diff --git a/integration-tests/oidc-wiremock/pom.xml b/integration-tests/oidc-wiremock/pom.xml
index dfddc45a735e1..0f6a6fb5e5fb3 100644
--- a/integration-tests/oidc-wiremock/pom.xml
+++ b/integration-tests/oidc-wiremock/pom.xml
@@ -43,6 +43,11 @@
rest-assured
test
+
+ io.smallrye.certs
+ smallrye-certificate-generator
+ test
+
org.htmlunit
htmlunit
diff --git a/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java b/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java
index 78ff79e9f8d16..9171e9071ba6d 100644
--- a/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java
+++ b/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java
@@ -71,7 +71,7 @@ public Uni resolve(RoutingContext context,
} else if (path.endsWith("bearer-certificate-full-chain-root-only")) {
OidcTenantConfig config = new OidcTenantConfig();
config.setTenantId("bearer-certificate-full-chain-root-only");
- config.getCertificateChain().setTrustStoreFile(Path.of("truststore-rootcert.p12"));
+ config.getCertificateChain().setTrustStoreFile(Path.of("target/chain/truststore-rootcert.p12"));
config.getCertificateChain().setTrustStorePassword("storepassword");
config.getCertificateChain().setLeafCertificateName("www.quarkustest.com");
return Uni.createFrom().item(config);
diff --git a/integration-tests/oidc-wiremock/src/main/resources/application.properties b/integration-tests/oidc-wiremock/src/main/resources/application.properties
index f3d532751976e..ebf73424c3731 100644
--- a/integration-tests/oidc-wiremock/src/main/resources/application.properties
+++ b/integration-tests/oidc-wiremock/src/main/resources/application.properties
@@ -143,7 +143,7 @@ quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.authentication.verify-
quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.client-id=quarkus-web-app
quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.credentials.client-secret.value=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.credentials.client-secret.method=query
-quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.certificate-chain.trust-store-file=truststore.p12
+quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.certificate-chain.trust-store-file=target/chain/truststore.p12
quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.certificate-chain.trust-store-password=storepassword
@@ -172,7 +172,7 @@ quarkus.oidc.bearer-kid-or-chain.client-id=quarkus-app
quarkus.oidc.bearer-kid-or-chain.credentials.secret=secret
quarkus.oidc.bearer-kid-or-chain.token.audience=https://service.example.com
quarkus.oidc.bearer-kid-or-chain.allow-token-introspection-cache=false
-quarkus.oidc.bearer-kid-or-chain.certificate-chain.trust-store-file=truststore.p12
+quarkus.oidc.bearer-kid-or-chain.certificate-chain.trust-store-file=target/chain/truststore.p12
quarkus.oidc.bearer-kid-or-chain.certificate-chain.trust-store-password=storepassword
quarkus.oidc.bearer-id.auth-server-url=${keycloak.url}/realms/quarkus/
@@ -199,7 +199,7 @@ quarkus.oidc.bearer-azure.jwks-path=${keycloak.url}/azure/jwk
quarkus.oidc.bearer-azure.jwks.resolve-early=false
quarkus.oidc.bearer-azure.token.lifespan-grace=2147483647
quarkus.oidc.bearer-azure.token.customizer-name=azure-access-token-customizer
-quarkus.oidc.bearer-azure.certificate-chain.trust-store-file=truststore.p12
+quarkus.oidc.bearer-azure.certificate-chain.trust-store-file=target/chain/truststore.p12
quarkus.oidc.bearer-azure.certificate-chain.trust-store-password=storepassword
quarkus.oidc.bearer-role-claim-path.auth-server-url=${keycloak.url}/realms/quarkus/
@@ -215,14 +215,14 @@ quarkus.oidc.bearer-no-introspection.credentials.secret=secret
quarkus.oidc.bearer-no-introspection.token.audience=https://service.example.com
