keycloak-client/src/test/java/org/gcube/common/keycloak/TestKeycloakClient.java

128 lines
5.9 KiB
Java
Raw Normal View History

package org.gcube.common.keycloak;
import java.net.URL;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.scope.api.ScopeProvider;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
2021-12-09 15:05:26 +01:00
import org.junit.FixMethodOrder;
import org.junit.Test;
2021-12-09 15:05:26 +01:00
import org.junit.runners.MethodSorters;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
2021-12-09 15:05:26 +01:00
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class TestKeycloakClient {
protected static final Logger logger = LoggerFactory.getLogger(TestKeycloakClient.class);
private static final String DEV_ENDPOINT = "https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token";
private static final String CLIENT_ID = "keycloak-client";
private static final String CLIENT_SECRET = "38f76152-2b7c-418f-9b67-66f4cc2f401e";
private static final String TEST_AUDIENCE = "conductor-server";
private static TokenResponse oidcTR = null;
private static TokenResponse umaTR = null;
2021-12-09 15:05:26 +01:00
@Before
public void setUp() throws Exception {
ScopeProvider.instance.set("/gcube");
}
@After
public void tearDown() throws Exception {
}
@Test
public void test01EndpointDiscovery() throws Exception {
logger.info("*** [0.1] Start testing Keycloak endpoint discovery...");
URL url = KeycloakClientFactory.newInstance().findTokenEndpointURL();
Assert.assertNotNull(url);
Assert.assertTrue(url.getProtocol().equals("https"));
Assert.assertEquals(new URL(DEV_ENDPOINT), url);
2021-06-22 12:48:32 +02:00
logger.info("Discovered URL is: {}", url);
}
@Test
public void test11QueryOIDCTokenWithDiscoveryInCurrentScope() throws Exception {
logger.info("*** [1.1] Start testing query OIDC token from Keycloak with endpoint discovery and current scope...");
oidcTR = KeycloakClientFactory.newInstance().queryOIDCToken(CLIENT_ID, CLIENT_SECRET);
TestModels.checkTokenResponse(oidcTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(oidcTR), "service-account-" + CLIENT_ID);
}
@Test
public void test12QueryOIDCToken() throws Exception {
logger.info("*** [1.2] Start testing query OIDC token from Keycloak with URL...");
oidcTR = KeycloakClientFactory.newInstance().queryOIDCToken(new URL(DEV_ENDPOINT), CLIENT_ID, CLIENT_SECRET);
TestModels.checkTokenResponse(oidcTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(oidcTR), "service-account-" + CLIENT_ID);
}
@Test
public void test13RefreshOIDCTokenWithDiscovery() throws Exception {
logger.info("*** [1.3] Start testing refresh OIDC token from Keycloak with endpoint discovery...");
TokenResponse refreshedTR = KeycloakClientFactory.newInstance().refreshToken(CLIENT_ID, CLIENT_SECRET, oidcTR);
TestModels.checkTokenResponse(refreshedTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(refreshedTR), "service-account-" + CLIENT_ID);
TestModels.checkRefreshToken(ModelUtils.getRefreshTokenFrom(refreshedTR));
}
@Test
public void test21QueryUMATokenWithDiscoveryInCurrentScope() throws Exception {
logger.info(
"*** [2.1] Start testing query UMA token from Keycloak with endpoint discovery and current scope as audience...");
umaTR = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, null);
TestModels.checkTokenResponse(umaTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
}
@Test
public void test22QueryUMATokenWithDiscovery() throws Exception {
logger.info("*** [2.2] Start testing query UMA token from Keycloak with endpoint discovery...");
umaTR = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, TEST_AUDIENCE, null);
TestModels.checkTokenResponse(umaTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
}
@Test
public void test23QueryUMATokenWithDiscoveryWithOIDCAuthorization() throws Exception {
logger.info(
"*** [2.3] Start testing query UMA token from Keycloak with endpoint discovery and OIDC access token for authorization...");
umaTR = KeycloakClientFactory.newInstance().queryUMAToken(oidcTR, TEST_AUDIENCE, null);
TestModels.checkTokenResponse(umaTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
}
@Test
public void test24QueryUMAToken() throws Exception {
logger.info("*** [2.4] Start testing query UMA token from Keycloak with URL...");
umaTR = KeycloakClientFactory.newInstance().queryUMAToken(new URL(DEV_ENDPOINT), CLIENT_ID, CLIENT_SECRET,
2021-12-09 15:05:26 +01:00
TEST_AUDIENCE, null);
TestModels.checkTokenResponse(umaTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
}
2021-12-09 15:05:26 +01:00
@Test
public void test25RefreshUMATokenWithDiscovery() throws Exception {
logger.info("*** [2.5] Start testing refresh UMA token from Keycloak with endpoint discovery...");
TokenResponse refreshedTR = KeycloakClientFactory.newInstance().refreshToken(CLIENT_ID, CLIENT_SECRET, umaTR);
2021-12-09 15:05:26 +01:00
TestModels.checkTokenResponse(refreshedTR);
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(refreshedTR), "service-account-" + CLIENT_ID);
TestModels.checkRefreshToken(ModelUtils.getRefreshTokenFrom(refreshedTR));
}
@Test(expected = KeycloakClientException.class)
public void test26RefreshTokenWithDiscoveryAndClientIdFromRefreshToken() throws Exception {
logger.info("*** [2.6] Start testing refresh UMA token *with error* since is not a public client...");
KeycloakClientFactory.newInstance().refreshToken(umaTR.getRefreshToken());
}
}