KEYCLOAK-11227 Removed enabled/disabled flag from FileTruststoreProvider

2019-09-02 10:26:15 +02:00 · 2019-09-02 10:26:15 +02:00 · ea1b22daa7
commit ea1b22daa7
parent b4e2c1ec7d
5 changed files with 34 additions and 10 deletions
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
@ -659,4 +659,12 @@ if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=u
    echo
 end-if

+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
 echo *** End Migration of /profile=$clusteredProfile ***
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
@ -560,4 +560,12 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache
    echo
 end-if

+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
 echo *** End Migration of /profile=$standaloneProfile ***
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
@ -719,4 +719,12 @@ if (result == undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-
    echo
 end-if

+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
 echo *** End Migration ***
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
@ -584,4 +584,12 @@ if (outcome == failed) of /subsystem=infinispan/cache-container=web/local-cache=
    echo
 end-if

+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
 echo *** End Migration ***
--- a/services/src/main/java/org/keycloak/truststore/FileTruststoreProviderFactory.java
+++ b/services/src/main/java/org/keycloak/truststore/FileTruststoreProviderFactory.java
@ -22,6 +22,7 @@ import org.keycloak.Config;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;

+import javax.security.auth.x500.X500Principal;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@ -38,11 +39,8 @@ import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;

-import javax.security.auth.x500.X500Principal;
-
 /**
 * @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
 */
@ -63,15 +61,9 @@ public class FileTruststoreProviderFactory implements TruststoreProviderFactory
        String storepath = config.get("file");
        String pass = config.get("password");
        String policy = config.get("hostname-verification-policy");
-        Boolean disabled = config.getBoolean("disabled", null);

        // if "truststore" . "file" is not configured then it is disabled
-        if (storepath == null && pass == null && policy == null && disabled == null) {
-            return;
-        }
-
-        // if explicitly disabled
-        if (disabled != null && disabled) {
+        if (storepath == null && pass == null && policy == null) {
            return;
        }