KEYCLOAK-3683: Remove trustore and trustore-password check
This commit is contained in:
parent
a1fd85c52a
commit
f5a5fc3458
4 changed files with 0 additions and 123 deletions
|
@ -85,11 +85,6 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
||||||
def.parseAndSetParameter(reader.getElementText(), addRealm, reader);
|
def.parseAndSetParameter(reader.getElementText(), addRealm, reader);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(addRealm)) {
|
|
||||||
//TODO: externalize the message
|
|
||||||
throw new XMLStreamException("truststore and truststore-password must be set if ssl-required is not none and disable-trust-maanger is false.");
|
|
||||||
}
|
|
||||||
|
|
||||||
list.add(addRealm);
|
list.add(addRealm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -113,15 +108,6 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
||||||
def.parseAndSetParameter(reader.getElementText(), addSecureDeployment, reader);
|
def.parseAndSetParameter(reader.getElementText(), addSecureDeployment, reader);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* TODO need to check realm-ref first.
|
|
||||||
if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(addSecureDeployment)) {
|
|
||||||
//TODO: externalize the message
|
|
||||||
throw new XMLStreamException("truststore and truststore-password must be set if ssl-required is not none and disable-trust-maanger is false.");
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
// Must add credentials after the deployment is added.
|
// Must add credentials after the deployment is added.
|
||||||
resourcesToAdd.add(addSecureDeployment);
|
resourcesToAdd.add(addSecureDeployment);
|
||||||
resourcesToAdd.addAll(credentialsToAdd);
|
resourcesToAdd.addAll(credentialsToAdd);
|
||||||
|
|
|
@ -48,10 +48,6 @@ public final class RealmAddHandler extends AbstractAddStepHandler {
|
||||||
attrib.validateAndSet(operation, model);
|
attrib.validateAndSet(operation, model);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(model.clone())) {
|
|
||||||
//TODO: externalize message
|
|
||||||
throw new OperationFailedException("truststore and truststore-password must be set if ssl-required is not none and disable-trust-maanger is false.");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -195,25 +195,6 @@ public class SharedAttributeDefinitons {
|
||||||
ATTRIBUTES.add(PRINCIPAL_ATTRIBUTE);
|
ATTRIBUTES.add(PRINCIPAL_ATTRIBUTE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* truststore and truststore-password must be set if ssl-required is not none and disable-trust-manager is false.
|
|
||||||
*
|
|
||||||
* @param attributes The full set of attributes.
|
|
||||||
*
|
|
||||||
* @return <code>true</code> if the attributes are valid, <code>false</code> otherwise.
|
|
||||||
*/
|
|
||||||
public static boolean validateTruststoreSetIfRequired(ModelNode attributes) {
|
|
||||||
if (isSet(attributes, DISABLE_TRUST_MANAGER)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isSet(attributes, SSL_REQUIRED) && attributes.get(SSL_REQUIRED.getName()).asString().equals("none")) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
return isSet(attributes, TRUSTSTORE) && isSet(attributes, TRUSTSTORE_PASSWORD);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static boolean isSet(ModelNode attributes, SimpleAttributeDefinition def) {
|
private static boolean isSet(ModelNode attributes, SimpleAttributeDefinition def) {
|
||||||
ModelNode attribute = attributes.get(def.getName());
|
ModelNode attribute = attributes.get(def.getName());
|
||||||
|
|
||||||
|
|
|
@ -1,86 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
* and other contributors as indicated by the @author tags.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.keycloak.subsystem.adapter.extension;
|
|
||||||
|
|
||||||
import org.jboss.dmr.ModelNode;
|
|
||||||
import org.junit.Assert;
|
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Test;
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
|
||||||
*/
|
|
||||||
public class RealmDefinitionTestCase {
|
|
||||||
|
|
||||||
private ModelNode model;
|
|
||||||
|
|
||||||
@Before
|
|
||||||
public void setUp() {
|
|
||||||
model = new ModelNode();
|
|
||||||
model.get("realm").set("demo");
|
|
||||||
model.get("resource").set("customer-portal");
|
|
||||||
model.get("realm-public-key").set("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB");
|
|
||||||
model.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/login");
|
|
||||||
model.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
|
|
||||||
model.get("expose-token").set(true);
|
|
||||||
ModelNode credential = new ModelNode();
|
|
||||||
credential.get("password").set("password");
|
|
||||||
model.get("credentials").set(credential);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testIsTruststoreSetIfRequired() throws Exception {
|
|
||||||
model.get("ssl-required").set("none");
|
|
||||||
model.get("disable-trust-manager").set(true);
|
|
||||||
Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
|
|
||||||
model.get("ssl-required").set("none");
|
|
||||||
model.get("disable-trust-manager").set(false);
|
|
||||||
Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
|
|
||||||
model.get("ssl-required").set("all");
|
|
||||||
model.get("disable-trust-manager").set(true);
|
|
||||||
Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
|
|
||||||
model.get("ssl-required").set("all");
|
|
||||||
model.get("disable-trust-manager").set(false);
|
|
||||||
Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
|
|
||||||
model.get("ssl-required").set("external");
|
|
||||||
model.get("disable-trust-manager").set(false);
|
|
||||||
Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
|
|
||||||
model.get("ssl-required").set("all");
|
|
||||||
model.get("disable-trust-manager").set(false);
|
|
||||||
model.get("truststore").set("foo");
|
|
||||||
Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
|
|
||||||
model.get("ssl-required").set("all");
|
|
||||||
model.get("disable-trust-manager").set(false);
|
|
||||||
model.get("truststore").set("foo");
|
|
||||||
model.get("truststore-password").set("password");
|
|
||||||
Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
|
|
||||||
model.get("ssl-required").set("external");
|
|
||||||
model.get("disable-trust-manager").set(false);
|
|
||||||
model.get("truststore").set("foo");
|
|
||||||
model.get("truststore-password").set("password");
|
|
||||||
Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in a new issue