KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
This commit is contained in:
parent
bd3840c606
commit
2cd03569d6
18 changed files with 90 additions and 68 deletions
|
@ -286,11 +286,11 @@ public class KcinitDriver {
|
||||||
|
|
||||||
protected byte[] readFileRaw(File fp) throws IOException {
|
protected byte[] readFileRaw(File fp) throws IOException {
|
||||||
if (!fp.exists()) return null;
|
if (!fp.exists()) return null;
|
||||||
FileInputStream fis = new FileInputStream(fp);
|
try (FileInputStream fis = new FileInputStream(fp)) {
|
||||||
byte[] data = new byte[(int) fp.length()];
|
byte[] data = new byte[(int) fp.length()];
|
||||||
fis.read(data);
|
fis.read(data);
|
||||||
fis.close();
|
return data;
|
||||||
return data;
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void writeFile(File fp, String payload) {
|
protected void writeFile(File fp, String payload) {
|
||||||
|
|
|
@ -113,8 +113,8 @@ public class PropertiesBasedRoleMapper implements RoleMappingsProvider {
|
||||||
if (path != null) {
|
if (path != null) {
|
||||||
File file = new File(path);
|
File file = new File(path);
|
||||||
if (file.exists()) {
|
if (file.exists()) {
|
||||||
try {
|
try (FileInputStream is = new FileInputStream(file)){
|
||||||
this.roleMappings.load(new FileInputStream(file));
|
this.roleMappings.load(is);
|
||||||
logger.debugf("Successfully loaded role mappings from %s", path);
|
logger.debugf("Successfully loaded role mappings from %s", path);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.debugv(e, "Unable to load role mappings from %s", path);
|
logger.debugv(e, "Unable to load role mappings from %s", path);
|
||||||
|
|
|
@ -284,7 +284,7 @@ public class DeploymentBuilder {
|
||||||
} catch (KeyStoreException e) {
|
} catch (KeyStoreException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
InputStream is = null;
|
InputStream is;
|
||||||
if (key.getKeystore().getFile() != null) {
|
if (key.getKeystore().getFile() != null) {
|
||||||
File fp = new File(key.getKeystore().getFile());
|
File fp = new File(key.getKeystore().getFile());
|
||||||
if (!fp.exists()) {
|
if (!fp.exists()) {
|
||||||
|
@ -301,8 +301,8 @@ public class DeploymentBuilder {
|
||||||
throw new RuntimeException("KeyStore " + key.getKeystore().getResource() + " does not exist");
|
throw new RuntimeException("KeyStore " + key.getKeystore().getResource() + " does not exist");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
try {
|
try (InputStream stream = is) {
|
||||||
keyStore.load(is, key.getKeystore().getPassword().toCharArray());
|
keyStore.load(stream, key.getKeystore().getPassword().toCharArray());
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
|
|
|
@ -207,7 +207,9 @@ public class Profile {
|
||||||
if (jbossServerConfigDir != null) {
|
if (jbossServerConfigDir != null) {
|
||||||
File file = new File(jbossServerConfigDir, "profile.properties");
|
File file = new File(jbossServerConfigDir, "profile.properties");
|
||||||
if (file.isFile()) {
|
if (file.isFile()) {
|
||||||
properties.load(new FileInputStream(file));
|
try (FileInputStream is = new FileInputStream(file)) {
|
||||||
|
properties.load(is);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
|
|
@ -58,8 +58,9 @@ public class KeystoreUtil {
|
||||||
} else {
|
} else {
|
||||||
trustStream = new FileInputStream(new File(filename));
|
trustStream = new FileInputStream(new File(filename));
|
||||||
}
|
}
|
||||||
trustStore.load(trustStream, password.toCharArray());
|
try (InputStream is = trustStream) {
|
||||||
trustStream.close();
|
trustStore.load(is, password.toCharArray());
|
||||||
|
}
|
||||||
return trustStore;
|
return trustStore;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -202,7 +202,9 @@ public class Debug {
|
||||||
*/
|
*/
|
||||||
public static void loadConfig(File f) throws IOException {
|
public static void loadConfig(File f) throws IOException {
|
||||||
prop = new Properties();
|
prop = new Properties();
|
||||||
prop.load(new FileInputStream(f));
|
try (FileInputStream is = new FileInputStream((f))) {
|
||||||
|
prop.load(is);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -242,21 +242,21 @@ public class DBusConnection extends AbstractConnection {
|
||||||
if (null == display) throw new DBusException(getString("cannotResolveSessionBusAddress"));
|
if (null == display) throw new DBusException(getString("cannotResolveSessionBusAddress"));
|
