From e0ca3048b2761141b9a1d571e0d1ac355f49988e Mon Sep 17 00:00:00 2001 From: Peter Zaoral Date: Thu, 3 Oct 2024 13:49:53 +0200 Subject: [PATCH] quarkus-next: SunCertPathBuilderException: unable to find valid certification path to requested target Closes: #33475 Signed-off-by: Peter Zaoral --- .../testsuite/util/AdminClientUtil.java | 18 +++++++++++------- .../testsuite/admin/ImpersonationTest.java | 16 ++++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java index 37ddcfe8c117..9d3ef4ab4b53 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java @@ -118,13 +118,6 @@ public static ResteasyClient createResteasyClient() { public static ResteasyClient createResteasyClient(boolean ignoreUnknownProperties, Boolean followRedirects) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException { ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder(); - if ("true".equals(System.getProperty("auth.server.ssl.required"))) { - File truststore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore"); - resteasyClientBuilder.sslContext(getSSLContextWithTruststore(truststore, "secret")); - - System.setProperty("javax.net.ssl.trustStore", truststore.getAbsolutePath()); - } - // We need to ignore unknown JSON properties e.g. in the adapter configuration representation // during adapter backward compatibility testing if (ignoreUnknownProperties) { @@ -157,6 +150,17 @@ private static SSLContext getSSLContextWithTruststore(File file, String password } public static ClientHttpEngine getCustomClientHttpEngine(ResteasyClientBuilder resteasyClientBuilder, int validateAfterInactivity, Boolean followRedirects) { + if ("true".equals(System.getProperty("auth.server.ssl.required"))) { + File truststore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore"); + try { + resteasyClientBuilder.sslContext(getSSLContextWithTruststore(truststore, "secret")); + } catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException | + KeyManagementException e) { + throw new RuntimeException(e); + } + + System.setProperty("javax.net.ssl.trustStore", truststore.getAbsolutePath()); + } return new CustomClientHttpEngineBuilder43(validateAfterInactivity, followRedirects).resteasyClientBuilder(resteasyClientBuilder).build(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java index aa97302bd785..9a6c018fa77e 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java @@ -63,8 +63,12 @@ import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.core.HttpHeaders; import jakarta.ws.rs.core.Response; + +import javax.net.ssl.SSLContext; import java.io.IOException; import java.net.URL; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.*; import java.util.stream.Collectors; @@ -387,6 +391,18 @@ Keycloak createAdminClient(String realm, String clientId, String username, Strin password = username.equals("admin") ? "admin" : "password"; } + if (resteasyClient == null) { + try { + SSLContext tlsContext = SSLContext.getInstance("TLS"); + tlsContext.init(null, null, null); + resteasyClient = (ResteasyClient) ResteasyClientBuilder.newBuilder() + .sslContext(tlsContext) + .build(); + } catch (NoSuchAlgorithmException | KeyManagementException e) { + throw new RuntimeException("Failed to initialize SSLContext", e); + } + } + return KeycloakBuilder.builder().serverUrl(getAuthServerContextRoot() + "/auth") .realm(realm) .username(username)