Manage elytron configuration if configured for JDK-17

Closes https://github.com/keycloak/keycloak/issues/20385
This commit is contained in:
rmartinc 2023-06-02 18:11:39 +02:00 committed by Michal Hajas
parent d89679e62d
commit d80094793b

View file

@ -30,13 +30,13 @@ import org.jboss.logging.Logger;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.wildfly.extras.creaper.commands.web.AddConnector;
import org.wildfly.extras.creaper.commands.web.AddConnectorSslConfig;
import org.wildfly.extras.creaper.core.CommandFailedException;
import org.wildfly.extras.creaper.core.ManagementClient;
import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.ManagementProtocol;
import org.wildfly.extras.creaper.core.online.ModelNodeResult;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineOptions;
import org.wildfly.extras.creaper.core.online.operations.Address;
@ -214,7 +214,26 @@ public class AppServerTestEnricher {
Administration administration = new Administration(client);
Operations operations = new Operations(client);
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
boolean isElytronConfigured = false;
try {
// check if the eap is configured to use elytron
ModelNodeResult result = operations.readAttribute(Address.subsystem("undertow")
.and("server", "default-server").and("https-listener", "https"), "ssl-context");
if (!result.isFailed() && result.hasDefinedValue()) {
isElytronConfigured = true;
}
} catch (IOException e) {
log.debug("Error reading 'ssl-context' attribute in undertow, assuming not elytron", e);
}
if (isElytronConfigured && !operations.exists(Address.subsystem("elytron").and("server-ssl-context", "KCSslContext"))) {
client.execute("/subsystem=elytron/key-store=KCKeyStore:add(path=adapter.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)");
client.execute("/subsystem=elytron/key-manager=KCKeyManager:add(key-store=KCKeyStore,credential-reference={clear-text=secret,algorithm=PKIX})");
client.execute("/subsystem=elytron/key-store=KCTrustStore:add(relative-to=jboss.server.config.dir,path=keycloak.truststore,credential-reference={clear-text=secret},type=JKS)");
client.execute("/subsystem=elytron/trust-manager=KCTrustManager:add(key-store=KCTrustStore)");
client.execute("/subsystem=elytron/server-ssl-context=KCSslContext:add(key-manager=KCKeyManager,trust-manager=KCTrustManager)");
client.execute("/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=KCSslContext)");
} else if (!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
}
@ -244,7 +263,7 @@ public class AppServerTestEnricher {
client.execute("/subsystem=web/connector=https/configuration=ssl:write-attribute(name=cipher-suite, value=\"SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA\")");
}
}
} else {
} else if (!isElytronConfigured) {
removeHttpsListener(client, administration);
addHttpsListenerAppServer(client);
}
@ -275,16 +294,16 @@ public class AppServerTestEnricher {
ContainerController controller = containerConrollerInstance.get();
if (controller.isStarted(testContext.getAppServerInfo().getQualifier())) {
log.info("Stopping app server: " + testContext.getAppServerInfo().getQualifier());
controller.stop(testContext.getAppServerInfo().getQualifier());
}
// remove tmp folder for JBoss based app servers for proper clean-up
if (isJBossBased()) {
final File tmpFolder = Paths.get(System.getProperty("app.server.home"), "standalone-test", "tmp").toFile();
FileUtils.deleteDirectory(tmpFolder);
}
if (controller.isStarted(testContext.getAppServerInfo().getQualifier())) {
log.info("Stopping app server: " + testContext.getAppServerInfo().getQualifier());
controller.stop(testContext.getAppServerInfo().getQualifier());
}
}
/**