From ea1b22daa7a45c2ccb676a40d46e75fdea88eaac Mon Sep 17 00:00:00 2001 From: Sebastian Laskawiec Date: Mon, 2 Sep 2019 10:26:15 +0200 Subject: [PATCH] KEYCLOAK-11227 Removed enabled/disabled flag from FileTruststoreProvider --- .../content/bin/migrate-domain-clustered.cli | 8 ++++++++ .../content/bin/migrate-domain-standalone.cli | 8 ++++++++ .../resources/content/bin/migrate-standalone-ha.cli | 8 ++++++++ .../resources/content/bin/migrate-standalone.cli | 8 ++++++++ .../truststore/FileTruststoreProviderFactory.java | 12 ++---------- 5 files changed, 34 insertions(+), 10 deletions(-) diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli index aed13ba7f2..809108e4ce 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli @@ -659,4 +659,12 @@ if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=u echo end-if +if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled) + echo Disabling Truststore Provider + /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false) + echo Removing deprecated option + /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled) + echo +end-if + echo *** End Migration of /profile=$clusteredProfile *** diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli index ec52f9ff6d..2c9a425b2e 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli @@ -560,4 +560,12 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache echo end-if +if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled) + echo Disabling Truststore Provider + /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false) + echo Removing deprecated option + /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled) + echo +end-if + echo *** End Migration of /profile=$standaloneProfile *** diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli index 72424aaba4..26ba71d3c4 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli @@ -719,4 +719,12 @@ if (result == undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read- echo end-if +if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled) + echo Disabling Truststore Provider + /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false) + echo Removing deprecated option + /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled) + echo +end-if + echo *** End Migration *** diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli index db1593c6df..55801564aa 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli @@ -584,4 +584,12 @@ if (outcome == failed) of /subsystem=infinispan/cache-container=web/local-cache= echo end-if +if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled) + echo Disabling Truststore Provider + /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false) + echo Removing deprecated option + /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled) + echo +end-if + echo *** End Migration *** diff --git a/services/src/main/java/org/keycloak/truststore/FileTruststoreProviderFactory.java b/services/src/main/java/org/keycloak/truststore/FileTruststoreProviderFactory.java index c3af8473e1..25545e9ebf 100755 --- a/services/src/main/java/org/keycloak/truststore/FileTruststoreProviderFactory.java +++ b/services/src/main/java/org/keycloak/truststore/FileTruststoreProviderFactory.java @@ -22,6 +22,7 @@ import org.keycloak.Config; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; +import javax.security.auth.x500.X500Principal; import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -38,11 +39,8 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.HashMap; -import java.util.HashSet; import java.util.Map; -import javax.security.auth.x500.X500Principal; - /** * @author Marko Strukelj */ @@ -63,15 +61,9 @@ public class FileTruststoreProviderFactory implements TruststoreProviderFactory String storepath = config.get("file"); String pass = config.get("password"); String policy = config.get("hostname-verification-policy"); - Boolean disabled = config.getBoolean("disabled", null); // if "truststore" . "file" is not configured then it is disabled - if (storepath == null && pass == null && policy == null && disabled == null) { - return; - } - - // if explicitly disabled - if (disabled != null && disabled) { + if (storepath == null && pass == null && policy == null) { return; }