mirror of
https://github.com/keycloak/keycloak.git
synced 2026-01-25 16:42:34 +00:00
15
pom.xml
15
pom.xml
@@ -43,8 +43,8 @@
|
||||
<jboss.snapshots.repo.id>jboss-snapshots-repository</jboss.snapshots.repo.id>
|
||||
<jboss.snapshots.repo.url>https://s01.oss.sonatype.org/content/repositories/snapshots/</jboss.snapshots.repo.url>
|
||||
|
||||
<quarkus.version>3.2.0.Final</quarkus.version>
|
||||
<quarkus.build.version>3.2.0.Final</quarkus.build.version>
|
||||
<quarkus.version>3.2.2.Final</quarkus.version>
|
||||
<quarkus.build.version>3.2.2.Final</quarkus.build.version>
|
||||
|
||||
<project.build-time>${timestamp}</project.build-time>
|
||||
|
||||
@@ -74,8 +74,10 @@
|
||||
<cxf.undertow.version>3.3.10</cxf.undertow.version>
|
||||
<dom4j.version>2.1.3</dom4j.version>
|
||||
<h2.version>2.2.220</h2.version>
|
||||
<hibernate-orm.plugin.version>6.2.5.Final</hibernate-orm.plugin.version>
|
||||
<hibernate.c3p0.version>6.2.5.Final</hibernate.c3p0.version>
|
||||
<!-- FIXME Temporarily override Hibernate version to fix https://hibernate.atlassian.net/browse/HHH-16905; before removing, check https://github.com/quarkusio/quarkus/blob/<version>/bom/application/pom.xml -->
|
||||
<hibernate-orm.version>6.2.7.Final</hibernate-orm.version>
|
||||
<hibernate-orm.plugin.version>6.2.7.Final</hibernate-orm.plugin.version>
|
||||
<hibernate.c3p0.version>6.2.7.Final</hibernate.c3p0.version>
|
||||
<infinispan.version>14.0.13.Final</infinispan.version>
|
||||
<infinispan.protostream.processor.version>4.6.2.Final</infinispan.protostream.processor.version>
|
||||
|
||||
@@ -504,6 +506,11 @@
|
||||
<version>${h2.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hibernate.orm</groupId>
|
||||
<artifactId>hibernate-core</artifactId>
|
||||
<version>${hibernate-orm.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hibernate.orm</groupId>
|
||||
<artifactId>hibernate-c3p0</artifactId>
|
||||
|
||||
@@ -56,7 +56,7 @@ public class HttpOptions {
|
||||
public static final Option HTTPS_PROTOCOLS = new OptionBuilder<>("https-protocols", String.class)
|
||||
.category(OptionCategory.HTTP)
|
||||
.description("The list of protocols to explicitly enable.")
|
||||
.defaultValue("TLSv1.3")
|
||||
.defaultValue("TLSv1.3,TLSv1.2")
|
||||
.build();
|
||||
|
||||
public static final Option HTTPS_CERTIFICATE_FILE = new OptionBuilder<>("https-certificate-file", File.class)
|
||||
|
||||
@@ -12,6 +12,9 @@ import java.util.Optional;
|
||||
import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption;
|
||||
|
||||
final class ConfigKeystorePropertyMappers {
|
||||
private static final String SMALLRYE_KEYSTORE_PATH = "smallrye.config.source.keystore.kc-default.path";
|
||||
private static final String SMALLRYE_KEYSTORE_PASSWORD = "smallrye.config.source.keystore.kc-default.password";
|
||||
|
||||
|
||||
private ConfigKeystorePropertyMappers() {
|
||||
}
|
||||
@@ -19,12 +22,12 @@ final class ConfigKeystorePropertyMappers {
|
||||
public static PropertyMapper[] getConfigKeystorePropertyMappers() {
|
||||
return new PropertyMapper[] {
|
||||
fromOption(ConfigKeystoreOptions.CONFIG_KEYSTORE)
|
||||
.to("smallrye.config.source.keystore.kc-default.path")
|
||||
.to(SMALLRYE_KEYSTORE_PATH)
|
||||
.transformer(ConfigKeystorePropertyMappers::validatePath)
|
||||
.paramLabel("config-keystore")
|
||||
.build(),
|
||||
fromOption(ConfigKeystoreOptions.CONFIG_KEYSTORE_PASSWORD)
|
||||
.to("smallrye.config.source.keystore.kc-default.password")
|
||||
.to(SMALLRYE_KEYSTORE_PASSWORD)
|
||||
.transformer(ConfigKeystorePropertyMappers::validatePassword)
|
||||