quarkus.oidc.bearer-no-introspection.token.allow-jwt-introspection=false
-quarkus.oidc.bearer-certificate-full-chain.certificate-chain.trust-store-file=truststore.p12
+quarkus.oidc.bearer-certificate-full-chain.certificate-chain.trust-store-file=target/chain/truststore.p12
quarkus.oidc.bearer-certificate-full-chain.certificate-chain.trust-store-password=storepassword
-quarkus.oidc.bearer-chain-custom-validator.certificate-chain.trust-store-file=truststore.p12
+quarkus.oidc.bearer-chain-custom-validator.certificate-chain.trust-store-file=target/chain/truststore.p12
quarkus.oidc.bearer-chain-custom-validator.certificate-chain.trust-store-password=storepassword
quarkus.oidc.bearer-chain-custom-validator.token.audience=https://service.example.com
-quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.trust-store-file=truststore-rootcert.p12
+quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.trust-store-file=target/chain/truststore-rootcert.p12
quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.trust-store-password=storepassword
quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.leaf-certificate-name=www.quarkusio.com
diff --git a/integration-tests/oidc-wiremock/src/main/resources/truststore-rootcert.p12 b/integration-tests/oidc-wiremock/src/main/resources/truststore-rootcert.p12
deleted file mode 100644
index e6a5a80173a45..0000000000000
Binary files a/integration-tests/oidc-wiremock/src/main/resources/truststore-rootcert.p12 and /dev/null differ
diff --git a/integration-tests/oidc-wiremock/src/main/resources/truststore.p12 b/integration-tests/oidc-wiremock/src/main/resources/truststore.p12
deleted file mode 100644
index b0c1f8bcb4164..0000000000000
Binary files a/integration-tests/oidc-wiremock/src/main/resources/truststore.p12 and /dev/null differ
diff --git a/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java
index d6f5bb2efbd48..83b2438ddfc11 100644
--- a/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java
+++ b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/BearerTokenAuthorizationTest.java
@@ -22,7 +22,6 @@
import org.awaitility.Awaitility;
import org.hamcrest.Matchers;
import org.jose4j.jwx.HeaderParameterNames;
-import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import com.github.tomakehurst.wiremock.WireMockServer;
@@ -39,12 +38,10 @@
import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import io.smallrye.jwt.build.Jwt;
import io.smallrye.jwt.build.JwtClaimsBuilder;
-import io.smallrye.jwt.util.KeyUtils;
-import io.smallrye.jwt.util.ResourceUtils;
import io.vertx.core.json.JsonObject;
@QuarkusTest
-@QuarkusTestResource(OidcWiremockTestResource.class)
+@QuarkusTestResource(CustomOidcWiremockTestResource.class)
public class BearerTokenAuthorizationTest {
@OidcWireMock
@@ -62,7 +59,6 @@ public void testSecureAccessSuccessPreferredUsername() {
}
@Test
- @Disabled
public void testAccessResourceAzure() throws Exception {
String azureToken = readFile("token.txt");
String azureJwk = readFile("jwks.json");
@@ -192,16 +188,13 @@ public void testAccessAdminResourceWithWrongCertS256Thumbprint() {
}
@Test
- @Disabled
public void testCertChainWithCustomValidator() throws Exception {
- X509Certificate rootCert = KeyUtils.getCertificate(ResourceUtils.readResource("/ca.cert.pem"));
- X509Certificate intermediateCert = KeyUtils.getCertificate(ResourceUtils.readResource("/intermediate.cert.pem"));
- X509Certificate subjectCert = KeyUtils.getCertificate(ResourceUtils.readResource("/www.quarkustest.com.cert.pem"));
- PrivateKey subjectPrivateKey = KeyUtils.readPrivateKey("/www.quarkustest.com.key.pem");
+ List chain = TestUtils.loadCertificateChain();
+ PrivateKey subjectPrivateKey = TestUtils.loadLeafCertificatePrivateKey();