||||||
File uuidfile = new File("/var/lib/dbus/machine-id");
|
File uuidfile = new File("/var/lib/dbus/machine-id");
|
||||||
if (!uuidfile.exists()) throw new DBusException(getString("cannotResolveSessionBusAddress"));
|
if (!uuidfile.exists()) throw new DBusException(getString("cannotResolveSessionBusAddress"));
|
||||||
try {
|
try (BufferedReader r = new BufferedReader(new FileReader(uuidfile))) {
|
||||||
BufferedReader r = new BufferedReader(new FileReader(uuidfile));
|
|
||||||
String uuid = r.readLine();
|
String uuid = r.readLine();
|
||||||
String homedir = System.getProperty("user.home");
|
String homedir = System.getProperty("user.home");
|
||||||
File addressfile = new File(homedir + "/.dbus/session-bus",
|
File addressfile = new File(homedir + "/.dbus/session-bus",
|
||||||
uuid + "-" + display.replaceAll(":([0-9]*)\\..*", "$1"));
|
uuid + "-" + display.replaceAll(":([0-9]*)\\..*", "$1"));
|
||||||
if (!addressfile.exists())
|
if (!addressfile.exists())
|
||||||
throw new DBusException(getString("cannotResolveSessionBusAddress"));
|
throw new DBusException(getString("cannotResolveSessionBusAddress"));
|
||||||
r = new BufferedReader(new FileReader(addressfile));
|
try (BufferedReader r2 = new BufferedReader(new FileReader(addressfile))) {
|
||||||
String l;
|
String l;
|
||||||
while (null != (l = r.readLine())) {
|
while (null != (l = r2.readLine())) {
|
||||||
if (Debug.debug) Debug.print(Debug.VERBOSE, "Reading D-Bus session data: " + l);
|
if (Debug.debug) Debug.print(Debug.VERBOSE, "Reading D-Bus session data: " + l);
|
||||||
if (l.matches("DBUS_SESSION_BUS_ADDRESS.*")) {
|
if (l.matches("DBUS_SESSION_BUS_ADDRESS.*")) {
|
||||||
s = l.replaceAll("^[^=]*=", "");
|
s = l.replaceAll("^[^=]*=", "");
|
||||||
if (Debug.debug) Debug.print(Debug.VERBOSE, "Parsing " + l + " to " + s);
|
if (Debug.debug) Debug.print(Debug.VERBOSE, "Parsing " + l + " to " + s);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (null == s || "".equals(s))
|
if (null == s || "".equals(s))
|
||||||
|
|
|
@ -232,7 +232,9 @@ public class FluentTestsHelper {
|
||||||
* @see #importTestRealm(InputStream)
|
* @see #importTestRealm(InputStream)
|
||||||
*/
|
*/
|
||||||
public FluentTestsHelper importTestRealm(String realmJsonPath) throws IOException {
|
public FluentTestsHelper importTestRealm(String realmJsonPath) throws IOException {
|
||||||
return importTestRealm(FluentTestsHelper.class.getResourceAsStream(realmJsonPath));
|
try (InputStream fis = FluentTestsHelper.class.getResourceAsStream(realmJsonPath)) {
|
||||||
|
return importTestRealm(fis);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -158,20 +158,20 @@ public class TestsHelper {
|
||||||
public static boolean importTestRealm(String username, String password, String realmJsonPath) throws IOException {
|
public static boolean importTestRealm(String username, String password, String realmJsonPath) throws IOException {
|
||||||
|
|
||||||
ObjectMapper mapper = new ObjectMapper();
|
ObjectMapper mapper = new ObjectMapper();
|
||||||
ClassLoader classLoader = TestsHelper.class.getClassLoader();
|
try (InputStream stream = TestsHelper.class.getResourceAsStream(realmJsonPath)) {
|
||||||
InputStream stream = TestsHelper.class.getResourceAsStream(realmJsonPath);
|
RealmRepresentation realmRepresentation = mapper.readValue(stream, RealmRepresentation.class);
|
||||||
RealmRepresentation realmRepresentation = mapper.readValue(stream, RealmRepresentation.class);
|
|
||||||
|
|
||||||
Keycloak keycloak = Keycloak.getInstance(
|
Keycloak keycloak = Keycloak.getInstance(
|
||||||
keycloakBaseUrl,
|
keycloakBaseUrl,
|
||||||
"master",
|
"master",
|
||||||
username,
|
username,
|
||||||
password,
|
password,
|
||||||
"admin-cli");
|
"admin-cli");
|
||||||
keycloak.realms().create(realmRepresentation);
|
keycloak.realms().create(realmRepresentation);
|
||||||
testRealm = realmRepresentation.getRealm();
|
testRealm = realmRepresentation.getRealm();
|
||||||
generateInitialAccessToken(keycloak);
|
generateInitialAccessToken(keycloak);
|
||||||
return true;
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -345,17 +345,18 @@ public class SimpleHttp {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
InputStreamReader reader = charset == null ? new InputStreamReader(is) :
|
try (InputStreamReader reader = charset == null ? new InputStreamReader(is) :
|
||||||
new InputStreamReader(is, charset);
|