.paramLabel("config-keystore-password")
|
||||
.build(),
|
||||
@@ -36,12 +39,17 @@ final class ConfigKeystorePropertyMappers {
|
||||
}
|
||||
|
||||
private static Optional<String> validatePath(Optional<String> option, ConfigSourceInterceptorContext context) {
|
||||
ConfigValue path = context.proceed("smallrye.config.source.keystore.kc-default.path");
|
||||
ConfigValue path = context.proceed(SMALLRYE_KEYSTORE_PATH);
|
||||
boolean isPasswordDefined = context.proceed(SMALLRYE_KEYSTORE_PASSWORD) != null;
|
||||
|
||||
if (path == null) {
|
||||
throw new IllegalArgumentException("config-keystore must be specified");
|
||||
}
|
||||
|
||||
if (!isPasswordDefined) {
|
||||
throw new IllegalArgumentException("config-keystore-password must be specified");
|
||||
}
|
||||
|
||||
Optional<String> realPath = Optional.of(String.valueOf(Paths.get(path.getValue()).toAbsolutePath().normalize()));
|
||||
if (!Files.exists(Path.of(realPath.get()))) {
|
||||
throw new IllegalArgumentException("config-keystore path does not exist: " + realPath.get());
|
||||
@@ -50,11 +58,17 @@ final class ConfigKeystorePropertyMappers {
|
||||
}
|
||||
|
||||
private static Optional<String> validatePassword(Optional<String> option, ConfigSourceInterceptorContext context) {
|
||||
ConfigValue password = context.proceed("smallrye.config.source.keystore.kc-default.password");
|
||||
boolean isPasswordDefined = context.proceed(SMALLRYE_KEYSTORE_PASSWORD).getValue() != null;
|
||||
boolean isPathDefined = context.proceed(SMALLRYE_KEYSTORE_PATH) != null;
|
||||
|
||||
if (password == null) {
|
||||
if (!isPasswordDefined) {
|
||||
throw new IllegalArgumentException("config-keystore-password must be specified");
|
||||
}
|
||||
|
||||
if (!isPathDefined) {
|
||||
throw new IllegalArgumentException("config-keystore must be specified");
|
||||
}
|
||||
|
||||
return option;
|
||||
}
|
||||
|
||||
|
||||
@@ -123,7 +123,7 @@ public class QuarkusPropertiesDistTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
@Launch({ "start", "--http-enabled=true", "--hostname-strict=false", "--config-keystore=keystore" })
|
||||
@Launch({ "start", "--http-enabled=true", "--hostname-strict=false", "--config-keystore=../../../../src/test/resources/keystore" })
|
||||
@Order(10)
|
||||
void testMissingSmallRyeKeyStorePasswordProperty(LaunchResult result) {
|
||||
CLIResult cliResult = (CLIResult) result;
|
||||
|
||||
@@ -142,7 +142,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -137,7 +137,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -205,7 +205,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -200,7 +200,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -148,7 +148,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -143,7 +143,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -211,7 +211,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -206,7 +206,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -107,7 +107,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -100,7 +100,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -126,7 +126,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
@@ -119,7 +119,7 @@ HTTP/TLS:
|
||||
value is set, it defaults to 'BCFKS'.
|
||||
--https-port <port> The used HTTPS port. Default: 8443.
|
||||
--https-protocols <protocols>
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3.
|
||||
The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2.
|
||||
--https-trust-store-file <file>
|
||||
The trust store which holds the certificate information of the certificates to
|
||||
trust.
|
||||
|
||||
Reference in New Issue
Block a user