// Send the token with the valid certificate chain and bind it to the token claim
String accessToken = getAccessTokenForCustomValidator(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey, "https://service.example.com", true, false);
RestAssured.given().auth().oauth2(accessToken)
@@ -212,7 +205,7 @@ public void testCertChainWithCustomValidator() throws Exception {
// Send the token with the valid certificate chain but do not bind it to the token claim
accessToken = getAccessTokenForCustomValidator(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey, "https://service.example.com", false, false);
RestAssured.given().auth().oauth2(accessToken)
@@ -222,7 +215,7 @@ public void testCertChainWithCustomValidator() throws Exception {
// Send the token with the valid certificate chain bound to the token claim, but expired
accessToken = getAccessTokenForCustomValidator(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey, "https://service.example.com", true, true);
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-chain-custom-validator")
@@ -231,7 +224,7 @@ public void testCertChainWithCustomValidator() throws Exception {
// Send the token with the valid certificate chain but with the wrong audience
accessToken = getAccessTokenForCustomValidator(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey, "https://server.example.com", true, false);
RestAssured.given().auth().oauth2(accessToken)
@@ -242,16 +235,14 @@ public void testCertChainWithCustomValidator() throws Exception {
}
@Test
- @Disabled
public void testAccessAdminResourceWithFullCertChain() throws Exception {
- X509Certificate rootCert = KeyUtils.getCertificate(ResourceUtils.readResource("/ca.cert.pem"));
- X509Certificate intermediateCert = KeyUtils.getCertificate(ResourceUtils.readResource("/intermediate.cert.pem"));
- X509Certificate subjectCert = KeyUtils.getCertificate(ResourceUtils.readResource("/www.quarkustest.com.cert.pem"));
- PrivateKey subjectPrivateKey = KeyUtils.readPrivateKey("/www.quarkustest.com.key.pem");
+ // index 2 - root, index 1 - intermediate, index 0 - leaf
+ List chain = TestUtils.loadCertificateChain();
+ PrivateKey subjectPrivateKey = TestUtils.loadLeafCertificatePrivateKey();
// Send the token with the valid certificate chain and bind it to the token claim
String accessToken = getAccessTokenWithCertChain(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
@@ -268,7 +259,7 @@ public void testAccessAdminResourceWithFullCertChain() throws Exception {
// Send the token with the valid certificate chain, but with the token signed by a non-matching private key
accessToken = getAccessTokenWithCertChain(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
KeyPairGenerator.getInstance("RSA").generateKeyPair().getPrivate());
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-certificate-full-chain")
@@ -277,7 +268,7 @@ public void testAccessAdminResourceWithFullCertChain() throws Exception {
// Send the token with the valid certificates but which are in the wrong order in the chain
accessToken = getAccessTokenWithCertChain(
- List.of(intermediateCert, subjectCert, rootCert),
+ List.of(chain.get(1), chain.get(0), chain.get(2)),
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-certificate-full-chain")
@@ -286,7 +277,7 @@ public void testAccessAdminResourceWithFullCertChain() throws Exception {
// Send the token with the valid certificates but with the intermediate one omitted from the chain
accessToken = getAccessTokenWithCertChain(
- List.of(subjectCert, rootCert),
+ List.of(chain.get(0), chain.get(2)),
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-certificate-full-chain")
@@ -295,7 +286,7 @@ public void testAccessAdminResourceWithFullCertChain() throws Exception {
