libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-11227 Removed enabled/disabled flag from FileTruststoreProvider

Browse source
This commit is contained in:
Sebastian Laskawiec 2019-09-02 10:26:15 +02:00 committed by Stian Thorgersen
parent b4e2c1ec7d
commit ea1b22daa7
5 changed files with 34 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
View file

@ -659,4 +659,12 @@ if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=u
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
echo *** End Migration of /profile=$clusteredProfile ***

8
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
View file

@ -560,4 +560,12 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
echo *** End Migration of /profile=$standaloneProfile ***

8
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
View file

@ -719,4 +719,12 @@ if (result == undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
echo *** End Migration ***

8
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
View file

@ -584,4 +584,12 @@ if (outcome == failed) of /subsystem=infinispan/cache-container=web/local-cache=
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
echo *** End Migration ***

12
services/src/main/java/org/keycloak/truststore/FileTruststoreProviderFactory.java
View file

@ -22,6 +22,7 @@ import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@ -38,11 +39,8 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
/**
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
*/
@ -63,15 +61,9 @@ public class FileTruststoreProviderFactory implements TruststoreProviderFactory
String storepath = config.get("file");
String pass = config.get("password");
String policy = config.get("hostname-verification-policy");
Boolean disabled = config.getBoolean("disabled", null);
// if "truststore" . "file" is not configured then it is disabled
if (storepath == null && pass == null && policy == null && disabled == null) {
return;
}
// if explicitly disabled
if (disabled != null && disabled) {
if (storepath == null && pass == null && policy == null) {
return;
}