Manage elytron configuration if configured for JDK-17
Closes https://github.com/keycloak/keycloak/issues/20385
This commit is contained in:
parent
d89679e62d
commit
d80094793b
1 changed files with 27 additions and 8 deletions
|
@ -30,13 +30,13 @@ import org.jboss.logging.Logger;
|
|||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
|
||||
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
|
||||
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
|
||||
import org.wildfly.extras.creaper.commands.web.AddConnector;
|
||||
import org.wildfly.extras.creaper.commands.web.AddConnectorSslConfig;
|
||||
import org.wildfly.extras.creaper.core.CommandFailedException;
|
||||
import org.wildfly.extras.creaper.core.ManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.CliException;
|
||||
import org.wildfly.extras.creaper.core.online.ManagementProtocol;
|
||||
import org.wildfly.extras.creaper.core.online.ModelNodeResult;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineOptions;
|
||||
import org.wildfly.extras.creaper.core.online.operations.Address;
|
||||
|
@ -214,7 +214,26 @@ public class AppServerTestEnricher {
|
|||
Administration administration = new Administration(client);
|
||||
Operations operations = new Operations(client);
|
||||
|
||||
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
|
||||
boolean isElytronConfigured = false;
|
||||
try {
|
||||
// check if the eap is configured to use elytron
|
||||
ModelNodeResult result = operations.readAttribute(Address.subsystem("undertow")
|
||||
.and("server", "default-server").and("https-listener", "https"), "ssl-context");
|
||||
if (!result.isFailed() && result.hasDefinedValue()) {
|
||||
isElytronConfigured = true;
|
||||
}
|
||||
} catch (IOException e) {
|
||||
log.debug("Error reading 'ssl-context' attribute in undertow, assuming not elytron", e);
|
||||
}
|
||||
|
||||
if (isElytronConfigured && !operations.exists(Address.subsystem("elytron").and("server-ssl-context", "KCSslContext"))) {
|
||||
client.execute("/subsystem=elytron/key-store=KCKeyStore:add(path=adapter.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)");
|
||||
client.execute("/subsystem=elytron/key-manager=KCKeyManager:add(key-store=KCKeyStore,credential-reference={clear-text=secret,algorithm=PKIX})");
|
||||
client.execute("/subsystem=elytron/key-store=KCTrustStore:add(relative-to=jboss.server.config.dir,path=keycloak.truststore,credential-reference={clear-text=secret},type=JKS)");
|
||||
client.execute("/subsystem=elytron/trust-manager=KCTrustManager:add(key-store=KCTrustStore)");
|
||||
client.execute("/subsystem=elytron/server-ssl-context=KCSslContext:add(key-manager=KCKeyManager,trust-manager=KCTrustManager)");
|
||||
client.execute("/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=KCSslContext)");
|
||||
} else if (!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
|
||||
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
|
||||
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
|
||||
}
|
||||
|
@ -244,7 +263,7 @@ public class AppServerTestEnricher {
|
|||
client.execute("/subsystem=web/connector=https/configuration=ssl:write-attribute(name=cipher-suite, value=\"SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA\")");
|
||||
}
|
||||
}
|
||||
} else {
|
||||
} else if (!isElytronConfigured) {
|
||||
removeHttpsListener(client, administration);
|
||||
addHttpsListenerAppServer(client);
|
||||
}
|
||||
|
@ -275,16 +294,16 @@ public class AppServerTestEnricher {
|
|||
|
||||
ContainerController controller = containerConrollerInstance.get();
|
||||
|
||||
if (controller.isStarted(testContext.getAppServerInfo().getQualifier())) {
|
||||
log.info("Stopping app server: " + testContext.getAppServerInfo().getQualifier());
|
||||
controller.stop(testContext.getAppServerInfo().getQualifier());
|
||||
}
|
||||
|
||||
// remove tmp folder for JBoss based app servers for proper clean-up
|
||||
if (isJBossBased()) {
|
||||
final File tmpFolder = Paths.get(System.getProperty("app.server.home"), "standalone-test", "tmp").toFile();
|
||||
FileUtils.deleteDirectory(tmpFolder);
|
||||
}
|
||||
|
||||
if (controller.isStarted(testContext.getAppServerInfo().getQualifier())) {
|
||||
log.info("Stopping app server: " + testContext.getAppServerInfo().getQualifier());
|
||||
controller.stop(testContext.getAppServerInfo().getQualifier());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue