Merge pull request #2898 from stianst/master

KEYCLOAK-3066
2016-06-01 16:30:06 +02:00 · 2016-06-01 16:30:06 +02:00 · 93d3a0eb38
commit 93d3a0eb38
parent 2343e517c9 8fab2f0718
2 changed files with 46 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@ -86,6 +86,7 @@ import javax.ws.rs.core.UriInfo;

 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.security.cert.X509Certificate;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@ -268,6 +269,17 @@ public class RealmAdminResource {
                }
            }

+            if (!"GENERATE".equals(rep.getPublicKey()) && (rep.getCertificate() != null)) {
+                try {
+                    X509Certificate cert = PemUtils.decodeCertificate(rep.getCertificate());
+                    if (cert == null) {
+                        return ErrorResponse.error("Failed to decode certificate", Status.BAD_REQUEST);
+                    }
+                } catch (Exception e)  {
+                    return ErrorResponse.error("Failed to decode certificate", Status.BAD_REQUEST);
+                }
+            }
+
            RepresentationToModel.updateRealm(rep, realm);

            // Refresh periodic sync tasks for configured federationProviders
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@ -444,6 +444,19 @@ public class RealmTest extends AbstractAdminTest {

        Assert.assertEquals(PUBLIC_KEY, realm.toRepresentation().getPublicKey());

+        rep.setPrivateKey("{}{}{}{}{}{}324re9gvj0r");
+        rep.setPublicKey("{}{}{}{}{}{}324re9gvj0r");
+        try {
+            realm.update(rep);
+            fail("Expected BadRequestException");
+        } catch (BadRequestException e) {
+            // Expected
+            assertAdminEvents.assertEmpty();
+        }
+
+        Assert.assertEquals(PUBLIC_KEY, realm.toRepresentation().getPublicKey());
+
+        rep.setPrivateKey(privateKey2048);
        rep.setPublicKey(publicKey2048);

        realm.update(rep);
@ -478,7 +491,27 @@ public class RealmTest extends AbstractAdminTest {
        realm.update(rep);
        assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);

-        assertEquals(certificate, rep.getCertificate());
+        assertEquals(certificate, realm.toRepresentation().getCertificate());
+
+        rep.setCertificate("{}{}{}{}{}{}324re9gvj0r");
+        try {
+            realm.update(rep);
+            fail("Expected BadRequestException");
+        } catch (BadRequestException e) {
+            // Expected
+            assertAdminEvents.assertEmpty();
+        }
+
+        rep.setCertificate("invalid");
+        try {
+            realm.update(rep);
+            fail("Expected BadRequestException");
+        } catch (BadRequestException e) {
+            // Expected
+            assertAdminEvents.assertEmpty();
+        }
+
+        assertEquals(certificate, realm.toRepresentation().getCertificate());
    }

    @Test