// Send the token with the only the last valid certificate
accessToken = getAccessTokenWithCertChain(
- List.of(subjectCert),
+ List.of(chain.get(0)),
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-certificate-full-chain")
@@ -305,16 +296,13 @@ public void testAccessAdminResourceWithFullCertChain() throws Exception {
}
@Test
- @Disabled
public void testFullCertChainWithOnlyRootInTruststore() throws Exception {
- X509Certificate rootCert = KeyUtils.getCertificate(ResourceUtils.readResource("/ca.cert.pem"));
- X509Certificate intermediateCert = KeyUtils.getCertificate(ResourceUtils.readResource("/intermediate.cert.pem"));
- X509Certificate subjectCert = KeyUtils.getCertificate(ResourceUtils.readResource("/www.quarkustest.com.cert.pem"));
- PrivateKey subjectPrivateKey = KeyUtils.readPrivateKey("/www.quarkustest.com.key.pem");
+ List chain = TestUtils.loadCertificateChain();
+ PrivateKey subjectPrivateKey = TestUtils.loadLeafCertificatePrivateKey();
// Send the token with the valid certificate chain
String accessToken = getAccessTokenWithCertChain(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
@@ -331,7 +319,7 @@ public void testFullCertChainWithOnlyRootInTruststore() throws Exception {
// Send the token with the valid certificates but which are in the wrong order in the chain
accessToken = getAccessTokenWithCertChain(
- List.of(intermediateCert, subjectCert, rootCert),
+ List.of(chain.get(1), chain.get(0), chain.get(2)),
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-certificate-full-chain-root-only")
@@ -340,7 +328,7 @@ public void testFullCertChainWithOnlyRootInTruststore() throws Exception {
// Send the token with the valid certificates but with the intermediate one omitted from the chain
accessToken = getAccessTokenWithCertChain(
- List.of(subjectCert, rootCert),
+ List.of(chain.get(0), chain.get(2)),
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-certificate-full-chain-root-only")
@@ -349,7 +337,7 @@ public void testFullCertChainWithOnlyRootInTruststore() throws Exception {
// Send the token with the only the last valid certificate
accessToken = getAccessTokenWithCertChain(
- List.of(subjectCert),
+ List.of(chain.get(0)),
subjectPrivateKey);
RestAssured.given().auth().oauth2(accessToken)
.when().get("/api/admin/bearer-certificate-full-chain-root-only")
@@ -358,7 +346,6 @@ public void testFullCertChainWithOnlyRootInTruststore() throws Exception {
}
@Test
- @Disabled
public void testAccessAdminResourceWithKidOrChain() throws Exception {
// token with a matching kid, not x5c
String token = Jwt.preferredUserName("admin")
@@ -403,14 +390,12 @@ public void testAccessAdminResourceWithKidOrChain() throws Exception {
.then()
.statusCode(401);
- X509Certificate rootCert = KeyUtils.getCertificate(ResourceUtils.readResource("/ca.cert.pem"));
- X509Certificate intermediateCert = KeyUtils.getCertificate(ResourceUtils.readResource("/intermediate.cert.pem"));
- X509Certificate subjectCert = KeyUtils.getCertificate(ResourceUtils.readResource("/www.quarkustest.com.cert.pem"));
- PrivateKey subjectPrivateKey = KeyUtils.readPrivateKey("/www.quarkustest.com.key.pem");
+ List chain = TestUtils.loadCertificateChain();
+ PrivateKey subjectPrivateKey = TestUtils.loadLeafCertificatePrivateKey();
// Send the token with the valid certificate chain
token = getAccessTokenWithCertChain(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey);
TestUtils.assertX5cOnlyIsPresent(token);
@@ -429,7 +414,7 @@ public void testAccessAdminResourceWithKidOrChain() throws Exception {
// Send the token with the valid certificate chain with certificates in the wrong order
token = getAccessTokenWithCertChain(
- List.of(intermediateCert, subjectCert, rootCert),