new InputStreamReader(is, charset)) {
|
||||||
|
|
||||||
StringWriter writer = new StringWriter();
|
StringWriter writer = new StringWriter();
|
||||||
|
|
||||||
char[] buffer = new char[1024 * 4];
|
char[] buffer = new char[1024 * 4];
|
||||||
for (int n = reader.read(buffer); n != -1; n = reader.read(buffer)) {
|
for (int n = reader.read(buffer); n != -1; n = reader.read(buffer)) {
|
||||||
writer.write(buffer, 0, n);
|
writer.write(buffer, 0, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
responseString = writer.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
responseString = writer.toString();
|
|
||||||
} finally {
|
} finally {
|
||||||
if (is != null) {
|
if (is != null) {
|
||||||
is.close();
|
is.close();
|
||||||
|
|
|
@ -339,8 +339,10 @@ public class CertificateValidator {
|
||||||
if (!f.canRead()) {
|
if (!f.canRead()) {
|
||||||
throw new IOException(String.format("Unable to read CRL from \"%s\"", f.getAbsolutePath()));
|
throw new IOException(String.format("Unable to read CRL from \"%s\"", f.getAbsolutePath()));
|
||||||
}
|
}
|
||||||
X509CRL crl = loadFromStream(cf, new FileInputStream(f.getAbsolutePath()));
|
try (FileInputStream is = new FileInputStream(f.getAbsolutePath())) {
|
||||||
return Collections.singleton(crl);
|
X509CRL crl = loadFromStream(cf, is);
|
||||||
|
return Collections.singleton(crl);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,8 +74,9 @@ public class DirExportProvider extends MultipleStepsExportProvider {
|
||||||
@Override
|
@Override
|
||||||
public void writeRealm(String fileName, RealmRepresentation rep) throws IOException {
|
public void writeRealm(String fileName, RealmRepresentation rep) throws IOException {
|
||||||
File file = new File(this.rootDirectory, fileName);
|
File file = new File(this.rootDirectory, fileName);
|
||||||
FileOutputStream stream = new FileOutputStream(file);
|
try (FileOutputStream is = new FileOutputStream(file)) {
|
||||||
JsonSerialization.prettyMapper.writeValue(stream, rep);
|
JsonSerialization.prettyMapper.writeValue(is, rep);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -23,6 +23,7 @@ import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.crypto.KeyWrapper;
|
import org.keycloak.crypto.KeyWrapper;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -47,9 +48,9 @@ public class JavaKeystoreKeyProvider extends AbstractRsaKeyProvider {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected KeyWrapper loadKey(RealmModel realm, ComponentModel model) {
|
protected KeyWrapper loadKey(RealmModel realm, ComponentModel model) {
|
||||||
try {
|
try (FileInputStream is = new FileInputStream(model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_KEY))) {
|
||||||
KeyStore keyStore = KeyStore.getInstance("JKS");
|
KeyStore keyStore = KeyStore.getInstance("JKS");
|
||||||
keyStore.load(new FileInputStream(model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_KEY)), model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_PASSWORD_KEY).toCharArray());
|
keyStore.load(is, model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_PASSWORD_KEY).toCharArray());
|
||||||
|
|
||||||
PrivateKey privateKey = (PrivateKey) keyStore.getKey(model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY), model.get(JavaKeystoreKeyProviderFactory.KEY_PASSWORD_KEY).toCharArray());
|
PrivateKey privateKey = (PrivateKey) keyStore.getKey(model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY), model.get(JavaKeystoreKeyProviderFactory.KEY_PASSWORD_KEY).toCharArray());
|
||||||
PublicKey publicKey = KeyUtils.extractPublicKey(privateKey);
|
PublicKey publicKey = KeyUtils.extractPublicKey(privateKey);
|
||||||
|
|
|
@ -106,9 +106,11 @@ public class DockerComposeYamlInstallationProvider implements ClientInstallation
|
||||||
|
|
||||||
// Write README to .zip
|
// Write README to .zip
|
||||||
zipOutput.putNextEntry(new ZipEntry(ROOT_DIR + "README.md"));
|
zipOutput.putNextEntry(new ZipEntry(ROOT_DIR + "README.md"));
|
||||||
final String readmeContent = new BufferedReader(new InputStreamReader(DockerComposeYamlInstallationProvider.class.getResourceAsStream("/DockerComposeYamlReadme.md"))).lines().collect(Collectors.joining("\n"));
|
try (BufferedReader br = new BufferedReader(new InputStreamReader(DockerComposeYamlInstallationProvider.class.getResourceAsStream("/DockerComposeYamlReadme.md")))) {
|
||||||
zipOutput.write(readmeContent.getBytes());
|
