm = realm;
+ }
+
+ public <T> T fetch(FetchOnServerWrapper<T> wrapper) throws RunOnServerException {
+ return fetch(wrapper.getRunOnServer(), wrapper.getResultClass());
+ }
+
+ public <T> T fetch(FetchOnServer function, Class<T> clazz) throws RunOnServerException {
+ try {
+ String s = fetch(function);
+ return JsonSerialization.readValue(s, clazz);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public String fetch(FetchOnServer function) throws RunOnServerException {
+ String encoded = SerializationUtil.encode(function);
+
+ String result = testing(realm != null ? realm : "master").runOnServer(encoded);
+ if (result != null && !result.isEmpty() && !result.trim().startsWith("{")) {
+ Throwable t = SerializationUtil.decodeException(result);
+ if (t instanceof AssertionError) {
+ throw (AssertionError) t;
+ } else {
+ throw new RunOnServerException(t);
+ }
+ } else {
+ return result;
+ }
+ }
+
+ public void run(RunOnServer function) throws RunOnServerException {
+ String encoded = SerializationUtil.encode(function);
+
+ String result = testing(realm != null ? realm : "master").runOnServer(encoded);
+ if (result != null && !result.isEmpty() && !result.trim().startsWith("{")) {
+ Throwable t = SerializationUtil.decodeException(result);
+ if (t instanceof AssertionError) {
+ throw (AssertionError) t;
+ } else {
+ throw new RunOnServerException(t);
+ }
+ }
+ }
+
+ }
+
public void close() {
client.close();
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
index 9bb73d3..02d889f 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
@@ -243,22 +243,19 @@ public interface TestingResource {
Map<String, TestProvider.DetailsRepresentation> getTestComponentDetails();
@GET
- @Path("/smtp-config")
- @Produces(MediaType.APPLICATION_JSON)
- Map<String, String> getSmtpConfig();
-
- @GET
@Path("/identity-config")
@Produces(MediaType.APPLICATION_JSON)
Map<String, String> getIdentityProviderConfig(@QueryParam("alias") String alias);
- @GET
- @Path("/component")
- @Produces(MediaType.APPLICATION_JSON)
- MultivaluedHashMap<String, String> getComponentConfig(@QueryParam("componentId") String componentId);
-
@PUT
@Path("/set-krb5-conf-file")
@Consumes(MediaType.APPLICATION_JSON)
void setKrb5ConfFile(@QueryParam("krb5-conf-file") String krb5ConfFile);
+
+ @POST
+ @Path("/run-on-server")
+ @Consumes(MediaType.TEXT_PLAIN)
+ @Produces(MediaType.TEXT_PLAIN)
+ String runOnServer(String runOnServer);
+
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
index f550c17..2fbb5a3 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
@@ -129,8 +129,6 @@ public class IdentityProviderTest extends AbstractAdminTest {
assertFalse(representation.isStoreToken());
assertFalse(representation.isTrustEmail());
- testingClient.testing("admin-client-test").getSmtpConfig();
-
assertEquals("some secret value", testingClient.testing("admin-client-test").getIdentityProviderConfig("new-identity-provider").get("clientSecret"));
IdentityProviderRepresentation rep = realm.identityProviders().findAll().stream().filter(i -> i.getAlias().equals("new-identity-provider")).findFirst().get();
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
index d0a8bde..db10d02 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@@ -19,12 +19,13 @@ package org.keycloak.testsuite.admin.realm;
import org.apache.commons.io.IOUtils;
import org.hamcrest.Matchers;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ServerInfoResource;
-import org.keycloak.common.util.StreamUtil;
import org.keycloak.common.util.Time;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
@@ -34,7 +35,6 @@ import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.idm.AdminEventRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
-import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
@@ -45,6 +45,9 @@ import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.auth.page.AuthRealm;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
+import org.keycloak.testsuite.runonserver.RunHelpers;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.CredentialBuilder;
import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse;
@@ -52,7 +55,6 @@ import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.util.JsonSerialization;
-import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import java.io.IOException;
@@ -66,7 +68,6 @@ import java.util.Map;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
@@ -77,6 +78,11 @@ import static org.junit.Assert.fail;
*/
