External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Do not regenerate the secret key when the size is not explicitly passed

Browse Source 
Closes #42405

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 605b51905ca9d991e1656ab875fec22840289761)
This commit is contained in:
rmartinc 2025-09-12 17:24:26 +02:00 committed by Marek Posolda
parent 19da322d88
commit afec535e61
2 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
services/src/main/java/org/keycloak/keys/AbstractGeneratedSecretKeyProviderFactory.java
View File

@ -37,16 +37,18 @@ public abstract class AbstractGeneratedSecretKeyProviderFactory<T extends KeyPro
ConfigurationValidationHelper validation = SecretKeyProviderUtils.validateConfiguration(model);
validation.checkList(Attributes.SECRET_SIZE_PROPERTY, false);
int size = model.get(Attributes.SECRET_SIZE_KEY, getDefaultKeySize());
if (!(model.contains(Attributes.SECRET_KEY))) {
int size = model.get(Attributes.SECRET_SIZE_KEY, getDefaultKeySize());
generateSecret(model, size);
logger().debugv("Generated secret for {0}", realm.getName());
} else {
int currentSize = Base64Url.decode(model.get(Attributes.SECRET_KEY)).length;
int size = model.get(Attributes.SECRET_SIZE_KEY, currentSize);
if (currentSize != size) {
generateSecret(model, size);
logger().debugv("Secret size changed, generating new secret for {0}", realm.getName());
} else if (model.get(Attributes.SECRET_SIZE_KEY) == null && currentSize != getDefaultKeySize()) {
model.put(Attributes.SECRET_SIZE_KEY, currentSize);
}
}
}

26
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
View File

@ -141,19 +141,31 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
rep.setConfig(new MultivaluedHashMap<>());
rep.getConfig().putSingle("priority", Long.toString(priority));
Response response = adminClient.realm("test").components().add(rep);
String id = ApiUtil.getCreatedId(response);
response.close();
try (Response response = adminClient.realm("test").components().add(rep)) {
rep.setId(ApiUtil.getCreatedId(response));
}
ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(rep.getId()));
assertEquals(GeneratedHmacKeyProviderFactory.DEFAULT_HMAC_KEY_SIZE, Base64Url.decode(component.getConfig().getFirst("secret")).length);
ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
ComponentRepresentation createdRep = adminClient.realm("test").components().component(rep.getId()).toRepresentation();
createdRep.getConfig().putSingle("secretSize", "512");
adminClient.realm("test").components().component(id).update(createdRep);
adminClient.realm("test").components().component(rep.getId()).update(createdRep);
component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
component = testingClient.server("test").fetch(RunHelpers.internalComponent(rep.getId()));
assertEquals(512, Base64Url.decode(component.getConfig().getFirst("secret")).length);
component = testingClient.server("test").fetch(RunHelpers.internalComponent(rep.getId()));
String secret = component.getConfig().getFirst("secret");
createdRep = adminClient.realm("test").components().component(rep.getId()).toRepresentation();
createdRep.getConfig().putSingle("secretSize", "");
adminClient.realm("test").components().component(rep.getId()).update(createdRep);
component = testingClient.server("test").fetch(RunHelpers.internalComponent(rep.getId()));
assertEquals("512", component.getConfig().getFirst("secretSize"));
assertEquals(512, Base64Url.decode(component.getConfig().getFirst("secret")).length);
component = testingClient.server("test").fetch(RunHelpers.internalComponent(rep.getId()));
assertEquals(secret, component.getConfig().getFirst("secret"));
}
@Test