Merge pull request #3454 from ssilvert/keystore-error-messages
KEYCLOAK-3817: More detailed errors when loading keys from JKS
This commit is contained in:
Stian Thorgersen
GitHub
commit
db4f3561a5
3 changed files with 27 additions and 8 deletions
|
|
@ -24,11 +24,17 @@ import org.keycloak.component.ComponentModel;
|
|||
import org.keycloak.models.RealmModel;
|
||||
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.UnrecoverableKeyException;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
/**
|
||||
|
|
@ -61,8 +67,18 @@ public class JavaKeystoreKeyProvider extends AbstractRsaKeyProvider {
|
|||
String kid = KeyUtils.createKeyId(keyPair.getPublic());
|
||||
|
||||
return new Keys(kid, keyPair, certificate);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Failed to load keys", e);
|
||||
} catch (KeyStoreException kse) {
|
||||
throw new RuntimeException("KeyStore error on server. " + kse.getMessage(), kse);
|
||||
} catch (FileNotFoundException fnfe) {
|
||||
throw new RuntimeException("File not found on server. " + fnfe.getMessage(), fnfe);
|
||||
} catch (IOException ioe) {
|
||||
throw new RuntimeException("IO error on server. " + ioe.getMessage(), ioe);
|
||||
} catch (NoSuchAlgorithmException nsae) {
|
||||
throw new RuntimeException("Algorithm not available on server. " + nsae.getMessage(), nsae);
|
||||
} catch (CertificateException ce) {
|
||||
throw new RuntimeException("Certificate error on server. " + ce.getMessage(), ce);
|
||||
} catch (UnrecoverableKeyException uke) {
|
||||
throw new RuntimeException("Keystore on server can not be recovered. " + uke.getMessage(), uke);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import org.keycloak.provider.ConfigurationValidationHelper;
|
|||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
|
||||
import java.util.List;
|
||||
import org.jboss.logging.Logger;
|
||||
|
||||
import static org.keycloak.provider.ProviderConfigProperty.STRING_TYPE;
|
||||
|
||||
|
|
@ -33,6 +34,7 @@ import static org.keycloak.provider.ProviderConfigProperty.STRING_TYPE;
|
|||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class JavaKeystoreKeyProviderFactory extends AbstractRsaKeyProviderFactory {
|
||||
private static final Logger logger = Logger.getLogger(JavaKeystoreKeyProviderFactory.class);
|
||||
|
||||
public static final String ID = "java-keystore";
|
||||
|
||||
|
|
@ -76,7 +78,8 @@ public class JavaKeystoreKeyProviderFactory extends AbstractRsaKeyProviderFactor
|
|||
new JavaKeystoreKeyProvider(session.getContext().getRealm(), model)
|
||||
.loadKeys(session.getContext().getRealm(), model);
|
||||
} catch (Throwable t) {
|
||||
throw new ComponentValidationException("Failed to load keys", t);
|
||||
logger.error("Failed to load keys.", t);
|
||||
throw new ComponentValidationException("Failed to load keys. " + t.getMessage(), t);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
|
|||
rep.getConfig().putSingle("keystore", "/nosuchfile");
|
||||
|
||||
Response response = adminClient.realm("test").components().add(rep);
|
||||
assertErrror(response, "Failed to load keys");
|
||||
assertErrror(response, "Failed to load keys. File not found on server.");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -132,7 +132,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
|
|||
rep.getConfig().putSingle("keystore", "invalid");
|
||||
|
||||
Response response = adminClient.realm("test").components().add(rep);
|
||||
assertErrror(response, "Failed to load keys");
|
||||
assertErrror(response, "Failed to load keys. File not found on server.");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -141,7 +141,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
|
|||
rep.getConfig().putSingle("keyAlias", "invalid");
|
||||
|
||||
Response response = adminClient.realm("test").components().add(rep);
|
||||
assertErrror(response, "Failed to load keys");
|
||||
assertErrror(response, "Failed to load keys. Error creating X509v1Certificate.");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -150,7 +150,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
|
|||
rep.getConfig().putSingle("keyPassword", "invalid");
|
||||
|
||||
Response response = adminClient.realm("test").components().add(rep);
|
||||
assertErrror(response, "Failed to load keys");
|
||||
assertErrror(response, "Failed to load keys. Keystore on server can not be recovered.");
|
||||
}
|
||||
|
||||
protected void assertErrror(Response response, String error) {
|
||||
|
|
@ -159,7 +159,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
|
||||
assertEquals(error, errorRepresentation.getErrorMessage());
|
||||
assertTrue(errorRepresentation.getErrorMessage().startsWith(error));
|
||||
}
|
||||
|
||||
protected ComponentRepresentation createRep(String name, long priority) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue