diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java index af47a13435..94aae1e4c2 100644 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentUserSessionEntity.java @@ -17,6 +17,8 @@ package org.keycloak.models.jpa.session; +import org.keycloak.storage.jpa.KeyUtils; + import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; @@ -84,6 +86,7 @@ public class PersistentUserSessionEntity { } public void setUserId(String userId) { + KeyUtils.assertValidKey(userId); this.userId = userId; } diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java new file mode 100644 index 0000000000..ac2bc2584a --- /dev/null +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/KeyUtils.java @@ -0,0 +1,56 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.storage.jpa; + +import java.util.regex.Pattern; +import org.jboss.logging.Logger; + +/** + * + * @author hmlnarik + */ +public class KeyUtils { + + private static final Logger LOG = Logger.getLogger(KeyUtils.class); + + public static final Pattern UUID_PATTERN = Pattern.compile("[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}"); + + public static final Pattern EXPECTED_KEY_PATTERN = Pattern.compile( + UUID_PATTERN.pattern() + + "|" + + "f:" + UUID_PATTERN.pattern() + ":.*" + ); + + /** + * Returns {@code} true when the key is {@code null} or either a plain UUID or a key formatted as "f:[UUID]:any_string" + * @param key String representation of the key + * @return + */ + public static boolean isValidKey(String key) { + return key == null || EXPECTED_KEY_PATTERN.matcher(key).matches(); + } + + /** + * Logs an warning when the key is not a valid key + * @param key String representation of the key + */ + public static void assertValidKey(String key) throws IllegalArgumentException { + if (! isValidKey(key)) { + LOG.warnf("The given key is not a valid key per specification, future migration might fail: %s", key); + } + } +} diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java index 24cddf42d4..a32acb668f 100755 --- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/BrokerLinkEntity.java @@ -17,6 +17,8 @@ package org.keycloak.storage.jpa.entity; +import org.keycloak.storage.jpa.KeyUtils; + import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; @@ -71,6 +73,7 @@ public class BrokerLinkEntity { } public void setUserId(String userId) { + KeyUtils.assertValidKey(userId); this.userId = userId; } diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java index c74c63029a..ebc1db06a9 100644 --- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUser.java @@ -16,6 +16,8 @@ */ package org.keycloak.storage.jpa.entity; +import org.keycloak.storage.jpa.KeyUtils; + import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.Column; @@ -58,6 +60,7 @@ public class FederatedUser { } public void setId(String id) { + KeyUtils.assertValidKey(id); this.id = id; } diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java index ffe130a46b..2cf6857c83 100755 --- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserGroupMembershipEntity.java @@ -17,6 +17,8 @@ package org.keycloak.storage.jpa.entity; +import org.keycloak.storage.jpa.KeyUtils; + import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; @@ -74,6 +76,7 @@ public class FederatedUserGroupMembershipEntity { } public void setUserId(String userId) { + KeyUtils.assertValidKey(userId); this.userId = userId; } diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java index cea6908f38..d4b48799c1 100755 --- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRequiredActionEntity.java @@ -17,6 +17,8 @@ package org.keycloak.storage.jpa.entity; +import org.keycloak.storage.jpa.KeyUtils; + import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; @@ -69,6 +71,7 @@ public class FederatedUserRequiredActionEntity { } public void setUserId(String userId) { + KeyUtils.assertValidKey(userId); this.userId = userId; } diff --git a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java index a7c4099b3d..1a2580f5bf 100755 --- a/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java +++ b/model/jpa/src/main/java/org/keycloak/storage/jpa/entity/FederatedUserRoleMappingEntity.java @@ -17,6 +17,8 @@ package org.keycloak.storage.jpa.entity; +import org.keycloak.storage.jpa.KeyUtils; + import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; @@ -64,6 +66,7 @@ public class FederatedUserRoleMappingEntity { } public void setUserId(String userId) { + KeyUtils.assertValidKey(userId); this.userId = userId; } diff --git a/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java b/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java new file mode 100644 index 0000000000..8dce67bd2f --- /dev/null +++ b/model/jpa/src/test/java/org/keycloak/storage/jpa/KeyUtilsTest.java @@ -0,0 +1,53 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.storage.jpa; + +import java.util.UUID; +import org.junit.Test; + +import static org.junit.Assert.*; + +/** + * + * @author hmlnarik + */ +public class KeyUtilsTest { + + @Test + public void testValidKeys() { + assertTrue(KeyUtils.isValidKey(UUID.randomUUID().toString())); + assertTrue(KeyUtils.isValidKey("01234567-1234-1234-aAAa-123456789012")); + assertTrue(KeyUtils.isValidKey("01234567-1234-1234-aAAf-123456789012")); + + assertTrue(KeyUtils.isValidKey("f:" + UUID.randomUUID() + ":dsadsada")); + assertTrue(KeyUtils.isValidKey("f:01234567-1234-1234-aAAa-123456789012:dsadsada")); + assertTrue(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012:dsadsada")); + } + + @Test + public void testInvalidKeys() { + assertFalse(KeyUtils.isValidKey("any string")); + assertFalse(KeyUtils.isValidKey("0")); + assertFalse(KeyUtils.isValidKey("01234567-1234-1234-aAAg-123456789012a")); + assertFalse(KeyUtils.isValidKey("z1234567-1234-1234-aAAa-123456789012")); + + assertFalse(KeyUtils.isValidKey("f:g1234567-1234-1234-aAAa-123456789012:dsadsada")); + assertFalse(KeyUtils.isValidKey("g:a1234567-1234-1234-aAAa-123456789012:dsadsada")); + assertFalse(KeyUtils.isValidKey("f:a1234567-1234-1234-aAAa-123456789012")); + } + +}