Add mode for configuring truststore for ldap tests

Signed-off-by: Steve Taylor <staylor@pivotal.io>

.travis.yml

@@ -41,7 +41,7 @@ install:
   fi
 - mkdir -p $HOME/build/cloudfoundry/uaa/uaa/build/reports/tests
 script:
-- ./gradlew -Dspring.profiles.active=$TESTENV -Djavax.net.ssl.trustStore=$TRAVIS_BUILD_DIR/scripts/ldap/truststore-with-ldap-certs.jks -Djavax.net.ssl.trustStoreType=JKS jacocoRootReport
+- ./gradlew -Dspring.profiles.active=$TESTENV -Dmode=truststoreWithLdapCerts jacocoRootReport
 after_success:
 - ./gradlew coveralls
 - for i in $(find $HOME/build/cloudfoundry/uaa/ -name reports -type d); do rm -rf $i; done

build.gradle

@@ -227,6 +227,10 @@ cargo {
     outputFile = file('uaa/build/reports/tests/uaa-server.log')
     systemProperties {
       property 'spring.profiles.active', System.getProperty('spring.profiles.active', 'default')
+      if (System.getProperty('mode') == 'truststoreWithLdapCerts') {
+        property 'javax.net.ssl.trustStore', "${projectDir}/scripts/ldap/truststore-with-ldap-certs.jks"
+        property 'javax.net.ssl.trustStoreType', 'JKS'
+      }
     }
 
     installer {
@@ -254,7 +258,6 @@ project.gradle.taskGraph.whenReady { TaskExecutionGraph graph ->
       }
     }
   }
-
   project.allprojects.collect({ it.tasks.withType(Test) }).flatten().each {
     it.systemProperty 'spring.profiles.active', System.getProperty('spring.profiles.active', 'default')
   }

uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/LdapLoginIT.java

@@ -18,7 +18,6 @@
 import org.openqa.selenium.WebDriver;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.oauth2.client.test.TestAccounts;
 import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.web.client.RestOperations;
@@ -67,10 +66,24 @@ public void clearWebDriverOfCookies() throws Exception {
 
     @Test
     public void ldapLogin_withValidSelfSignedCert() throws Exception {
+        performLdapLogin("testzone2", "ldaps://52.87.212.253:636/");
+
+        assertThat(webDriver.findElement(By.cssSelector("h1")).getText(), Matchers.containsString("Where to"));
+    }
+
+    @Test
+    public void ldapLogin_withExpiredSelfSignedCert() throws Exception {
+        performLdapLogin("testzone1", "ldaps://52.20.5.106:636/");
+        assertThat(webDriver.findElement(By.cssSelector("h1")).getText(), Matchers.containsString("Welcome to The Twiglet Zone[testzone1]!"));
+    }
+
+    private void performLdapLogin(String subdomain, String ldapUrl) throws Exception {
         //ensure we are able to resolve DNS for hostname testzone2.localhost
         assumeTrue("Expected testzone1/2/3/4.localhost to resolve to 127.0.0.1", doesSupportZoneDNS());
-        String zoneId = "testzone2";
-        String zoneUrl = baseUrl.replace("localhost", "testzone2.localhost");
+        //ensure that certs have been added to truststore via gradle
+        assumeTrue(System.getProperty("javax.net.ssl.trustStore") != null && System.getProperty("javax.net.ssl.trustStore").contains("truststore-with-ldap-certs.jks"));
+        String zoneId = subdomain;
+        String zoneUrl = baseUrl.replace("localhost", subdomain + ".localhost");
 
         //identity client token
         RestTemplate identityClient = IntegrationTestUtils.getClientCredentialsTemplate(
@@ -84,7 +97,7 @@ public void ldapLogin_withValidSelfSignedCert() throws Exception {
         IntegrationTestUtils.createZoneOrUpdateSubdomain(identityClient, baseUrl, zoneId, zoneId);
 
         //create a zone admin user
-        String email = new RandomValueStringGenerator().generate() +"@samltesting.org";
+        String email = new RandomValueStringGenerator().generate() + "@ldaptesting.org";
         ScimUser user = IntegrationTestUtils.createUser(adminClient, baseUrl,email ,"firstname", "lastname", email, true);
         IntegrationTestUtils.makeZoneAdmin(identityClient, baseUrl, user.getId(), zoneId);
 
