@Test
public void testSignatureVerificationHardcodedPublicKey() throws Exception {
// Configure OIDC identity provider with JWKS URL
IdentityProviderRepresentation idpRep = getIdentityProvider();
OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep);
cfg.setValidateSignature(true);
cfg.setUseJwksUrl(false);
KeysMetadataRepresentation.KeyMetadataRepresentation key =
ApiUtil.findActiveKey(providerRealm());
cfg.setPublicKeySignatureVerifier(key.getPublicKey());
updateIdentityProvider(idpRep);
// Check that user is able to login
logInAsUserInIDPForFirstTime();
assertLoggedInAccountManagement();
logoutFromRealm(bc.consumerRealmName());
// Rotate public keys on the parent broker
rotateKeys();
// User not able to login now as new keys can't be yet downloaded (10s timeout)
logInAsUserInIDP();
assertErrorPage("Unexpected error when authenticating with identity provider");
logoutFromRealm(bc.consumerRealmName());
// Even after time offset is user not able to login, because it uses old key hardcoded in
// identityProvider config
setTimeOffset(20);
logInAsUserInIDP();
assertErrorPage("Unexpected error when authenticating with identity provider");
}
