View Javadoc
1   /*
2    *  Copyright 2022 Red Hat
3    *
4    *  Licensed under the Apache License, Version 2.0 (the "License");
5    *  you may not use this file except in compliance with the License.
6    *  You may obtain a copy of the License at
7    *
8    *      https://www.apache.org/licenses/LICENSE-2.0
9    *
10   *  Unless required by applicable law or agreed to in writing, software
11   *  distributed under the License is distributed on an "AS IS" BASIS,
12   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *  See the License for the specific language governing permissions and
14   *  limitations under the License.
15   */
16  package org.jboss.hal.testsuite.test.configuration.security;
17  
18  import java.util.List;
19  
20  import org.jboss.arquillian.core.api.annotation.Inject;
21  import org.jboss.arquillian.graphene.page.Page;
22  import org.jboss.dmr.ModelNode;
23  import org.jboss.hal.testsuite.Console;
24  import org.jboss.hal.testsuite.CrudOperations;
25  import org.jboss.hal.testsuite.Random;
26  import org.jboss.hal.testsuite.command.AddKeyStore;
27  import org.jboss.hal.testsuite.container.WildFlyContainer;
28  import org.jboss.hal.testsuite.fragment.FormFragment;
29  import org.jboss.hal.testsuite.fragment.TableFragment;
30  import org.jboss.hal.testsuite.model.ResourceVerifier;
31  import org.jboss.hal.testsuite.page.configuration.SecurityRealmPage;
32  import org.jboss.hal.testsuite.test.Manatoko;
33  import org.junit.jupiter.api.BeforeAll;
34  import org.junit.jupiter.api.BeforeEach;
35  import org.junit.jupiter.api.Test;
36  import org.testcontainers.junit.jupiter.Container;
37  import org.testcontainers.junit.jupiter.Testcontainers;
38  import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
39  import org.wildfly.extras.creaper.core.online.operations.Operations;
40  import org.wildfly.extras.creaper.core.online.operations.Values;
41  
42  import static org.jboss.hal.dmr.ModelDescriptionConstants.CLIENT_SSL_CONTEXT;
43  import static org.jboss.hal.dmr.ModelDescriptionConstants.KEY_STORE;
44  import static org.jboss.hal.testsuite.container.WildFlyConfiguration.DEFAULT;
45  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.AUDIENCE;
46  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.CERTIFICATE;
47  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.CLIENT_ID;
48  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.CLIENT_SECRET;
49  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.CLIENT_SSL_READ;
50  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.INTROSPECTION_URL;
51  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.INTROSPECTION_URL_VALUE;
52  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.ISSUER;
53  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.JWT;
54  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.JWT_TAB;
55  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.KEY_STORE_READ;
56  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.OAUTH2_INTROSPECTION;
57  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.OAUTH2_INTROSPECTION_TAB;
58  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.PRINCIPAL_CLAIM;
59  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.PUBLIC_KEY;
60  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_CREATE;
61  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_DELETE;
62  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_JWT_CREATE;
63  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_JWT_DELETE;
64  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_JWT_UPDATE;
65  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_OAUTH2_INTROSPECTION_CREATE;
66  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_OAUTH2_INTROSPECTION_DELETE;
67  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_OAUTH2_INTROSPECTION_UPDATE;
68  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.TOKEN_REALM_UPDATE;
69  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.clientSslContextAddress;
70  import static org.jboss.hal.testsuite.fixtures.SecurityFixtures.tokenRealmAddress;
71  import static org.junit.jupiter.api.Assertions.assertTrue;
72  
73  @Manatoko
74  @Testcontainers
75  class TokenRealmTest {
76  
77      @Container static WildFlyContainer wildFly = WildFlyContainer.standalone(DEFAULT);
78  
79      @BeforeAll
80      static void setupModel() throws Exception {
81          OnlineManagementClient client = wildFly.managementClient();
82          Operations operations = new Operations(client);
83  
84          client.apply(new AddKeyStore(KEY_STORE_READ));
85          operations.add(clientSslContextAddress(CLIENT_SSL_READ));
86  
87          operations.add(tokenRealmAddress(TOKEN_REALM_UPDATE));
88          operations.add(tokenRealmAddress(TOKEN_REALM_DELETE));
89  
90          ModelNode jwt = new ModelNode();
91          jwt.get(AUDIENCE).add(Random.name());
92          operations.add(tokenRealmAddress(TOKEN_REALM_JWT_CREATE));
93          operations.add(tokenRealmAddress(TOKEN_REALM_JWT_UPDATE), Values.of(JWT, jwt));
94          operations.add(tokenRealmAddress(TOKEN_REALM_JWT_DELETE), Values.of(JWT, jwt));
95  
96          ModelNode oauth2Introspection = new ModelNode();
97          oauth2Introspection.get(CLIENT_ID).set(Random.name());
98          oauth2Introspection.get(CLIENT_SECRET).set(Random.name());
99          oauth2Introspection.get(CLIENT_SSL_CONTEXT).set(CLIENT_SSL_READ);
100         oauth2Introspection.get(INTROSPECTION_URL).set(INTROSPECTION_URL_VALUE);
