mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix flaky test ClientAuthSignedJWTTest.testClientWithGeneratedKeysJKS

Browse Source 
closes #43713

Signed-off-by: mposolda <mposolda@gmail.com>
This commit is contained in:
mposolda
2025-11-14 16:59:40 +01:00
committed by Marek Posolda
parent 97ae31dfe3
commit 68cfb8d720
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java
View File

@@ -435,6 +435,12 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
client = getClient(testRealm.getRealm(), client.getId()).toRepresentation();
final String certOld = client.getAttributes().get(JWTClientAuthenticator.CERTIFICATE_ATTR);
int expectedValidity = validity == null ? 3 : validity;
Calendar beforeCreateCalendar = Calendar.getInstance();
beforeCreateCalendar.add(Calendar.YEAR, expectedValidity);
long beforeCertCreateTime = beforeCreateCalendar.getTime().getTime();
// Generate the keystore and save the new certificate in client (in KC)
byte[] keyStoreBytes = getClientAttributeCertificateResource(testRealm.getRealm(), client.getId())
.generateAndGetKeystore(keyStoreConfig);
@@ -450,10 +456,14 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
KeycloakModelUtils.getPemFromCertificate(x509Cert));
MatcherAssert.assertThat(x509Cert.getPublicKey(), Matchers.instanceOf(RSAKey.class));
Assert.assertEquals(keySize == null ? 4096 : keySize, ((RSAKey) x509Cert.getPublicKey()).getModulus().bitLength());
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, validity == null ? 3 : validity);
Calendar afterCreateCalendar = Calendar.getInstance();
afterCreateCalendar.add(Calendar.YEAR, expectedValidity);
long afterCertCreateTime = afterCreateCalendar.getTime().getTime();
// Assert expected "not after" time on certificate. Need some tollerance as "not after" time on certificate is rounded to seconds
MatcherAssert.assertThat(x509Cert.getNotAfter().getTime(), Matchers.allOf(
Matchers.greaterThan(calendar.getTime().getTime() - 5000), Matchers.lessThan(calendar.getTime().getTime() + 5000)));
Matchers.greaterThan(beforeCertCreateTime - 1000), Matchers.lessThan(afterCertCreateTime + 1000)));
// Try to login with the new keys