External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-09 23:12:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

KeyUtils was warning about invalid key for valid 22 chars short ids

Browse Source 
Closes #37992

Signed-off-by: skydrinker_tox <skydrinker_tox@hotmail.com>
This commit is contained in:
skydrinker-tox 2025-04-03 17:05:29 +02:00 committed by GitHub
parent 04b8f690c4
commit 94673a6eb0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java
View File

@ -29,26 +29,27 @@ public class KeyUtils {
private static final Logger LOG = Logger.getLogger(KeyUtils.class);
public static final Pattern UUID_PATTERN = Pattern.compile("[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}");
public static final Pattern SHORT_ID_PATTERN = Pattern.compile("[0-9A-Za-z_-]{22}");
public static final Pattern EXPECTED_KEY_PATTERN = Pattern.compile(
UUID_PATTERN.pattern()
+ "|"
+ "f:" + UUID_PATTERN.pattern() + ":.*"
+ "f:(" + UUID_PATTERN.pattern() + "|" + SHORT_ID_PATTERN.pattern() + "):.*"
+ "|"
+ LightweightUserAdapter.ID_PREFIX + UUID_PATTERN.pattern()
);
/**
* Returns {@code} true when the key is {@code null} or either a plain UUID or a key formatted as "f:[UUID]:any_string"
* Check if a string is a valid key.
* @param key String representation of the key
* @return
* @return true when the key is {@code null} or either a plain UUID or a key formatted as "f:[UUID]:any_string" or "f:[SHORT_ID]:any_string"
*/
public static boolean isValidKey(String key) {
return key == null || EXPECTED_KEY_PATTERN.matcher(key).matches();
}
/**
* Logs an warning when the key is not a valid key
* Logs a warning when the key is not a valid key
* @param key String representation of the key
*/
public static void assertValidKey(String key) throws IllegalArgumentException {

8
model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java
View File

@ -18,6 +18,7 @@ package org.keycloak.storage.jpa;
import java.util.UUID;
import org.junit.Test;
import org.keycloak.models.utils.KeycloakModelUtils;
import static org.junit.Assert.*;
@ -36,6 +37,10 @@ public class KeyUtilsTest {
assertTrue(KeyUtils.isValidKey("f:" + UUID.randomUUID() + ":dsadsada"));
assertTrue(KeyUtils.isValidKey("f:01234567-1234-1234-aAAa-123456789012:dsadsada"));
assertTrue(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012:dsadsada"));
assertTrue(KeyUtils.isValidKey("f:" + KeycloakModelUtils.generateShortId() + ":dsadsada"));
assertTrue(KeyUtils.isValidKey("f:22charsValidShort-uuid:dsadsada"));
assertTrue(KeyUtils.isValidKey("f:RaQXxaH_SGamVvd-6CBB2w:dsadsada"));
}
@Test
@ -44,10 +49,13 @@ public class KeyUtilsTest {
assertFalse(KeyUtils.isValidKey("0"));
assertFalse(KeyUtils.isValidKey("01234567-1234-1234-aAAg-123456789012a"));
assertFalse(KeyUtils.isValidKey("z1234567-1234-1234-aAAa-123456789012"));
//short ids should only be used in federated context
assertFalse(KeyUtils.isValidKey("22charsValidShort-uuid"));
assertFalse(KeyUtils.isValidKey("f:g1234567-1234-1234-aAAa-123456789012:dsadsada"));
assertFalse(KeyUtils.isValidKey("g:a1234567-1234-1234-aAAa-123456789012:dsadsada"));
assertFalse(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012"));
assertFalse(KeyUtils.isValidKey("f:short-Id:Invalid-Ch@rs:dsadsada"));
}
}