mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-08 08:01:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Enable the TLS based JGroups encryption by default and update the docs

Browse Source 
Closes #37696

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz
2025-03-03 14:50:51 +01:00
committed by GitHub
parent a0de3c26d7
commit bc7ec1208e
23 changed files with 206 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files
model/infinispan/src/main/java/org/keycloak/infinispan/module/certificates/JGroupsCertificateHolder.java
+4 -2
View File
@@ -84,7 +84,8 @@ public class JGroupsCertificateHolder {
}
private static X509ExtendedKeyManager createKeyManager(JGroupsCertificate newCertificate) throws GeneralSecurityException, IOException {
var ks = CryptoIntegration.getProvider().getKeyStore(KeystoreUtil.KeystoreFormat.JKS);
KeystoreUtil.KeystoreFormat keystoreFormat = CryptoIntegration.getProvider().getSupportedKeyStoreTypes().findFirst().orElseThrow(() -> new RuntimeException("No supported keystore types found"));
var ks = CryptoIntegration.getProvider().getKeyStore(keystoreFormat);
ks.load(null, null);
ks.setKeyEntry(newCertificate.getAlias(), newCertificate.getPrivateKey(), KEY_PASSWORD, new java.security.cert.Certificate[]{newCertificate.getCertificate()});
var kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
@@ -98,7 +99,8 @@ public class JGroupsCertificateHolder {
}
private static X509ExtendedTrustManager createTrustManager(JGroupsCertificate oldCertificate, JGroupsCertificate newCertificate) throws GeneralSecurityException, IOException {
var ks = CryptoIntegration.getProvider().getKeyStore(KeystoreUtil.KeystoreFormat.JKS);
KeystoreUtil.KeystoreFormat keystoreFormat = CryptoIntegration.getProvider().getSupportedKeyStoreTypes().findFirst().orElseThrow(() -> new RuntimeException("No supported keystore types found"));
var ks = CryptoIntegration.getProvider().getKeyStore(keystoreFormat);
ks.load(null, null);
if (oldCertificate != null) {
addCertificateEntry(ks, oldCertificate);