+ List.of(chain.get(1), chain.get(0), chain.get(2)),
subjectPrivateKey);
TestUtils.assertX5cOnlyIsPresent(token);
@@ -445,7 +430,7 @@ public void testAccessAdminResourceWithKidOrChain() throws Exception {
.groups(Set.of("admin"))
.issuer("https://server.example.com")
.audience("https://service.example.com")
- .jws().keyId("1").chain(List.of(intermediateCert, subjectCert, rootCert))
+ .jws().keyId("1").chain(List.of(chain.get(1), chain.get(0), chain.get(2)))
.sign(subjectPrivateKey);
assertBothKidAndX5cArePresent(token, "1");
diff --git a/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CodeFlowAuthorizationTest.java b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CodeFlowAuthorizationTest.java
index d5845341e9648..0741e298c5236 100644
--- a/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CodeFlowAuthorizationTest.java
+++ b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CodeFlowAuthorizationTest.java
@@ -50,7 +50,6 @@
import org.htmlunit.util.Cookie;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import com.github.tomakehurst.wiremock.WireMockServer;
@@ -337,7 +336,6 @@ public void testCodeFlowUserInfo() throws Exception {
}
@Test
- @Disabled
public void testCodeFlowUserInfoCachedInIdToken() throws Exception {
// Internal ID token, allow in memory cache = false, cacheUserInfoInIdtoken = true
final String refreshJwtToken = generateAlreadyExpiredRefreshToken();
diff --git a/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CustomOidcWiremockTestResource.java b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CustomOidcWiremockTestResource.java
new file mode 100644
index 0000000000000..3cd5564e7b7d6
--- /dev/null
+++ b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CustomOidcWiremockTestResource.java
@@ -0,0 +1,59 @@
+package io.quarkus.it.keycloak;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import io.quarkus.test.oidc.server.OidcWiremockTestResource;
+import io.smallrye.certs.chain.CertificateChainGenerator;
+import io.smallrye.jwt.util.KeyUtils;
+
+public class CustomOidcWiremockTestResource extends OidcWiremockTestResource {
+ @Override
+ public Map start() {
+ try {
+ generateCertificates();
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+
+ return super.start();
+ }
+
+ private void generateCertificates() throws Exception {
+ File chainDir = new File("target/chain");
+ CertificateChainGenerator chainGenerator = new CertificateChainGenerator(chainDir)
+ .withCN("www.quarkustest.com");
+ chainGenerator.generate();
+
+ Path rootCertPath = Paths.get("target/chain/root.crt");
+ X509Certificate rootCert = KeyUtils.getCertificate(Files.readString(rootCertPath));
+
+ Path leafCertPath = Paths.get("target/chain/www.quarkustest.com.crt");
+ X509Certificate leafCert = KeyUtils.getCertificate(Files.readString(leafCertPath));
+
+ File trustStore = new File(chainDir, "truststore.p12");
+ KeyStore keyStore = KeyStore.getInstance("PKCS12");
+ keyStore.load(null, null);
+ keyStore.setCertificateEntry("root", rootCert);
+ keyStore.setCertificateEntry("leaf", leafCert);
+ var fos = new FileOutputStream(trustStore);
+ keyStore.store(fos, "storepassword".toCharArray());
+ fos.close();
+
+ File trustStoreRoot = new File(chainDir, "truststore-rootcert.p12");
+ KeyStore keyStoreRootCert = KeyStore.getInstance("PKCS12");
+ keyStoreRootCert.load(null, null);
+ keyStoreRootCert.setCertificateEntry("root", rootCert);
+ var fosRootCert = new FileOutputStream(trustStoreRoot);
+ keyStoreRootCert.store(fosRootCert, "storepassword".toCharArray());
+ fosRootCert.close();
+
+ }
+
+}
diff --git a/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/TestUtils.java b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/TestUtils.java
index 591ca8c360f4d..c875b28822607 100644
--- a/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/TestUtils.java
+++ b/integration-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/TestUtils.java
@@ -3,6 +3,9 @@
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
@@ -11,19 +14,33 @@
import io.quarkus.oidc.runtime.TrustStoreUtils;
import io.smallrye.jwt.build.Jwt;
import io.smallrye.jwt.util.KeyUtils;
-import io.smallrye.jwt.util.ResourceUtils;
import io.vertx.core.json.JsonObject;
public class TestUtils {
+ public static List loadCertificateChain() throws Exception {
+ Path rootCertPath = Paths.get("target/chain/root.crt");
+ Path intermediateCertPath = Paths.get("target/chain/intermediate.crt");
+ Path leafCertPath = Paths.get("target/chain/www.quarkustest.com.crt");
+
+ X509Certificate rootCert = KeyUtils.getCertificate(Files.readString(rootCertPath));
+ X509Certificate intermediateCert = KeyUtils.getCertificate(Files.readString(intermediateCertPath));
+ X509Certificate subjectCert = KeyUtils.getCertificate(Files.readString(leafCertPath));
+
+ return List.of(subjectCert, intermediateCert, rootCert);
+ }
+
+ public static PrivateKey loadLeafCertificatePrivateKey() throws Exception {
+ Path leafKeyPath = Paths.get("target/chain/www.quarkustest.com.key");
+ return KeyUtils.decodePrivateKey(Files.readString(leafKeyPath));
+ }
+
public static String createTokenWithInlinedCertChain(String preferredUserName) throws Exception {
- X509Certificate rootCert = KeyUtils.getCertificate(ResourceUtils.readResource("/ca.cert.pem"));
- X509Certificate intermediateCert = KeyUtils.getCertificate(ResourceUtils.readResource("/intermediate.cert.pem"));
- X509Certificate subjectCert = KeyUtils.getCertificate(ResourceUtils.readResource("/www.quarkustest.com.cert.pem"));
- PrivateKey subjectPrivateKey = KeyUtils.readPrivateKey("/www.quarkustest.com.key.pem");
+ List chain = loadCertificateChain();
+ PrivateKey subjectPrivateKey = loadLeafCertificatePrivateKey();
String bearerAccessToken = getAccessTokenWithCertChain(
- List.of(subjectCert, intermediateCert, rootCert),
+ chain,
subjectPrivateKey,
preferredUserName);
diff --git a/integration-tests/oidc-wiremock/src/test/resources/ca.cert.pem b/integration-tests/oidc-wiremock/src/test/resources/ca.cert.pem
deleted file mode 100644
index b8ec4ac6c5dd1..0000000000000
--- a/integration-tests/oidc-wiremock/src/test/resources/ca.cert.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF0TCCA7mgAwIBAgIUevkdgNus9CUyOGrDiHwuFFAzSsowDQYJKoZIhvcNAQEL
-BQAwcDELMAkGA1UEBhMCSUUxDzANBgNVBAgMBkR1YmxpbjEPMA0GA1UEBwwGRHVi
-bGluMRAwDgYDVQQKDAdRdWFya3VzMRswGQYDVQQLDBJRdWFya3VzIERlcGFydG1l
-bnQxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjMxMTE3MTIyNzI2WhcNNDMxMTEyMTIy
-NzI2WjBwMQswCQYDVQQGEwJJRTEPMA0GA1UECAwGRHVibGluMQ8wDQYDVQQHDAZE
-dWJsaW4xEDAOBgNVBAoMB1F1YXJrdXMxGzAZBgNVBAsMElF1YXJrdXMgRGVwYXJ0
-bWVudDEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBALQFnHt8yToRlnRKtwcf8yaKzVH53rdv2D9kVzGyuqNVwyPvnPx/Vo88
-lOVeNFY9cj9aTpuVry8wO58Xf6+eMrfiGsHkyW2Fi7PeMyTN5V+smhDonYrZIEKU
-UsGuEFwnsAdAPyboQAXG3Xy82OJD3HZfARIoA5l80GtnoeQicKex724bhSohm5ZS
-XdGTlHRhTLcG1eaidccUyBAJjMexnCsqHdLfzrKOK/Hl8wPPNXOTPZZ6GmjWub5g
-Ti6qYu/tkuC2hlu+rEFVql75cpJ9sA5P/DRF/0A7dJClWSNErG2ATcoImpaxUnpd
-jSs76LIx779nOd6zbIaSyIwzbPoTxuoiAK5Fg8dZjK2A+omwfnIHvd30/5D7NcQj
-LshRWH/G26/rdpj0c3ZwpW2md065cFVgal/m1nsEqREjHyRvm1PkacKAEw9A4gUQ
-Au0NYTX6KWE2TcTQdKbcGlBQPcNkJPKdbv+bfNs6+BreEjltcIMZ0Xl7qPVOU3Hm
-d44avBoHQRhHDg2ud7ZFxpvhjxKmUwEGTDdgt2vuXAyEkrfGCQ2AE58nlcLzAdWN
-Zaq0o0WObzW5pXjcSslEln/U5x94U7Fnql5/XD27UqvMYTkZAK0fyYnsZcghrf4Q
-qq25HipDD9j4YtDvBOYE24nxxVZWK4k5kjc5et6zWRjBt6cH99yXAgMBAAGjYzBh
-MB0GA1UdDgQWBBSjdDFDHtjprW5hclFqtSK/sz6gojAfBgNVHSMEGDAWgBSjdDFD