final String readmeContent = br.lines().collect(Collectors.joining("\n"));
|
||||||
zipOutput.closeEntry();
|
zipOutput.write(readmeContent.getBytes());
|
||||||
|
zipOutput.closeEntry();
|
||||||
|
}
|
||||||
|
|
||||||
zipOutput.close();
|
zipOutput.close();
|
||||||
byteStream.close();
|
byteStream.close();
|
||||||
|
|
|
@ -56,15 +56,16 @@ public class TestJavascriptResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
private String resourceToString(String path) throws IOException {
|
private String resourceToString(String path) throws IOException {
|
||||||
InputStream is = TestingResourceProvider.class.getResourceAsStream(path);
|
try (InputStream is = TestingResourceProvider.class.getResourceAsStream(path);
|
||||||
BufferedReader buf = new BufferedReader(new InputStreamReader(is));
|
BufferedReader buf = new BufferedReader(new InputStreamReader(is))) {
|
||||||
String line = buf.readLine();
|
String line = buf.readLine();
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
while (line != null) {
|
while (line != null) {
|
||||||
sb.append(line).append("\n");
|
sb.append(line).append("\n");
|
||||||
line = buf.readLine();
|
line = buf.readLine();
|
||||||
}
|
}
|
||||||
|
|
||||||
return sb.toString().replace("${js-adapter.auth-server-url}", getAuthServerContextRoot() + "/auth");
|
return sb.toString().replace("${js-adapter.auth-server-url}", getAuthServerContextRoot() + "/auth");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -64,8 +64,9 @@ public class TextFileChecker {
|
||||||
try (InputStream in = Files.newInputStream(path)) {
|
try (InputStream in = Files.newInputStream(path)) {
|
||||||
Long lastCheckedPosition = lastCheckedPositions.computeIfAbsent(path, p -> 0L);
|
Long lastCheckedPosition = lastCheckedPositions.computeIfAbsent(path, p -> 0L);
|
||||||
in.skip(lastCheckedPosition);
|
in.skip(lastCheckedPosition);
|
||||||
BufferedReader b = new BufferedReader(new InputStreamReader(in));
|
try (BufferedReader b = new BufferedReader(new InputStreamReader(in))) {
|
||||||
lineChecker.accept(b.lines());
|
lineChecker.accept(b.lines());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,7 +36,9 @@ public class TLSUtils {
|
||||||
}
|
}
|
||||||
|
|
||||||
KeyStore keystore = KeyStore.getInstance("jks");
|
KeyStore keystore = KeyStore.getInstance("jks");
|
||||||
keystore.load(new FileInputStream(keystorePath), "secret".toCharArray());
|
try (FileInputStream is = new FileInputStream(keystorePath)) {
|
||||||
|
keystore.load(is, "secret".toCharArray());
|
||||||
|
}
|
||||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||||
keyManagerFactory.init(keystore, "secret".toCharArray());
|
keyManagerFactory.init(keystore, "secret".toCharArray());
|
||||||
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
|
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
|
||||||
|
@ -49,7 +51,9 @@ public class TLSUtils {
|
||||||
// Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert.
|
// Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert.
|
||||||
// However it will challenge him to send it.
|
// However it will challenge him to send it.
|
||||||
KeyStore truststore = KeyStore.getInstance("jks");
|
KeyStore truststore = KeyStore.getInstance("jks");
|
||||||
truststore.load(new FileInputStream(truststorePath), "secret".toCharArray());
|
try (FileInputStream is = new FileInputStream(truststorePath)) {
|
||||||
|
truststore.load(is, "secret".toCharArray());
|
||||||
|
}
|
||||||
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||||
trustManagerFactory.init(truststore);
|
trustManagerFactory.init(truststore);
|
||||||
TrustManager[] trustManagers = new TrustManager[trustManagerFactory.getTrustManagers().length + 1];
|
TrustManager[] trustManagers = new TrustManager[trustManagerFactory.getTrustManagers().length + 1];
|
||||||
|
|
|
@ -137,7 +137,9 @@ public class KeycloakServer {
|
||||||
File f = new File(System.getProperty("user.home"), ".keycloak-server.properties");
|
File f = new File(System.getProperty("user.home"), ".keycloak-server.properties");
|
||||||
if (f.isFile()) {
|
if (f.isFile()) {
|
||||||
Properties p = new Properties();
|
Properties p = new Properties();
|
||||||
p.load(new FileInputStream(f));
|
try (FileInputStream is = new FileInputStream(f)) {
|
||||||
|
p.load(is);
|
||||||
|
}
|
||||||
System.getProperties().putAll(p);
|
System.getProperties().putAll(p);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue