libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt

Browse source 
- do not swallow exception when decoding salt
This commit is contained in:
Peter Skopek 2020-01-15 12:38:12 +01:00 committed by Stian Thorgersen
parent f0d95da52d
commit b8a8f88764
1 changed files with 9 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
server-spi/src/main/java/org/keycloak/models/credential/dto/PasswordSecretData.java
View file

@ -15,8 +15,15 @@ public class PasswordSecretData {
private final byte[] salt; private final byte[] salt;
@JsonCreator @JsonCreator
public PasswordSecretData(@JsonProperty("value") String value, @JsonProperty("salt") String salt) { public PasswordSecretData(@JsonProperty("value") String value, @JsonProperty("salt") String salt) throws IOException {
this(value, decodeSalt(salt)); if ("__SALT__".equals(salt)) {
this.value = value;
this.salt = null;
}
else {
this.value = value;
this.salt = Base64.decode(salt);
}
} }
public PasswordSecretData(String value, byte[] salt) { public PasswordSecretData(String value, byte[] salt) {
@ -24,17 +31,6 @@ public class PasswordSecretData {
this.salt = salt; this.salt = salt;
} }
private static byte[] decodeSalt(String salt) {
try {
return Base64.decode(salt);
} catch (IOException ioe) {
// Could happen under some corner cases that value is still placeholder value "__SALT__" . For example when importing JSON from
// previous version and using custom hash provider without salt support.
logger.tracef("Can't base64 decode the salt %s . Fallback to null salt", salt);
return null;
}
}
public String getValue() { public String getValue() {
return value; return value;
} }