KEYCLOAK-3683: Remove trustore and trustore-password check

2016-10-11 15:11:14 +02:00 · 2016-10-11 15:11:14 +02:00 · f5a5fc3458
commit f5a5fc3458
parent a1fd85c52a
4 changed files with 0 additions and 123 deletions
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
@ -85,11 +85,6 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
            def.parseAndSetParameter(reader.getElementText(), addRealm, reader);
        }

-        if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(addRealm)) {
-            //TODO: externalize the message
-            throw new XMLStreamException("truststore and truststore-password must be set if ssl-required is not none and disable-trust-maanger is false.");
-        }
-
        list.add(addRealm);
    }

@ -113,15 +108,6 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
            def.parseAndSetParameter(reader.getElementText(), addSecureDeployment, reader);
        }

-
-        /**
-         * TODO need to check realm-ref first.
-        if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(addSecureDeployment)) {
-            //TODO: externalize the message
-            throw new XMLStreamException("truststore and truststore-password must be set if ssl-required is not none  and disable-trust-maanger is false.");
-        }
-         */
-
        // Must add credentials after the deployment is added.
        resourcesToAdd.add(addSecureDeployment);
        resourcesToAdd.addAll(credentialsToAdd);
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/RealmAddHandler.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/RealmAddHandler.java
@ -48,10 +48,6 @@ public final class RealmAddHandler extends AbstractAddStepHandler {
            attrib.validateAndSet(operation, model);
        }

-        if (!SharedAttributeDefinitons.validateTruststoreSetIfRequired(model.clone())) {
-            //TODO: externalize message
-            throw new OperationFailedException("truststore and truststore-password must be set if ssl-required is not none and disable-trust-maanger is false.");
-        }
    }

    @Override
--- a/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SharedAttributeDefinitons.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/SharedAttributeDefinitons.java
@ -195,25 +195,6 @@ public class SharedAttributeDefinitons {
        ATTRIBUTES.add(PRINCIPAL_ATTRIBUTE);
    }

-    /**
-     * truststore and truststore-password must be set if ssl-required is not none and disable-trust-manager is false.
-     *
-     * @param attributes The full set of attributes.
-     *
-     * @return <code>true</code> if the attributes are valid, <code>false</code> otherwise.
-     */
-    public static boolean validateTruststoreSetIfRequired(ModelNode attributes) {
-        if (isSet(attributes, DISABLE_TRUST_MANAGER)) {
-            return true;
-        }
-
-        if (isSet(attributes, SSL_REQUIRED) && attributes.get(SSL_REQUIRED.getName()).asString().equals("none")) {
-            return true;
-        }
-
-        return isSet(attributes, TRUSTSTORE) && isSet(attributes, TRUSTSTORE_PASSWORD);
-    }
-
    private static boolean isSet(ModelNode attributes, SimpleAttributeDefinition def) {
        ModelNode attribute = attributes.get(def.getName());

--- a/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/RealmDefinitionTestCase.java
+++ b/adapters/oidc/wildfly/wildfly-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/RealmDefinitionTestCase.java
@ -1,86 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.subsystem.adapter.extension;
-
-import org.jboss.dmr.ModelNode;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
- */
-public class RealmDefinitionTestCase {
-
-    private ModelNode model;
-
-    @Before
-    public void setUp() {
-        model = new ModelNode();
-        model.get("realm").set("demo");
-        model.get("resource").set("customer-portal");
-        model.get("realm-public-key").set("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB");
-        model.get("auth-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/login");
-        model.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
-        model.get("expose-token").set(true);
-        ModelNode credential = new ModelNode();
-        credential.get("password").set("password");
-        model.get("credentials").set(credential);
-    }
-
-    @Test
-    public void testIsTruststoreSetIfRequired() throws Exception {
-        model.get("ssl-required").set("none");
-        model.get("disable-trust-manager").set(true);
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("none");
-        model.get("disable-trust-manager").set(false);
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(true);
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(false);
-        Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("external");
-        model.get("disable-trust-manager").set(false);
-        Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(false);
-        model.get("truststore").set("foo");
-        Assert.assertFalse(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("all");
-        model.get("disable-trust-manager").set(false);
-        model.get("truststore").set("foo");
-        model.get("truststore-password").set("password");
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-
-        model.get("ssl-required").set("external");
-        model.get("disable-trust-manager").set(false);
-        model.get("truststore").set("foo");
-        model.get("truststore-password").set("password");
-        Assert.assertTrue(SharedAttributeDefinitons.validateTruststoreSetIfRequired(model));
-    }
-
-}