Throw an exception if transport mTLS keystore or Truststore does not exist #40024
Description
Description
If a user incorrectly configures the --cache-embedded-mtls-key-store-file or --cache-embedded-mtls-trust-store-file arg so that it points to a non-existing file, we should fail-fast and alert the user.
Discussion
No response
Motivation
Currently if the --cache-embedded-mtls-key-store-file or --cache-embedded-mtls-trust-store-file arg is misconfigured to point to a store that does not exist, Keycloak proceeds with startup and the cluster will not form. The only hint to users that there is a problem is that the cluster will not form and the logs will contain errors such as:
Missing Keystore:
WARN [org.jgroups.protocols.TCP] (TcpServer.Acceptor[7800]-1,77fb48e5a530-610) JGRP000006: 172.18.0.3:7800: failed accepting connection from peer SSLSocket[hostname=172.18.0.4, port=44361, Session(1748422403764|SSL_NULL_WITH_NULL_NULL)]: java.net.SocketException: Socket is closed
ERROR [org.jgroups.protocols.TCP] (TQ-Bundler-5,da2f0e470f21-399) JGRP000034: da2f0e470f21-399: failure sending message to 77fb48e5a530-610: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Missing Truststore:
ERROR [org.jgroups.protocols.TCP] (TQ-Bundler-5,2a504c38be47-21187) JGRP000034: 2a504c38be47-21187: failure sending message to 53864ad4cf8f-25658: javax.net.ssl.SSLHandshakeException: No trusted certificate found
WARN [org.jgroups.protocols.TCP] (TcpServer.Acceptor[7800]-1,53864ad4cf8f-25658) JGRP000006: 172.18.0.4:7800: failed accepting connection from peer SSLSocket[hostname=172.18.0.3, port=48621, Session(1748422484059|SSL_NULL_WITH_NULL_NULL)]: java.net.SocketException: Socket is closed
This implies that there's an issue with the certificates, when really the problem is that the key/trust store does not exist.
We can improve the user experience by making the cause of the clustering issues clearer and informing the user of the missing files.
Details
No response