public class RealmTest extends AbstractAdminTest {
+ @Deployment
+ public static WebArchive deploy() {
+ return RunOnServerDeployment.create();
+ }
+
@Rule
public AssertEvents events = new AssertEvents(this);
@@ -140,7 +146,10 @@ public class RealmTest extends AbstractAdminTest {
RealmRepresentation returned = adminClient.realm("realm-with-smtp").toRepresentation();
assertEquals(ComponentRepresentation.SECRET_VALUE, returned.getSmtpServer().get("password"));
- assertEquals("secret", testingClient.testing("realm-with-smtp").getSmtpConfig().get("password"));
+ KeycloakTestingClient.Server serverClient = testingClient.server("realm-with-smtp");
+
+ RealmRepresentation internalRep = serverClient.fetch(RunHelpers.internalRealm());
+ assertEquals("secret", internalRep.getSmtpServer().get("password"));
adminClient.realm("realm-with-smtp").update(rep);
@@ -148,7 +157,8 @@ public class RealmTest extends AbstractAdminTest {
assertFalse(event.getRepresentation().contains("some secret value!!"));
assertTrue(event.getRepresentation().contains(ComponentRepresentation.SECRET_VALUE));
- assertEquals("secret", testingClient.testing("realm-with-smtp").getSmtpConfig().get("password"));
+ internalRep = serverClient.fetch(RunHelpers.internalRealm());
+ assertEquals("secret", internalRep.getSmtpServer().get("password"));
RealmRepresentation realm = adminClient.realms().findAll().stream().filter(r -> r.getRealm().equals("realm-with-smtp")).findFirst().get();
assertEquals(ComponentRepresentation.SECRET_VALUE, realm.getSmtpServer().get("password"));
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java
new file mode 100644
index 0000000..caaadb9
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/PasswordHashingTest.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.forms;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.common.util.Base64;
+import org.keycloak.credential.CredentialModel;
+import org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory;
+import org.keycloak.credential.hash.Pbkdf2Sha256PasswordHashProviderFactory;
+import org.keycloak.credential.hash.Pbkdf2Sha512PasswordHashProviderFactory;
+import org.keycloak.events.Details;
+import org.keycloak.events.EventType;
+import org.keycloak.models.BrowserSecurityHeaders;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.ModelToRepresentation;
+import org.keycloak.models.utils.RepresentationToModel;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.ErrorRepresentation;
+import org.keycloak.representations.idm.EventRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.admin.ApiUtil;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.pages.AppPage;
+import org.keycloak.testsuite.pages.AppPage.RequestType;
+import org.keycloak.testsuite.pages.ErrorPage;
+import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
+import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
+import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.UserBuilder;
+import org.keycloak.util.JsonSerialization;
+
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.InternalServerErrorException;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.KeySpec;
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class PasswordHashingTest extends AbstractTestRealmKeycloakTest {
+
+ @Deployment
+ public static WebArchive deploy() {
+ return RunOnServerDeployment.create(PasswordHashingTest.class, AbstractTestRealmKeycloakTest.class);
+ }
+
+ @Override
+ public void configureTestRealm(RealmRepresentation testRealm) {
+ }
+
+ @Page
+ protected LoginPage loginPage;
+
+ @Test
+ public void testSetInvalidProvider() throws Exception {
+ try {
+ setPasswordPolicy("hashAlgorithm(nosuch)");
+ fail("Expected error");
+ } catch (BadRequestException e) {
+ ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
+ assertEquals("Password hashing provider not found", error.getErrorMessage());
+ }
+ }
+
+ @Test
+ public void testPasswordRehashedOnAlgorithmChanged() throws Exception {
+ String username = "testPasswordRehashedOnAlgorithmChanged";
+ createUser(username);
+
+ CredentialModel credential = fetchCredentials(username);
+
+ assertEquals(Pbkdf2PasswordHashProviderFactory.ID, credential.getAlgorithm());
+
+ assertEncoded(credential, "password", credential.getSalt(), "PBKDF2WithHmacSHA1", 20000);
+
+ setPasswordPolicy("hashAlgorithm(" + Pbkdf2Sha256PasswordHashProviderFactory.ID + ")");
+
+ loginPage.open();
+ loginPage.login(username, "password");
+
+ credential = fetchCredentials(username);
+