-HtjprW5hclFqtSK/sz6gojAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjANBgkqhkiG9w0BAQsFAAOCAgEAKha7J68N/SIr/FD/X+moJF7QzCH0fPhvYHJg
-l8dOB39b901nJ0mRVxUH5pZwsoi4nxU4t52leLT5hUgyG02H0v4eHYHtkMBAJ0IE
-gdmsNRrdZPulPs5/hrLOZJG41X3X485qUouyKjZlDSjr4djFifzOWHL9VonyDSV4
-j7MtKnnTo5UzqKt3fcr0LzP5x4t3M6dZgTMjIG5C6pmar6Qp2htZh1RFx+wW+KJy
-ULhfByID5hrA99Q5gS7w27EjvD80tgDZaRbrV/gt4hI/0W0NHvP1m1HX0oe0bhWx
-soBMLaaH0F+LSo3jU3e7OakP2/i2Jpz5sIKndL6lIf80o2Ngo+LQr4aPK7lzPPYV
-U7I2Il0KfklbFUmbVYNdVtbZKaOwdEU0ADqptJY1cnH9putd5Z1ea9NWENcXFaRs
-LfgqFagEKTZZkwkX2oNHH9bwEZsfAgr2OWjzHIcfQ3NnRBPymx1CB2QMYuPbg6ql
-6eGjRBWVPpMK/tGp9BDIfPC5Kq4yuAMihKoDuikL12hKKB59VfpybBH+ziVxBcyD
-LO8Fsuu5V85TOaZ3DFqp8ZODQWnvDre8o0VxwdH+4SC01qhTZRtqSdoOXGrt+J0B
-EsIvFGOOEE5W+23Hcr6Nwl5YFm95f2ZPCkb5Iu2Wp6BtlZQBFfTXiGhP+LT008Yl
-W+0+5Lc=
------END CERTIFICATE-----
diff --git a/integration-tests/oidc-wiremock/src/test/resources/intermediate.cert.pem b/integration-tests/oidc-wiremock/src/test/resources/intermediate.cert.pem
deleted file mode 100644
index 27dc46ad3ff27..0000000000000
--- a/integration-tests/oidc-wiremock/src/test/resources/intermediate.cert.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFuTCCA6GgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCSUUx
-DzANBgNVBAgMBkR1YmxpbjEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQKDAdRdWFy
-a3VzMRswGQYDVQQLDBJRdWFya3VzIERlcGFydG1lbnQxEDAOBgNVBAMMB1Jvb3Qg
-Q0EwHhcNMjMxMTE3MTIzMDIwWhcNMzMxMTE0MTIzMDIwWjBnMQswCQYDVQQGEwJJ
-RTEPMA0GA1UECAwGRHVibGluMRAwDgYDVQQKDAdRdWFya3VzMRswGQYDVQQLDBJR
-dWFya3VzIERlcGFydG1lbnQxGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMFfN7Pi8dF+gQTglUDbnTsunr10
-0Ldeozyg4UK+V59NJ8FSX9k1OZeSIjqEN3kljtjNzKX7eqwIw/8UjboQeusIM9jM
-x+cu0ifWlulu/TBLzZfxO3Laq0lSJWuoPRt9tDAdA1PJK62p044zp6i6B9PDldhi
-RpZPj7PJcAoEh3NTmzh7icKVmcGfj2Xo+M/TOiGtKsIhH34w/aXi6u/03PsBs0gw
-8Lids9WTUFGIvf4jAeCzuxWL7RQVr7qDhEvlKEh1tRknSUf0W2yJCE+aFD3XL/b2
-r6qc+CbsV59n+IcARH7gFDEBkAdk9lBozmF7o7+ADc5CZAjtN2FGWDhLXoCV8fvT
-4/sGLsT/MGZPUS4vqw+Gl3+Qx0qk+DgVrwWGFPX168vXBEB/f+AsCX3O9Hn6vNjB
-uEoIi6+bZP6P2MHThARzOm705cM9xxvj82qrdpYtxhi4jLAwzZ/Aa+1wTu1Uobub
-9LXoyuNHSppuK1gi4DZYUHs9YkQwVTwGu1cyYI9oCy9tZ90YqDHHQCyNqAFEPyjw
-C9JT1B3g3gZiiPfpVtzvqxG8qNC6fYyYDSq4aNjlCfv8jYBPylByUyVMG5QnS0ai
-5lYhUF6L8v1jWrsMvkBCmua4TvP4ofa8qUNOpS5eKTNiWk8wkuGne8MhSPDAExVO
-z82E3S8s4jdpwWgHAgMBAAGjZjBkMB0GA1UdDgQWBBRM+ZXzjUoJLnQsxPsFa6CJ
-uIjsyTAfBgNVHSMEGDAWgBSjdDFDHtjprW5hclFqtSK/sz6gojASBgNVHRMBAf8E
-CDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAAa8u
-aDO6nrADunYa6ePJLmxpiMCpaJR6XcM3UkZkQ+zdHsPLPl9lbN2tbr982CWbr89Q
-QmkHMxylQQ4QLwUM6USzDohIiQ516I0LcGUatTymVXKRwSZc1xK587v4iI7LVy5P
-pQuBMeA+tteldyaaWTDL3ppa1UmNWksS3MDHOYcJ/GWqsCqD1Au0sj1E3bGW4t6b
-Wkan6gUG7z1IpXN8XOVSgbzTkWnH89LJns6YUHMnIXb+qQflLCbuj3TYa5H5JgOC
-atVJEHOtqCaDxNDH5t99zFrvLkYy/AJ2QMqMlLS0pWRBmRcaBXEQl7npenZOUgn9
-A0AKs3hoYl0aF0aVMmy7R1Rx+V0G7s3AFZ31QUuWRiy50QJmZg4qZYliZFMcFZrg
-H4T1IKcF1IddU7/tUodaaCP6DT9HRufJ8VNw8kFeFYK414TgvyuViIpHHGuUOLDl
-Ee6ONp3VkzY3sseXpmR14JRnT2JOL5yt1kaDc8VdyLe+v57NURNUB8s5s6x/oIYI
-9BDT1paHb38C/g8E72emgRMs+LwABJJm72hBiKo4eI8uDYKSTKuzxF9JANMMXPG9
-wvCgyFzf1ySsFlFueAMDVZJtqD0SPqtbilfJJ6lUmzyWEb2WYaUDpSiqmNU4Dnw0
-b+x+3T3uJ8oAbV9xBA9aba6M+fkzjtZ0VakcFpM=
------END CERTIFICATE-----
diff --git a/integration-tests/oidc-wiremock/src/test/resources/www.quarkustest.com.cert.pem b/integration-tests/oidc-wiremock/src/test/resources/www.quarkustest.com.cert.pem
deleted file mode 100644
index cb05e37ef44da..0000000000000
--- a/integration-tests/oidc-wiremock/src/test/resources/www.quarkustest.com.cert.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE6zCCAtOgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UEBhMCSUUx
-DzANBgNVBAgMBkR1YmxpbjEQMA4GA1UECgwHUXVhcmt1czEbMBkGA1UECwwSUXVh
