If the keystore is removed, clear out the config and http client so we don't use it anymore after it's been deleted.

Author: BrandesEric

agent/agent.go

@@ -69,11 +69,14 @@ func PollForConfiguration() (configChanged bool, err error) {
 	}
 
 	if response == nil {
+		// No changes from the poll response
 		return false, nil
 	}
 
 	if response.Keystore != nil {
 		updateKeystoreConfig(response.Keystore)
+	} else if config.CurrentConfig.Keystore != nil {
+		removeKeystoreConfig()
 	}
 
 	if response.LockRequested && !isLocked {
@@ -183,6 +186,15 @@ func updateKeystoreConfig(ks *config.KeystoreConfig) {
 	}
 }
 
+func removeKeystoreConfig() {
+	log.Printf("Keystore configuration removed by server, clearing keystore client")
+	api.ClearKeystoreClient()
+	config.CurrentConfig.Keystore = nil
+	if err := config.SaveConfig(&config.CurrentConfig, config.CurrentPath); err != nil {
+		log.Printf("Error saving config after keystore removal: %v", err)
+	}
+}
+
 // InitKeystoreFromConfig rebuilds the keystore TLS client from saved config (e.g. on restart).
 func InitKeystoreFromConfig() {
 	ks := config.CurrentConfig.Keystore

api/keystore_client.go

@@ -58,6 +58,17 @@ func GetKeystoreClient() *http.Client {
 	return keystoreClient
 }
 
+// ClearKeystoreClient removes the keystore HTTP client and closes its idle connections.
+func ClearKeystoreClient() {
+	keystoreMu.Lock()
+	defer keystoreMu.Unlock()
+	if keystoreClient != nil {
+		keystoreClient.CloseIdleConnections()
+	}
+	keystoreClient = nil
+	keystoreHost = ""
+}
+
 // GetKeystoreHost returns the configured keystore host.
 func GetKeystoreHost() string {
 	keystoreMu.RLock()