Use org.keycloak.common.util.Base64Url to encode/decode clientID

fix #15734 related #10227 #10231
2022-11-29 09:50:57 +01:00 · 2022-11-29 09:50:57 +01:00 · 4acd1afa3b
commit 4acd1afa3b
parent 993d910520
2 changed files with 24 additions and 5 deletions
--- a/server-spi-private/src/main/java/org/keycloak/broker/provider/util/IdentityBrokerState.java
+++ b/server-spi-private/src/main/java/org/keycloak/broker/provider/util/IdentityBrokerState.java
@ -20,10 +20,10 @@ package org.keycloak.broker.provider.util;
 import org.keycloak.authorization.policy.evaluation.Realm;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.RealmModel;
+import org.keycloak.common.util.Base64Url;

 import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
-import java.util.Base64;
 import java.util.UUID;
 import java.util.regex.Pattern;

@ -51,8 +51,8 @@ public class IdentityBrokerState {
                bb.putLong(clientDbUuid.getMostSignificantBits());
                bb.putLong(clientDbUuid.getLeastSignificantBits());
                byte[] clientUuidBytes = bb.array();
-                clientIdEncoded = Base64.getEncoder().encodeToString(clientUuidBytes).replace("=", "");
-            } catch (IllegalArgumentException e) {
+                clientIdEncoded = Base64Url.encode(clientUuidBytes);
+            } catch (RuntimeException e) {
                // Ignore...the clientid in the database was not in UUID format. Just use as is.
            }
        }
@ -73,7 +73,7 @@ public class IdentityBrokerState {
            try {
                // If this decoding succeeds it was the result of the encoding of a UUID client.id - if it fails we interpret it as client.clientId
                // in accordance to the method decoded above
-                byte[] decodedClientId = Base64.getDecoder().decode(clientId);
+                byte[] decodedClientId = Base64Url.decode(clientId);
                ByteBuffer bb = ByteBuffer.wrap(decodedClientId);
                long first = bb.getLong();
                long second = bb.getLong();
@ -83,7 +83,7 @@ public class IdentityBrokerState {
                if (clientModel != null) {
                    clientId = clientModel.getClientId();
                }
-            } catch (IllegalArgumentException | BufferUnderflowException e) {
+            } catch (RuntimeException e) {
                // Ignore...the clientid was not in encoded uuid format. Just use as it is.
            }
        }
--- a/server-spi-private/src/test/java/org/keycloak/broker/provider/util/IdentityBrokerStateTest.java
+++ b/server-spi-private/src/test/java/org/keycloak/broker/provider/util/IdentityBrokerStateTest.java
@ -45,6 +45,25 @@ public class IdentityBrokerStateTest {
        Assert.assertEquals("gNrGamIDGKpKSI9yOrcFzYTKoFGH779_WNCacAelkhk.vpISZLVDAc0.7UlEjBTPRx6oOgY9DcO8jA", encodedState.getEncoded());
    }

+    @Test
+    public void testDecodedWithClientIdAnActualUuidBASE64UriFriendly() {
+
+        // Given
+        String state = "gNrGamIDGKpKSI9yOrcFzYTKoFGH779_WNCacAelkhk";
+        String clientId = "c5ac1ea7-6c28-4be1-b7cd-d63a1ba57f78";
+        String clientClientId = "http://i.am.an.url";
+        String tabId = "vpISZLVDAc0";
+
+        // When
+        IdentityBrokerState encodedState = IdentityBrokerState.decoded(state, clientId, clientClientId, tabId);
+
+        // Then
+        Assert.assertNotNull(encodedState);
+        Assert.assertEquals(clientClientId, encodedState.getClientId());
+        Assert.assertEquals(tabId, encodedState.getTabId());
+        Assert.assertEquals("gNrGamIDGKpKSI9yOrcFzYTKoFGH779_WNCacAelkhk.vpISZLVDAc0.xawep2woS-G3zdY6G6V_eA", encodedState.getEncoded());
+    }
+
    @Test
    public void testEncodedWithClientIdUUid() {
        // Given