-cmt1cyBEZXBhcnRtZW50MRgwFgYDVQQDDA9JbnRlcm1lZGlhdGUgQ0EwHhcNMjMx
-MTE3MTIzNjQ1WhcNMjQxMTI2MTIzNjQ1WjCBgDELMAkGA1UEBhMCSUUxDzANBgNV
-BAgMBkR1YmxpbjEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQKDAdRdWFya3VzMR8w
-HQYDVQQLDBZRdWFya3VzSW50ZWdyYXRpb25UZXN0MRwwGgYDVQQDDBN3d3cucXVh
-cmt1c3Rlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqLr
-N3x2QK1oc5FeAiImBSq8ouaUJ5s9wZre7A/2RrM1ZTzUK/VyoynWaVxYIkjdGTpT
-H6xYtz3+T6z/l0xHO/tugXGHDGEQOgstvh0E8C1DrdvIOqdPtNYUBW6Nw0NVrVwH
-ClBDSFN5Xw89YhjydtETy11joKQ2X9SViDfCICOVpx0ml05Txc45CUJsDofEX5HQ
-C0eG32cuemvMLouAFH9fMfoVrx9Yhy5vBrzlX22s0ig9bu53qQlNuzj5AUcNKUCM
-NttRltptHmRiAnRzUIGiOhXuaz0oEIU80p82sVM78tfY4qXIu9LVWYM1qqpYielx
-BkjC7GElG7Log4lf4QIDAQABo4GGMIGDMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEB
-BAQDAgZAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAfBgNV
-HSMEGDAWgBRM+ZXzjUoJLnQsxPsFa6CJuIjsyTAdBgNVHQ4EFgQUEQ404BYvLmtz
-vfS6I3iW4vKM/4QwDQYJKoZIhvcNAQELBQADggIBAFRMZozul2oqjOhQG9todI8w
-6woJk5b5VDf0c5zPvQntWeS8vv7Bysy7yqmfdZFqZXZstIfmX+USvE1XOuQl+2X7
-BHn958lwyiKNUwNVm27Luf5yKEtjZHqmCvfCjcGAt5vuyyV1JcmP4gzEvEiTByMq
-A4VSw7+u8y0/kEJLpgoikQaBYgp5HPkqJ/EmI55QUKlIElX9cgJxz5ihdHw/EUxD
-C0AvKxH4SoMGxAlplz+ncJp6Ru6EI51dE1tIUlLwsFF39GjZ2a7AQCzG3umqM5ui
-sKI6l5DFU9HVoDbNrSJ0DWbvevC6jA9sGsQyUjwewrhrsOposR2NOS/RyMw7YdWi
-XIg50TmkWOyEScF7PQQ43qYL7JZQx9fB5k5Tscb0tV/anmTjbSQZmAeTsiHkDPeq
-hGeP5mnvIdETwS9AZyYFDam1xOPcFpnsN2MGGXIUBvI876rno3zZlNnq4ugbYYWw
-GlG/C7dseXP2dyvTsalNNUqSjZoFpwrQDPBFjTNxtKjX3E0J9ATL9QHsvO/+UkdG
-FFyKVAGsFkI0kYv6gaPoqPkJoLxK3wZJ/QXMLJPk/jz7jBz5YPwvR1huN4ZgE9A9
-UvFxgcHuDjsBaHd+DJeILv/O47ELLnVKjnmvACZt4WbxMzH4ZpcB1oN9zQ7RP/CK
-YZrxGk8DGTBADYV4cHl2
------END CERTIFICATE-----
diff --git a/integration-tests/oidc-wiremock/src/test/resources/www.quarkustest.com.key.pem b/integration-tests/oidc-wiremock/src/test/resources/www.quarkustest.com.key.pem
deleted file mode 100644
index 38080bc66d484..0000000000000
--- a/integration-tests/oidc-wiremock/src/test/resources/www.quarkustest.com.key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6ous3fHZArWhz
-kV4CIiYFKryi5pQnmz3Bmt7sD/ZGszVlPNQr9XKjKdZpXFgiSN0ZOlMfrFi3Pf5P
-rP+XTEc7+26BcYcMYRA6Cy2+HQTwLUOt28g6p0+01hQFbo3DQ1WtXAcKUENIU3lf
-Dz1iGPJ20RPLXWOgpDZf1JWIN8IgI5WnHSaXTlPFzjkJQmwOh8RfkdALR4bfZy56
-a8wui4AUf18x+hWvH1iHLm8GvOVfbazSKD1u7nepCU27OPkBRw0pQIw221GW2m0e
-ZGICdHNQgaI6Fe5rPSgQhTzSnzaxUzvy19jipci70tVZgzWqqliJ6XEGSMLsYSUb
-suiDiV/hAgMBAAECggEAA6VZm3agt8A7dWB+WePRYtH0J+mBtOldMjpEhw+Dw9tN
-3Hms+mPb1rCjSeEeLqNGQG8pfwmmnQPGw0cxogLBNHyDqt8tIHKH9t5PiTJ3bXqw
-4wVTWsP4dGOnNfj0J3+Z/Z452/t36QKKcS8yx4cNu4D3lkYvg0yZ7FLSjfvq3KZU
-w8m8/4EPtP2+KxIvFIDU5/5W43wYUv6QctTEuIDRfikdik3oKDiNUGCtfd6OOQtE
-mINkDA6nLgOngyxj8jBAgkBIs+FfOoywPZP3cR9MeAdJYPBxEE3NN4wlZlQZCzkd
-SA10258coG7bXii8lTrik89v0WhvGOYtoWniddv7MQKBgQDge3fo06q82+QhP2wM
-ni99YMiYaW3oaotEAT86C8owDWR3z2+luk3HK34d/2uVhgzftTN3DMM70pZ7arI2
-GJqxNdzK2YGrACNB9bYCLhRj4/ITGannz6cjrHsiRH99BGpyeZQKFNmvrgY8ru+j
-GSy17JY0/8Kj7gQYohnvHdh6SQKBgQDU1ylO6ZHZykfXvPgvnFqYUHiOgBwk6Y7+
-ClozmZL48u/42PpsVNuoquzH5V1kIBDwWZjUsOnZX5rbv0YzOJ449PsVw+pM+NAb
-Dwtzwgfb9/uBryFKMgiXMToOEAyN+ENRg4PpyHRQu+shVh8/MPdMytA8AaypmZP7
-aPKhw/v42QKBgGG4PcWjxtJ54oA6rJ19iuzIYeo/EvI21zMeW9i34ycx3UdujIqX
-ZF5MZ5VFaB7qANateZ7cdmynSoylMLjt0wFLkjbXomO/JpoDDV07k/K7+tgnttfL
-hFW6MswDB4BzmKcGl9QfqXeZiOuHt5fHULhNKkIeCCv2Y+AZSLLXyjHJAoGAcmDq
-RwkII0UsVIity1A381CTaOj5tvB4spa3oLEwJW7QfSeFdEAqBztLoaTmCk+dKrzL
-f8lO8k0JeHwS6qXLiYpFgI3XVOQFWfU8z0l/VbuvQiLuPeQjb7S5oSMIzCaVbrHB
-axoZP+Ws1y5j/l5/F5qKSyUPN9lbiCj+8uXSfAkCgYAcZ8i2+4ji9Ntu83G90GWi
-hS2JOlZEUOCcE9vRu6HDkWC0qfkGbhjUk5GUHBjFp0shRTR/GnGA0ILAzgoxEK1s
-/aDel9XDeuF4DJC+HzvPDoPFYz0UH4CuOYWhAejL81a5/AAHQqm2fpQSNln097rC
-KfGyU23XuO7U8BloCy/hCA==
------END PRIVATE KEY-----