From 58a7e549b2f9ab65c759a9084424254e52a611ba Mon Sep 17 00:00:00 2001 From: mposolda Date: Mon, 2 Mar 2015 12:07:31 +0100 Subject: [PATCH 1/2] Fix mongo to pass with testsuite --- .../mongo/DefaultMongoConnectionFactoryProvider.java | 4 +++- .../entities/ClientIdentityProviderMappingEntity.java | 6 +++--- .../models/mongo/keycloak/adapters/ClientAdapter.java | 5 ++--- .../models/mongo/keycloak/adapters/RealmAdapter.java | 2 +- .../org/keycloak/protocol/AbstractLoginProtocolFactory.java | 5 +++++ 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java index 3c0db050c59..649ad7e2e66 100755 --- a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java +++ b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java @@ -28,6 +28,7 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro "org.keycloak.models.mongo.keycloak.entities.MongoUserEntity", "org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity", "org.keycloak.models.entities.IdentityProviderEntity", + "org.keycloak.models.entities.ClientIdentityProviderMappingEntity", "org.keycloak.models.entities.RequiredCredentialEntity", "org.keycloak.models.entities.CredentialEntity", "org.keycloak.models.entities.FederatedIdentityEntity", @@ -36,7 +37,8 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro "org.keycloak.models.sessions.mongo.entities.MongoUsernameLoginFailureEntity", "org.keycloak.models.sessions.mongo.entities.MongoUserSessionEntity", "org.keycloak.models.sessions.mongo.entities.MongoClientSessionEntity", - "org.keycloak.models.entities.UserFederationProviderEntity" + "org.keycloak.models.entities.UserFederationProviderEntity", + "org.keycloak.models.entities.ProtocolMapperEntity" }; private static final Logger logger = Logger.getLogger(DefaultMongoConnectionFactoryProvider.class); diff --git a/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java b/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java index a788aacf4bd..f1df39f33ae 100644 --- a/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java @@ -23,7 +23,7 @@ package org.keycloak.models.entities; public class ClientIdentityProviderMappingEntity { private String id; - private Boolean retrieveToken; + private boolean retrieveToken; public String getId() { return this.id; @@ -33,11 +33,11 @@ public class ClientIdentityProviderMappingEntity { this.id = id; } - public Boolean isRetrieveToken() { + public boolean isRetrieveToken() { return this.retrieveToken; } - public void setRetrieveToken(Boolean retrieveToken) { + public void setRetrieveToken(boolean retrieveToken) { this.retrieveToken = retrieveToken; } diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java index c0202c1f523..10721819078 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java @@ -29,14 +29,12 @@ public abstract class ClientAdapter extends A protected final T clientEntity; private final RealmModel realm; protected KeycloakSession session; - private final RealmProvider model; public ClientAdapter(KeycloakSession session, RealmModel realm, T clientEntity, MongoStoreInvocationContext invContext) { super(invContext); this.clientEntity = clientEntity; this.realm = realm; this.session = session; - this.model = session.realms(); } @Override @@ -326,13 +324,14 @@ public abstract class ClientAdapter extends A @Override public void updateAllowedIdentityProviders(List identityProviders) { - List stored = getMongoEntityAsClient().getIdentityProviders(); + List stored = new ArrayList(); for (ClientIdentityProviderMappingModel model : identityProviders) { ClientIdentityProviderMappingEntity entity = new ClientIdentityProviderMappingEntity(); entity.setId(model.getIdentityProvider()); entity.setRetrieveToken(model.isRetrieveToken()); + stored.add(entity); } getMongoEntityAsClient().setIdentityProviders(stored); diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index d48ae7d8980..be033a3e286 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -910,7 +910,7 @@ public class RealmAdapter extends AbstractMongoAdapter impleme mapping.setConsentRequired(entity.isConsentRequired()); mapping.setConsentText(entity.getConsentText()); Map config = new HashMap(); - if (entity.getConfig() != null) config.putAll(config); + if (entity.getConfig() != null) config.putAll(entity.getConfig()); mapping.setConfig(config); return mapping; } diff --git a/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java b/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java index 7483105a429..88f0f14270d 100755 --- a/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java +++ b/services/src/main/java/org/keycloak/protocol/AbstractLoginProtocolFactory.java @@ -1,5 +1,6 @@ package org.keycloak.protocol; +import org.jboss.logging.Logger; import org.keycloak.Config; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; @@ -14,6 +15,9 @@ import java.util.List; * @version $Revision: 1 $ */ public abstract class AbstractLoginProtocolFactory implements LoginProtocolFactory { + + private static final Logger logger = Logger.getLogger(AbstractLoginProtocolFactory.class); + @Override public void init(Config.Scope config) { } @@ -27,6 +31,7 @@ public abstract class AbstractLoginProtocolFactory implements LoginProtocolFacto for (RealmModel realm : realms) addDefaults(realm); session.getTransaction().commit(); } catch (Exception e) { + logger.error("Can't add default mappers to realm", e); session.getTransaction().rollback(); } finally { session.close(); From 4741a9a91e4faee9ddf8737355bad01fdccf541c Mon Sep 17 00:00:00 2001 From: mposolda Date: Mon, 2 Mar 2015 12:56:13 +0100 Subject: [PATCH 2/2] Configurable kdc encryption types for Kerberos test --- .../ldap/EmbeddedServersFactory.java | 8 ++++- .../ldap/KerberosEmbeddedServer.java | 32 ++++++++++++++++--- 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java index a377d9b9540..d739b6c3a84 100644 --- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java +++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java @@ -16,6 +16,7 @@ public class EmbeddedServersFactory { private static final String DEFAULT_KERBEROS_REALM = "KEYCLOAK.ORG"; private static final int DEFAULT_KDC_PORT = 6088; + private static final String DEFAULT_KDC_ENCRYPTION_TYPES = "aes128-cts-hmac-sha1-96, des-cbc-md5, des3-cbc-sha1-kd"; private String baseDN; private String bindHost; @@ -23,6 +24,7 @@ public class EmbeddedServersFactory { private String ldifFile; private String kerberosRealm; private int kdcPort; + private String kdcEncryptionTypes; public static EmbeddedServersFactory readConfiguration() { @@ -40,6 +42,7 @@ public class EmbeddedServersFactory { this.kerberosRealm = System.getProperty("kerberos.realm"); String kdcPort = System.getProperty("kerberos.port"); + this.kdcEncryptionTypes = System.getProperty("kerberos.encTypes"); if (baseDN == null || baseDN.isEmpty()) { baseDN = DEFAULT_BASE_DN; @@ -56,6 +59,9 @@ public class EmbeddedServersFactory { kerberosRealm = DEFAULT_KERBEROS_REALM; } this.kdcPort = (kdcPort == null || kdcPort.isEmpty()) ? DEFAULT_KDC_PORT : Integer.parseInt(kdcPort); + if (kdcEncryptionTypes == null || kdcEncryptionTypes.isEmpty()) { + kdcEncryptionTypes = DEFAULT_KDC_ENCRYPTION_TYPES; + } } @@ -77,6 +83,6 @@ public class EmbeddedServersFactory { ldifFile = DEFAULT_KERBEROS_LDIF_FILE; } - return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort); + return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort, kdcEncryptionTypes); } } diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java index 527c9b38079..f5683425c07 100644 --- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java +++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java @@ -2,6 +2,8 @@ package org.keycloak.testutils.ldap; import java.io.IOException; import java.lang.reflect.Field; +import java.util.HashSet; +import java.util.Set; import javax.security.auth.kerberos.KerberosPrincipal; @@ -20,6 +22,8 @@ import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler; import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler; import org.apache.directory.server.protocol.shared.transport.UdpTransport; import org.apache.directory.shared.kerberos.KerberosTime; +import org.apache.directory.shared.kerberos.KerberosUtils; +import org.apache.directory.shared.kerberos.codec.types.EncryptionType; import org.jboss.logging.Logger; /** @@ -31,6 +35,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer { private final String kerberosRealm; private final int kdcPort; + private final String kdcEncryptionTypes; private KdcServer kdcServer; @@ -43,8 +48,9 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer { } - protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort) { + protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) { super(baseDN, bindHost, bindPort, ldifFile); + this.kdcEncryptionTypes = kdcEncryptionTypes; this.kerberosRealm = kerberosRealm; this.kdcPort = kdcPort; } @@ -54,7 +60,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer { public void init() throws Exception { super.init(); - log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort); + log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort + ", kdcEncryptionTypes: " + kdcEncryptionTypes); createAndStartKdcServer(); } @@ -93,6 +99,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer { kdcConfig.setMaximumTicketLifetime(60000 * 1440); kdcConfig.setMaximumRenewableLifetime(60000 * 10080); kdcConfig.setPaEncTimestampRequired(false); + Set encryptionTypes = convertEncryptionTypes(); + kdcConfig.setEncryptionTypes(encryptionTypes); kdcServer = new NoReplayKdcServer(kdcConfig); kdcServer.setSearchBaseDn(this.baseDN); @@ -122,6 +130,24 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer { } + private Set convertEncryptionTypes() { + Set encryptionTypes = new HashSet(); + String[] configEncTypes = kdcEncryptionTypes.split(","); + + for ( String enc : configEncTypes ) { + enc = enc.trim(); + for ( EncryptionType type : EncryptionType.getEncryptionTypes() ) { + if ( type.getName().equalsIgnoreCase( enc ) ) { + encryptionTypes.add( type ); + } + } + } + + encryptionTypes = KerberosUtils.orderEtypesByStrength(encryptionTypes); + return encryptionTypes; + } + + /** * Replacement of apacheDS KdcServer class with disabled ticket replay cache. * @@ -151,12 +177,10 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer { @Override public void save(KerberosPrincipal serverPrincipal, KerberosPrincipal clientPrincipal, KerberosTime clientTime, int clientMicroSeconds) { - return; } @Override public void clear() { - return; } }