From 9372d23ad90a35175a2bf687baec69d79365b640 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Fri, 1 May 2015 10:11:49 -0400 Subject: [PATCH] bump default keysize to 2048 --- .../org/keycloak/broker/saml/SAMLEndpoint.java | 8 ++++---- .../keycloak/models/utils/KeycloakModelUtils.java | 8 ++++++-- .../org/keycloak/proxy/ProxyServerBuilder.java | 4 +++- .../saml/processing/core/util/KeyStoreUtil.java | 14 -------------- .../keycloak/protocol/saml/SAMLRequestParser.java | 10 ++++++---- .../admin/ClientAttributeCertificateResource.java | 4 +++- .../keycloak/testsuite/account/AccountTest.java | 2 +- 7 files changed, 23 insertions(+), 27 deletions(-) diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java index d2d32ebefe..4c9e655ff9 100755 --- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java +++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java @@ -42,15 +42,13 @@ import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConsta import org.keycloak.saml.processing.core.util.JAXPValidationUtil; import org.keycloak.saml.processing.core.util.XMLEncryptionUtil; import org.keycloak.saml.processing.core.util.XMLSignatureUtil; +import org.keycloak.saml.processing.web.util.PostBindingUtil; import org.keycloak.services.ErrorPage; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.messages.Messages; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import org.keycloak.services.ErrorPage; -import org.keycloak.services.managers.AuthenticationManager; -import org.keycloak.services.messages.Messages; import javax.ws.rs.Consumes; import javax.ws.rs.FormParam; @@ -447,7 +445,9 @@ public class SAMLEndpoint { } @Override protected SAMLDocumentHolder extractResponseDocument(String response) { - return SAMLRequestParser.parseResponsePostBinding(response); + byte[] samlBytes = PostBindingUtil.base64Decode(response); + String xml = new String(samlBytes); + return SAMLRequestParser.parseResponseDocument(samlBytes); } @Override diff --git a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java index 8ee918bd6f..44f14c22eb 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java +++ b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java @@ -111,7 +111,9 @@ public final class KeycloakModelUtils { public static void generateRealmKeys(RealmModel realm) { KeyPair keyPair = null; try { - keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + generator.initialize(2048); + keyPair = generator.generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } @@ -142,7 +144,9 @@ public final class KeycloakModelUtils { String subject = client.getClientId(); KeyPair keyPair = null; try { - keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + generator.initialize(2048); + keyPair = generator.generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java index 49aed7ac4f..1223faf245 100755 --- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java +++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java @@ -417,7 +417,9 @@ public class ProxyServerBuilder { log.warn("Generating temporary SSL cert"); KeyPair keyPair = null; try { - keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + generator.initialize(2048); + keyPair = generator.generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } diff --git a/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java b/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java index 5daf8e6986..793f608ca8 100755 --- a/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java +++ b/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java @@ -119,20 +119,6 @@ public class KeyStoreUtil { return ks; } - /** - * Generate a Key Pair - * - * @param algo (RSA, DSA etc) - * - * @return - * - * @throws GeneralSecurityException - */ - public static KeyPair generateKeyPair(String algo) throws GeneralSecurityException { - KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo); - return kpg.genKeyPair(); - } - /** * Get the Public Key from the keystore * diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java index f4cfd77ed0..af97752f94 100755 --- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java +++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java @@ -47,9 +47,12 @@ public class SAMLRequestParser { } public static SAMLDocumentHolder parseResponsePostBinding(String samlMessage) { - InputStream is; byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage); - is = new ByteArrayInputStream(samlBytes); + return parseResponseDocument(samlBytes); + } + + public static SAMLDocumentHolder parseResponseDocument(byte[] samlBytes) { + InputStream is = new ByteArrayInputStream(samlBytes); SAML2Response response = new SAML2Response(); try { response.getSAML2ObjectFromStream(is); @@ -61,8 +64,7 @@ public class SAMLRequestParser { } public static SAMLDocumentHolder parseResponseRedirectBinding(String samlMessage) { - InputStream is; - is = RedirectBindingUtil.base64DeflateDecode(samlMessage); + InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage); SAML2Response response = new SAML2Response(); try { response.getSAML2ObjectFromStream(is); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java index b1ec4d167d..16a0fbe18d 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java @@ -111,7 +111,9 @@ public class ClientAttributeCertificateResource { String subject = client.getClientId(); KeyPair keyPair = null; try { - keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + generator.initialize(2048); + keyPair = generator.generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java index b8cf2a8dba..42275e9e17 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -165,7 +165,7 @@ public class AccountTest { }); } - //@Test + @Test public void ideTesting() throws Exception { Thread.sleep(100000000); }