@@ -98,7 +111,7 @@ public void ldapLogin_withValidSelfSignedCert() throws Exception {
             "secr3T");
 
         LdapIdentityProviderDefinition ldapIdentityProviderDefinition = LdapIdentityProviderDefinition.searchAndBindMapGroupToScopes(
-          "ldaps://52.87.212.253:636/",
+          ldapUrl,
           "cn=admin,dc=test,dc=com",
           "password",
           "dc=test,dc=com",
@@ -120,76 +133,11 @@ public void ldapLogin_withValidSelfSignedCert() throws Exception {
         provider.setConfig(ldapIdentityProviderDefinition);
         provider.setOriginKey(OriginKeys.LDAP);
         provider.setName("simplesamlphp for uaa");
-        provider = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken,baseUrl,provider);
-
-        webDriver.get(zoneUrl + "/login");
-        webDriver.findElement(By.name("username")).sendKeys("marissa4");
-        webDriver.findElement(By.name("password")).sendKeys("ldap4");
-        webDriver.findElement(By.xpath("//input[@value='Sign in']")).click();
-        assertThat(webDriver.findElement(By.cssSelector("h1")).getText(), Matchers.containsString("Where to"));
-    }
-
-    @Test
-    public void ldapLogin_withExpiredSelfSignedCert() throws Exception {
-        //ensure we are able to resolve DNS for hostname testzone1.localhost
-        assumeTrue("Expected testzone1/2/3/4.localhost to resolve to 127.0.0.1", doesSupportZoneDNS());
-        String zoneId = "testzone1";
-        String zoneUrl = baseUrl.replace("localhost", "testzone1.localhost");
-
-        //identity client token
-        RestTemplate identityClient = IntegrationTestUtils.getClientCredentialsTemplate(
-                IntegrationTestUtils.getClientCredentialsResource(baseUrl, new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")
-        );
-        //admin client token - to create users
-        RestTemplate adminClient = IntegrationTestUtils.getClientCredentialsTemplate(
-                IntegrationTestUtils.getClientCredentialsResource(baseUrl, new String[0], "admin", "adminsecret")
-        );
-        //create the zone
-        IntegrationTestUtils.createZoneOrUpdateSubdomain(identityClient, baseUrl, zoneId, zoneId);
-
-        //create a zone admin user
-        String email = new RandomValueStringGenerator().generate() +"@samltesting.org";
-        ScimUser user = IntegrationTestUtils.createUser(adminClient, baseUrl,email ,"firstname", "lastname", email, true);
-        IntegrationTestUtils.makeZoneAdmin(identityClient, baseUrl, user.getId(), zoneId);
-
-        //get the zone admin token
-        String zoneAdminToken =
-                IntegrationTestUtils.getAuthorizationCodeToken(serverRunning,
-                        UaaTestAccounts.standard(serverRunning),
-                        "identity",
-                        "identitysecret",
-                        email,
-                        "secr3T");
-
-        LdapIdentityProviderDefinition ldapIdentityProviderDefinition = LdapIdentityProviderDefinition.searchAndBindMapGroupToScopes(
-                "ldaps://52.20.5.106:636/",
-                "cn=admin,dc=test,dc=com",
-                "password",
-                "dc=test,dc=com",
-                "cn={0}",
-                "ou=scopes,dc=test,dc=com",
-                "member={0}",
-                "mail",
-                null,
-                false,
-                true,
-                true,
-                100,
-                false);
-
-        IdentityProvider provider = new IdentityProvider();
-        provider.setIdentityZoneId(zoneId);
-        provider.setType(OriginKeys.LDAP);
-        provider.setActive(true);
-        provider.setConfig(ldapIdentityProviderDefinition);
-        provider.setOriginKey(OriginKeys.LDAP);
-        provider.setName("simplesamlphp for uaa");
-        provider = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken,baseUrl,provider);
+        IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken,baseUrl,provider);
 
         webDriver.get(zoneUrl + "/login");
         webDriver.findElement(By.name("username")).sendKeys("marissa4");
         webDriver.findElement(By.name("password")).sendKeys("ldap4");
         webDriver.findElement(By.xpath("//input[@value='Sign in']")).click();
-        assertThat(webDriver.findElement(By.cssSelector("h1")).getText(), Matchers.containsString("Welcome to The Twiglet Zone[" + zoneId + "]!"));
     }
 }