+ assertEquals(Pbkdf2Sha256PasswordHashProviderFactory.ID, credential.getAlgorithm());
+ assertEncoded(credential, "password", credential.getSalt(), "PBKDF2WithHmacSHA256", 20000);
+ }
+
+ @Test
+ public void testPasswordRehashedOnIterationsChanged() throws Exception {
+ String username = "testPasswordRehashedOnIterationsChanged";
+ createUser(username);
+
+ CredentialModel credential = fetchCredentials(username);
+
+ assertEquals(20000, credential.getHashIterations());
+
+ setPasswordPolicy("hashIterations(1)");
+
+ loginPage.open();
+ loginPage.login(username, "password");
+
+ credential = fetchCredentials(username);
+
+ assertEquals(1, credential.getHashIterations());
+ assertEncoded(credential, "password", credential.getSalt(), "PBKDF2WithHmacSHA1", 1);
+ }
+
+ @Test
+ public void testPbkdf2Sha1() throws Exception {
+ setPasswordPolicy("hashAlgorithm(" + Pbkdf2PasswordHashProviderFactory.ID + ")");
+ String username = "testPbkdf2Sha1";
+ createUser(username);
+
+ CredentialModel credential = fetchCredentials(username);
+ assertEncoded(credential, "password", credential.getSalt(), "PBKDF2WithHmacSHA1", 20000);
+ }
+
+ @Test
+ public void testPbkdf2Sha256() throws Exception {
+ setPasswordPolicy("hashAlgorithm(" + Pbkdf2Sha256PasswordHashProviderFactory.ID + ")");
+ String username = "testPbkdf2Sha256";
+ createUser(username);
+
+ CredentialModel credential = fetchCredentials(username);
+ assertEncoded(credential, "password", credential.getSalt(), "PBKDF2WithHmacSHA256", 20000);
+ }
+
+ @Test
+ public void testPbkdf2Sha512() throws Exception {
+ setPasswordPolicy("hashAlgorithm(" + Pbkdf2Sha512PasswordHashProviderFactory.ID + ")");
+ String username = "testPbkdf2Sha512";
+ createUser(username);
+
+ CredentialModel credential = fetchCredentials(username);
+ assertEncoded(credential, "password", credential.getSalt(), "PBKDF2WithHmacSHA512", 20000);
+ }
+
+
+ private void createUser(String username) {
+ ApiUtil.createUserAndResetPasswordWithAdminClient(adminClient.realm("test"), UserBuilder.create().username(username).build(), "password");
+ }
+
+ private void setPasswordPolicy(String policy) {
+ RealmRepresentation realmRep = testRealm().toRepresentation();
+ realmRep.setPasswordPolicy(policy);
+ testRealm().update(realmRep);
+ }
+
+ private CredentialModel fetchCredentials(String username) {
+ return testingClient.server("test").fetch(session -> {
+ RealmModel realm = session.getContext().getRealm();
+ UserModel user = session.users().getUserByUsername(username, realm);
+ return session.userCredentialManager().getStoredCredentialsByType(realm, user, CredentialRepresentation.PASSWORD).get(0);
+ }, CredentialModel.class);
+ }
+
+ private void assertEncoded(CredentialModel credential, String password, byte[] salt, String algorithm, int iterations) throws Exception {
+ KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, 512);
+ byte[] key = SecretKeyFactory.getInstance(algorithm).generateSecret(spec).getEncoded();
+ assertEquals(Base64.encodeBytes(key), credential.getValue());
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
index fb3a4f7..e5d2bc2 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
@@ -17,16 +17,15 @@
package org.keycloak.testsuite.keys;
+import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.MultivaluedHashMap;
-import org.keycloak.common.util.PemUtils;
import org.keycloak.jose.jws.AlgorithmType;
-import org.keycloak.jose.jws.crypto.HMACProvider;
import org.keycloak.keys.GeneratedHmacKeyProviderFactory;
-import org.keycloak.keys.GeneratedRsaKeyProviderFactory;
import org.keycloak.keys.KeyProvider;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation;
@@ -37,9 +36,10 @@ import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.runonserver.RunHelpers;
+import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
import javax.ws.rs.core.Response;
-import java.security.interfaces.RSAPublicKey;
import java.util.List;
import static org.junit.Assert.*;
@@ -50,6 +50,11 @@ import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
*/
public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
+ @Deployment
+ public static WebArchive deploy() {
+ return RunOnServerDeployment.create();
+ }
+
@Rule
public AssertEvents events = new AssertEvents(this);
@@ -94,7 +99,8 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
assertEquals(AlgorithmType.HMAC.name(), key.getType());
assertEquals(priority, key.getProviderPriority());
- assertEquals(32, Base64Url.decode(testingClient.testing("test").getComponentConfig(id).getFirst("secret")).length);
+ ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
+ assertEquals(32, Base64Url.decode(component.getConfig().getFirst("secret")).length);
}
@Test
@@ -127,7 +133,8 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
assertEquals(AlgorithmType.HMAC.name(), key.getType());
assertEquals(priority, key.getProviderPriority());
- assertEquals(512, Base64Url.decode(testingClient.testing("test").getComponentConfig(id).getFirst("secret")).length);
+ ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
+ assertEquals(512, Base64Url.decode(component.getConfig().getFirst("secret")).length);
}
@Test
@@ -141,13 +148,15 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
- assertEquals(32, Base64Url.decode(testingClient.testing("test").getComponentConfig(id).getFirst("secret")).length);
+ ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
+ assertEquals(32, Base64Url.decode(component.getConfig().getFirst("secret")).length);
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
createdRep.getConfig().putSingle("secretSize", "512");
adminClient.realm("test").components().component(id).update(createdRep);
- assertEquals(512, Base64Url.decode(testingClient.testing("test").getComponentConfig(id).getFirst("secret")).length);
+ component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
+ assertEquals(512, Base64Url.decode(component.getConfig().getFirst("secret")).length);
}
@Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
index 7c8041b..2019b8e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
@@ -21,6 +21,9 @@ import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.NotFoundException;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
@@ -47,7 +50,11 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.migration.Migration;
+import org.keycloak.testsuite.runonserver.RunHelpers;
+import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
+import org.keycloak.testsuite.util.OAuthClient;
import static org.keycloak.testsuite.Assert.assertEquals;
import static org.keycloak.testsuite.Assert.assertFalse;
@@ -68,7 +75,12 @@ public class MigrationTest extends AbstractKeycloakTest {
private RealmResource migrationRealm2;
private RealmResource migrationRealm3;
private RealmResource masterRealm;
-
+
+ @Deployment
+ public static WebArchive deploy() {
+ return RunOnServerDeployment.create();
+ }
+
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
log.info("Adding no test realms for migration test. Test realm should be migrated from previous vesrion.");
@@ -179,7 +191,9 @@ public class MigrationTest extends AbstractKeycloakTest {
components = masterRealm.components().query(MASTER, KeyProvider.class.getName(), "rsa");
assertEquals(1, components.size());
- assertEquals(expectedMasterRealmKey, testingClient.testing(MASTER).getComponentConfig(components.get(0).getId()).getFirst("privateKey"));
+
+ ComponentRepresentation component = testingClient.server(MASTER).fetch(RunHelpers.internalComponent(components.get(0).getId()));
+ assertEquals(expectedMasterRealmKey, component.getConfig().getFirst("privateKey"));
components = masterRealm.components().query(MASTER, KeyProvider.class.getName(), "hmac-generated");
assertEquals(1, components.size());
@@ -189,7 +203,9 @@ public class MigrationTest extends AbstractKeycloakTest {
components = migrationRealm.components().query(MIGRATION, KeyProvider.class.getName(), "rsa");
assertEquals(1, components.size());
- assertEquals(expectedMigrationRealmKey, testingClient.testing(MIGRATION).getComponentConfig(components.get(0).getId()).getFirst("privateKey"));
+
+ component = testingClient.server(MIGRATION).fetch(RunHelpers.internalComponent(components.get(0).getId()));
+ assertEquals(expectedMigrationRealmKey, component.getConfig().getFirst("privateKey"));
components = migrationRealm.components().query(MIGRATION, KeyProvider.class.getName(), "hmac-generated");
assertEquals(1, components.size());
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/InternalComponentRepresentation.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/InternalComponentRepresentation.java
new file mode 100644
index 0000000..346ccc6
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/InternalComponentRepresentation.java
@@ -0,0 +1,27 @@
+package org.keycloak.testsuite.runonserver;
+
+import org.keycloak.models.utils.ModelToRepresentation;
+import org.keycloak.representations.idm.ComponentRepresentation;
+
+/**
+ * Created by st on 26.01.17.
+ */
+public class InternalComponentRepresentation implements FetchOnServerWrapper<ComponentRepresentation> {
+
+ private final String componentId;
+
+ public InternalComponentRepresentation(String componentId) {
+ this.componentId = componentId;
+ }
+
+ @Override
+ public FetchOnServer getRunOnServer() {
+ return (FetchOnServer) session -> ModelToRepresentation.toRepresentation(session.getContext().getRealm(), true);
+ }
+
+ @Override
+ public Class<ComponentRepresentation> getResultClass() {
+ return ComponentRepresentation.class;
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerDeployment.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerDeployment.java
new file mode 100644
index 0000000..bdc6eee
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerDeployment.java
@@ -0,0 +1,23 @@
+package org.keycloak.testsuite.runonserver;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.runonserver.RunOnServerException;
+
+/**
+ * Created by st on 26.01.17.
+ */
+public class RunOnServerDeployment {
+
+ @Deployment
+ public static WebArchive create(Class<?> ... classes) {
+ return ShrinkWrap.create(WebArchive.class, "run-on-server-classes.war")
+ .addAsManifestResource("run-on-server-jboss-deployment-structure.xml","jboss-deployment-structure.xml")
+ .addClasses(classes)
+ .addClass(AbstractKeycloakTest.class)
+ .addClass(RunOnServerException.class);
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerTest.java
new file mode 100755
index 0000000..4101ffc
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/runonserver/RunOnServerTest.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.runonserver;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.ComparisonFailure;
+import org.junit.Test;
+import org.keycloak.models.ModelException;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.utils.ModelToRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.AbstractKeycloakTest;
+
+import java.io.IOException;
+import java.util.List;
+
+import static org.junit.Assert.*;
+
+/**
+ * This checks running code on the server for tests works and is not a test of the actual server
+ *
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class RunOnServerTest extends AbstractKeycloakTest {
+
+ @Deployment
+ public static WebArchive deploy() {
+ return RunOnServerDeployment.create(RunOnServerTest.class);
+ }
+
+ @Test
+ public void runOnServerRep() throws IOException {
+ final String realmName = "master";
+
+ RealmRepresentation realmRep = testingClient.server().fetch(session -> {
+ RealmModel master = session.realms().getRealm(realmName);
+ return ModelToRepresentation.toRepresentation(master, true);
+ }, RealmRepresentation.class);
+
+ assertEquals(realmName, realmRep.getRealm());
+ }
+
+ @Test
+ public void runOnServerHelpers() throws IOException {
+ RealmRepresentation realmRep = testingClient.server().fetch(RunHelpers.internalRealm());
+ assertEquals("master", realmRep.getRealm());
+ }
+
+ @Test
+ public void runOnServerNoResponse() throws IOException {
+ testingClient.server().run(session -> System.out.println("Hello world!"));
+ }
+
+ @Test
+ public void runOnServerAssertOnServer() throws IOException {
+ try {
+ testingClient.server().run(session -> assertEquals("foo", "bar"));
+ fail("Expected exception");
+ } catch (ComparisonFailure e) {
+ assertEquals("expected:<[foo]> but was:<[bar]>", e.getMessage());
+ }
+ }
+
+ @Test
+ public void runOnServerExceptionOnServer() throws IOException {
+ try {
+ testingClient.server().run(session -> {
+ throw new ModelException("Something went wrong");
+ });
+ fail("Expected exception");
+ } catch (RunOnServerException e) {
+ assertTrue(e.getCause() instanceof ModelException);
+ assertEquals("Something went wrong", e.getCause().getMessage());
+ }
+ }
+
+ @Override
+ public void addTestRealms(List<RealmRepresentation> testRealms) {
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/run-on-server-jboss-deployment-structure.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/run-on-server-jboss-deployment-structure.xml
new file mode 100644
index 0000000..5ffd9a1
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/run-on-server-jboss-deployment-structure.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0"?>