101         operations.add(tokenRealmAddress(TOKEN_REALM_OAUTH2_INTROSPECTION_CREATE));
102         operations.add(tokenRealmAddress(TOKEN_REALM_OAUTH2_INTROSPECTION_UPDATE),
103                 Values.of(OAUTH2_INTROSPECTION, oauth2Introspection));
104         operations.add(tokenRealmAddress(TOKEN_REALM_OAUTH2_INTROSPECTION_DELETE),
105                 Values.of(OAUTH2_INTROSPECTION, oauth2Introspection));
106     }
107 
108     @Inject Console console;
109     @Inject CrudOperations crud;
110     @Page SecurityRealmPage page;
111     TableFragment table;
112     FormFragment form;
113 
114     @BeforeEach
115     void prepare() {
116         page.navigate();
117         console.verticalNavigation().selectSecondary("security-realm-item", "elytron-token-realm-item");
118         table = page.getTokenRealmTable();
119         form = page.getTokenRealmForm();
120         table.bind(form);
121     }
122 
123     // ------------------------------------------------------ token realm
124 
125     @Test
126     void create() throws Exception {
127         crud.create(tokenRealmAddress(TOKEN_REALM_CREATE), table, TOKEN_REALM_CREATE);
128     }
129 
130     @Test
131     void update() throws Exception {
132         table.select(TOKEN_REALM_UPDATE);
133         crud.update(tokenRealmAddress(TOKEN_REALM_UPDATE), form, PRINCIPAL_CLAIM, Random.name());
134     }
135 
136     @Test
137     void delete() throws Exception {
138         crud.delete(tokenRealmAddress(TOKEN_REALM_DELETE), table, TOKEN_REALM_DELETE);
139     }
140 
141     // ------------------------------------------------------ jwt
142 
143     @Test
144     void createJWT() throws Exception {
145         table.select(TOKEN_REALM_JWT_CREATE);
146         page.getTokenRealmTabs().select(JWT_TAB);
147         crud.createSingleton(tokenRealmAddress(TOKEN_REALM_JWT_CREATE), page.getJwtForm(), null,
148                 resourceVerifier -> resourceVerifier.verifyAttribute(JWT, jwt -> assertTrue(jwt.isDefined())));
149     }
150 
151     @Test
152     void updateJWT() throws Exception {
153         List<String> audience = List.of(Random.name(), Random.name());
154         String certificate = Random.name();
155         List<String> issuer = List.of(Random.name(), Random.name());
156 
157         table.select(TOKEN_REALM_JWT_UPDATE);
158         page.getTokenRealmTabs().select(JWT_TAB);
159         crud.update(tokenRealmAddress(TOKEN_REALM_JWT_UPDATE), page.getJwtForm(), f -> {
160             f.list(AUDIENCE).removeTags();
161             f.list(AUDIENCE).add(audience);
162             f.text(CERTIFICATE, certificate);
163             f.text(CLIENT_SSL_CONTEXT, CLIENT_SSL_READ);
164             f.list(ISSUER).add(issuer);
165             f.text(KEY_STORE, KEY_STORE_READ);
166         }, resourceVerifier -> {
167             ModelNode jwt = new ModelNode();
168             jwt.get(AUDIENCE).add(audience.get(0));
169             jwt.get(AUDIENCE).add(audience.get(1));
170             jwt.get(CERTIFICATE).set(certificate);
171             jwt.get(CLIENT_SSL_CONTEXT).set(CLIENT_SSL_READ);
172             jwt.get(ISSUER).add(issuer.get(0));
173             jwt.get(ISSUER).add(issuer.get(1));
174             jwt.get(KEY_STORE).set(KEY_STORE_READ);
175             jwt.get(PUBLIC_KEY).set(new ModelNode()); // needs to be undefined!
176             resourceVerifier.verifyAttribute(JWT, jwt);
177         });
178     }
179 
180     @Test
181     void deleteJWT() throws Exception {
182         table.select(TOKEN_REALM_JWT_DELETE);
183         page.getTokenRealmTabs().select(JWT_TAB);
184         crud.deleteSingleton(tokenRealmAddress(TOKEN_REALM_JWT_DELETE), page.getJwtForm(),
185                 resourceVerifier -> resourceVerifier.verifyAttributeIsUndefined(JWT));
186     }
187 
188     // ------------------------------------------------------ oauth2 introspection
189 
190     @Test
191     void createOauth2Introspection() throws Exception {
192         table.select(TOKEN_REALM_OAUTH2_INTROSPECTION_CREATE);
193         page.getTokenRealmTabs().select(OAUTH2_INTROSPECTION_TAB);
194         crud.createSingleton(tokenRealmAddress(TOKEN_REALM_OAUTH2_INTROSPECTION_CREATE), page.getOauth2IntrospectionForm(),
195                 f -> {
196                     f.text(CLIENT_ID, Random.name());
197                     f.text(CLIENT_SECRET, Random.name());
198                     f.text(INTROSPECTION_URL, INTROSPECTION_URL_VALUE);
199                 }, ResourceVerifier::verifyExists);
200     }
201 
202     @Test
203     void updateOauth2Introspection() throws Exception {
204         String clientId = Random.name();
205 
206         table.select(TOKEN_REALM_OAUTH2_INTROSPECTION_UPDATE);
207         page.getTokenRealmTabs().select(OAUTH2_INTROSPECTION_TAB);
208         crud.update(tokenRealmAddress(TOKEN_REALM_OAUTH2_INTROSPECTION_UPDATE), page.getOauth2IntrospectionForm(),
209                 f -> f.text(CLIENT_ID, clientId),
210                 resourceVerifier -> resourceVerifier.verifyAttribute(OAUTH2_INTROSPECTION + "." + CLIENT_ID, clientId));
211     }
212 
213     @Test
214     void deleteOauth2Introspection() throws Exception {
215         table.select(TOKEN_REALM_OAUTH2_INTROSPECTION_DELETE);
216         page.getTokenRealmTabs().select(OAUTH2_INTROSPECTION_TAB);
217         crud.deleteSingleton(tokenRealmAddress(TOKEN_REALM_OAUTH2_INTROSPECTION_DELETE), page.getOauth2IntrospectionForm(),
218                 resourceVerifier -> resourceVerifier.verifyAttributeIsUndefined(OAUTH2_INTROSPECTION));
219     }
220 }