From 94673a6eb064a5af8d85750cb062e03b9b4f2a72 Mon Sep 17 00:00:00 2001 From: skydrinker-tox <53577236+skydrinker-tox@users.noreply.github.com> Date: Thu, 3 Apr 2025 17:05:29 +0200 Subject: [PATCH] KeyUtils was warning about invalid key for valid 22 chars short ids Closes #37992 Signed-off-by: skydrinker_tox --- .../src/main/java/org/keycloak/storage/jpa/KeyUtils.java | 9 +++++---- .../test/java/org/keycloak/storage/jpa/KeyUtilsTest.java | 8 ++++++++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java index f86f9fb38d2..6db6287a2f4 100644 --- a/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java @@ -29,26 +29,27 @@ public class KeyUtils { private static final Logger LOG = Logger.getLogger(KeyUtils.class); public static final Pattern UUID_PATTERN = Pattern.compile("[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}"); + public static final Pattern SHORT_ID_PATTERN = Pattern.compile("[0-9A-Za-z_-]{22}"); public static final Pattern EXPECTED_KEY_PATTERN = Pattern.compile( UUID_PATTERN.pattern() + "|" - + "f:" + UUID_PATTERN.pattern() + ":.*" + + "f:(" + UUID_PATTERN.pattern() + "|" + SHORT_ID_PATTERN.pattern() + "):.*" + "|" + LightweightUserAdapter.ID_PREFIX + UUID_PATTERN.pattern() ); /** - * Returns {@code} true when the key is {@code null} or either a plain UUID or a key formatted as "f:[UUID]:any_string" + * Check if a string is a valid key. * @param key String representation of the key - * @return + * @return true when the key is {@code null} or either a plain UUID or a key formatted as "f:[UUID]:any_string" or "f:[SHORT_ID]:any_string" */ public static boolean isValidKey(String key) { return key == null || EXPECTED_KEY_PATTERN.matcher(key).matches(); } /** - * Logs an warning when the key is not a valid key + * Logs a warning when the key is not a valid key * @param key String representation of the key */ public static void assertValidKey(String key) throws IllegalArgumentException { diff --git a/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java b/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java index 8dce67bd2f3..c44c6d30141 100644 --- a/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java +++ b/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java @@ -18,6 +18,7 @@ package org.keycloak.storage.jpa; import java.util.UUID; import org.junit.Test; +import org.keycloak.models.utils.KeycloakModelUtils; import static org.junit.Assert.*; @@ -36,6 +37,10 @@ public class KeyUtilsTest { assertTrue(KeyUtils.isValidKey("f:" + UUID.randomUUID() + ":dsadsada")); assertTrue(KeyUtils.isValidKey("f:01234567-1234-1234-aAAa-123456789012:dsadsada")); assertTrue(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012:dsadsada")); + + assertTrue(KeyUtils.isValidKey("f:" + KeycloakModelUtils.generateShortId() + ":dsadsada")); + assertTrue(KeyUtils.isValidKey("f:22charsValidShort-uuid:dsadsada")); + assertTrue(KeyUtils.isValidKey("f:RaQXxaH_SGamVvd-6CBB2w:dsadsada")); } @Test @@ -44,10 +49,13 @@ public class KeyUtilsTest { assertFalse(KeyUtils.isValidKey("0")); assertFalse(KeyUtils.isValidKey("01234567-1234-1234-aAAg-123456789012a")); assertFalse(KeyUtils.isValidKey("z1234567-1234-1234-aAAa-123456789012")); + //short ids should only be used in federated context + assertFalse(KeyUtils.isValidKey("22charsValidShort-uuid")); assertFalse(KeyUtils.isValidKey("f:g1234567-1234-1234-aAAa-123456789012:dsadsada")); assertFalse(KeyUtils.isValidKey("g:a1234567-1234-1234-aAAa-123456789012:dsadsada")); assertFalse(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012")); + assertFalse(KeyUtils.isValidKey("f:short-Id:Invalid-Ch@rs:dsadsada")); } }