+<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
+ <deployment>
+ <dependencies>
+ <module name="org.keycloak.testsuite.integration-arquillian-testsuite-providers"/>
+ <module name="org.keycloak.keycloak-common"/>
+ <module name="org.keycloak.keycloak-core"/>
+ <module name="org.keycloak.keycloak-server-spi"/>
+ <module name="org.keycloak.keycloak-server-spi-private"/>
+ <module name="org.keycloak.keycloak-services"/>
+ <module name="org.keycloak.keycloak-model-infinispan"/>
+ <module name="org.keycloak.keycloak-model-jpa"/>
+ </dependencies>
+ </deployment>
+</jboss-deployment-structure>
\ No newline at end of file
diff --git a/wildfly/adduser/src/main/java/org/keycloak/wildfly/adduser/AddUser.java b/wildfly/adduser/src/main/java/org/keycloak/wildfly/adduser/AddUser.java
index 79fcaaf..048b384 100644
--- a/wildfly/adduser/src/main/java/org/keycloak/wildfly/adduser/AddUser.java
+++ b/wildfly/adduser/src/main/java/org/keycloak/wildfly/adduser/AddUser.java
@@ -30,7 +30,10 @@ import org.jboss.aesh.console.command.registry.AeshCommandRegistryBuilder;
import org.jboss.aesh.console.command.registry.CommandRegistry;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
-import org.keycloak.credential.hash.Pbkdf2PasswordHashProvider;
+import org.keycloak.credential.hash.PasswordHashProvider;
+import org.keycloak.credential.hash.PasswordHashProviderFactory;
+import org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory;
+import org.keycloak.models.PasswordPolicy;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
@@ -44,6 +47,8 @@ import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
+import java.util.ServiceLoader;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -52,6 +57,7 @@ public class AddUser {
private static final String COMMAND_NAME = "add-user";
private static final int DEFAULT_HASH_ITERATIONS = 100000;
+ private static final String DEFAULT_HASH_ALGORITH = PasswordPolicy.HASH_ALGORITHM_DEFAULT;
public static void main(String[] args) throws Exception {
AddUserCommand command = new AddUserCommand();
@@ -152,14 +158,23 @@ public class AddUser {
user.setUsername(userName);
user.setCredentials(new LinkedList<CredentialRepresentation>());
- CredentialModel credentialValueModel = new Pbkdf2PasswordHashProvider().encode(password, iterations > 0 ? iterations : DEFAULT_HASH_ITERATIONS);
+ Map<String, Object> config = new HashMap<>();
+ if (iterations > 0) {
+ config.put("hashIterations", iterations);
+ }
+
+ PasswordHashProviderFactory hashProviderFactory = getHashProviderFactory(DEFAULT_HASH_ALGORITH);
+ PasswordHashProvider hashProvider = hashProviderFactory.create(null);
+
+ CredentialModel credentialModel = new CredentialModel();
+ hashProvider.encode(password, iterations > 0 ? iterations : DEFAULT_HASH_ITERATIONS, credentialModel);
CredentialRepresentation credentials = new CredentialRepresentation();
- credentials.setType(credentialValueModel.getType());
- credentials.setAlgorithm(credentialValueModel.getAlgorithm());
- credentials.setHashIterations(credentialValueModel.getHashIterations());
- credentials.setSalt(Base64.encodeBytes(credentialValueModel.getSalt()));
- credentials.setHashedSaltedValue(credentialValueModel.getValue());
+ credentials.setType(credentialModel.getType());
+ credentials.setAlgorithm(credentialModel.getAlgorithm());
+ credentials.setHashIterations(credentialModel.getHashIterations());
+ credentials.setSalt(Base64.encodeBytes(credentialModel.getSalt()));
+ credentials.setHashedSaltedValue(credentialModel.getValue());
user.getCredentials().add(credentials);
@@ -203,6 +218,16 @@ public class AddUser {
System.out.println("Added '" + userName + "' to '" + addUserFile + "', restart server to load user");
}
+ private static PasswordHashProviderFactory getHashProviderFactory(String providerId) {
+ ServiceLoader<PasswordHashProviderFactory> providerFactories = ServiceLoader.load(PasswordHashProviderFactory.class);
+ for (PasswordHashProviderFactory f : providerFactories) {
+ if (f.getId().equals(providerId)) {
+ return f;
+ }
+ }
+ return null;
+ }
+
private static void checkRequired(Command command, String field) throws Exception {
if (isEmpty(command, field)) {
Option option = command.getClass().getDeclaredField(field).getAnnotation(Option.class);