From f5a5fc34583bb20021b1740744c036788835ff1c Mon Sep 17 00:00:00 2001
From: sebastienblanc <scm.blanc@gmail.com>
Date: Tue, 11 Oct 2016 15:11:14 +0200
Subject: [PATCH] KEYCLOAK-3683: Remove trustore and trustore-password check

---
 .../extension/KeycloakSubsystemParser.java    | 14 ---
 .../adapter/extension/RealmAddHandler.java    |  4 -
 .../extension/SharedAttributeDefinitons.java  | 19 ----
 .../extension/RealmDefinitionTestCase.java    | 86 -------------------
 4 files changed, 123 deletions(-)
 delete mode 100755 adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/RealmDefinitionTestCase.java

diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
index 2a6e4d3833..d4ddc02e3d 100755
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
@@ -85,11 +85,6 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
             def.parseAndSetParameter(reader.getElementText(), addRealm, reader);
         }
 
-        if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(addRealm)) {
-            //TODO: externalize the message
-            throw new XMLStreamException("truststore and truststore-password must be set if ssl-required is not none and disable-trust-maanger is false.");
-        }
-
         list.add(addRealm);
     }
 
@@ -113,15 +108,6 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
             def.parseAndSetParameter(reader.getElementText(), addSecureDeployment, reader);
         }
 
-
-        /**
-         * TODO need to check realm-ref first.
-        if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(addSecureDeployment)) {
-            //TODO: externalize the message
-            throw new XMLStreamException("truststore and truststore-password must be set if ssl-required is not none  and disable-trust-maanger is false.");
-        }
-         */
-
         // Must add credentials after the deployment is added.
         resourcesToAdd.add(addSecureDeployment);
         resourcesToAdd.addAll(credentialsToAdd);
diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/RealmAddHandler.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/RealmAddHandler.java
index 49754d44de..0f59c4e18c 100755
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/RealmAddHandler.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/RealmAddHandler.java
@@ -48,10 +48,6 @@ public final class RealmAddHandler extends AbstractAddStepHandler {
             attrib.validateAndSet(operation, model);
         }
 
-        if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(model.clone())) {
-            //TODO: externalize message
-            throw new OperationFailedException("truststore and truststore-password must be set if ssl-required is not none and disable-trust-maanger is false.");
-        }
     }
 
     @Override
diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SharedAttributeDefinitons.java b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SharedAttributeDefinitons.java
index 0244d47257..f9f8a6a3e2 100755
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SharedAttributeDefinitons.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SharedAttributeDefinitons.java
@@ -195,25 +195,6 @@ public class SharedAttributeDefinitons {
         ATTRIBUTES.add(PRINCIPAL_ATTRIBUTE);
     }
 
-    /**
-     * truststore and truststore-password must be set if ssl-required is not none and disable-trust-manager is false.
-     *
-     * @param attributes The full set of attributes.
-     *
-     * @return <code>true</code> if the attributes are valid, <code>false</code> otherwise.
-     */
-    public static boolean validateTruststoreSetIfRequired(ModelNode attributes) {
-        if (isSet(attributes, DISABLE_TRUST_MANAGER)) {
-            return true;
-        }
-
-        if (isSet(attributes, SSL_REQUIRED) && attributes.get(SSL_REQUIRED.getName()).asString().equals("none")) {
-            return true;
-        }
-
-        return isSet(attributes, TRUSTSTORE) && isSet(attributes, TRUSTSTORE_PASSWORD);
-    }
-
     private static boolean isSet(ModelNode attributes, SimpleAttributeDefinition def) {
         ModelNode attribute = attributes.get(def.getName());
 
diff --git a/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/RealmDefinitionTestCase.java b/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/RealmDefinitionTestCase.java
deleted file mode 100755
index e938d4892e..0000000000
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/RealmDefinitionTestCase.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.subsystem.adapter.extension;
-
-import org.jboss.dmr.ModelNode;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
- */
-public class RealmDefinitionTestCase {
-
-    private ModelNode model;
-
-    @Before
-    public void setUp() {
-        model = new ModelNode();
-        model.get("realm").set("demo");
-        model.get("resource").set("customer-portal");
-        model.get("realm-public-key").set("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB");
-        model.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/login");
-        model.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
-        model.get("expose-token").set(true);
-        ModelNode credential = new ModelNode();
-        credential.get("password").set("password");
-        model.get("credentials").set(credential);
-    }
-
-    @Test
-    public void testIsTruststoreSetIfRequired() throws Exception {
-        model.get("ssl-required").set("none");
-        model.get("disable-trust-manager").set(true);
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("none");
-        model.get("disable-trust-manager").set(false);
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(true);
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(false);
-        Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("external");
-        model.get("disable-trust-manager").set(false);
-        Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(false);
-        model.get("truststore").set("foo");
-        Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(false);
-        model.get("truststore").set("foo");
-        model.get("truststore-password").set("password");
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("external");
-        model.get("disable-trust-manager").set(false);
-        model.get("truststore").set("foo");
-        model.get("truststore-password").set("password");
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-    }
-
-}