keycloak-memoizeit
Merge pull request #3454 from ssilvert/keystore-error-messages KEYCLOAK-3817: …
11/8/2016 4:33:43 AM
Changes
Details
diff --git a/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProvider.java b/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProvider.java
index d7fa875..8c98bb4 100644
--- a/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProvider.java
+++ b/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProvider.java
@@ -24,11 +24,17 @@ import org.keycloak.component.ComponentModel;
import org.keycloak.models.RealmModel;
import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
@@ -61,8 +67,18 @@ public class JavaKeystoreKeyProvider extends AbstractRsaKeyProvider {
String kid = KeyUtils.createKeyId(keyPair.getPublic());
return new Keys(kid, keyPair, certificate);
- } catch (Exception e) {
- throw new RuntimeException("Failed to load keys", e);
+ } catch (KeyStoreException kse) {
+ throw new RuntimeException("KeyStore error on server. " + kse.getMessage(), kse);
+ } catch (FileNotFoundException fnfe) {
+ throw new RuntimeException("File not found on server. " + fnfe.getMessage(), fnfe);
+ } catch (IOException ioe) {
+ throw new RuntimeException("IO error on server. " + ioe.getMessage(), ioe);
+ } catch (NoSuchAlgorithmException nsae) {
+ throw new RuntimeException("Algorithm not available on server. " + nsae.getMessage(), nsae);
+ } catch (CertificateException ce) {
+ throw new RuntimeException("Certificate error on server. " + ce.getMessage(), ce);
+ } catch (UnrecoverableKeyException uke) {
+ throw new RuntimeException("Keystore on server can not be recovered. " + uke.getMessage(), uke);
}
}
diff --git a/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProviderFactory.java b/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProviderFactory.java
index 518d321..cbc003e 100644
--- a/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProviderFactory.java
+++ b/services/src/main/java/org/keycloak/keys/JavaKeystoreKeyProviderFactory.java
@@ -26,6 +26,7 @@ import org.keycloak.provider.ConfigurationValidationHelper;
import org.keycloak.provider.ProviderConfigProperty;
import java.util.List;
+import org.jboss.logging.Logger;
import static org.keycloak.provider.ProviderConfigProperty.STRING_TYPE;
@@ -33,6 +34,7 @@ import static org.keycloak.provider.ProviderConfigProperty.STRING_TYPE;
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class JavaKeystoreKeyProviderFactory extends AbstractRsaKeyProviderFactory {
+ private static final Logger logger = Logger.getLogger(JavaKeystoreKeyProviderFactory.class);
public static final String ID = "java-keystore";
@@ -76,7 +78,8 @@ public class JavaKeystoreKeyProviderFactory extends AbstractRsaKeyProviderFactor
new JavaKeystoreKeyProvider(session.getContext().getRealm(), model)
.loadKeys(session.getContext().getRealm(), model);
} catch (Throwable t) {
- throw new ComponentValidationException("Failed to load keys", t);
+ logger.error("Failed to load keys.", t);
+ throw new ComponentValidationException("Failed to load keys. " + t.getMessage(), t);
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
index cac8a27..5c54213 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
@@ -123,7 +123,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
rep.getConfig().putSingle("keystore", "/nosuchfile");
Response response = adminClient.realm("test").components().add(rep);
- assertErrror(response, "Failed to load keys");
+ assertErrror(response, "Failed to load keys. File not found on server.");
}
@Test
@@ -132,7 +132,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
rep.getConfig().putSingle("keystore", "invalid");
Response response = adminClient.realm("test").components().add(rep);
- assertErrror(response, "Failed to load keys");
+ assertErrror(response, "Failed to load keys. File not found on server.");
}
@Test
@@ -141,7 +141,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
rep.getConfig().putSingle("keyAlias", "invalid");
Response response = adminClient.realm("test").components().add(rep);
- assertErrror(response, "Failed to load keys");
+ assertErrror(response, "Failed to load keys. Error creating X509v1Certificate.");
}
@Test
@@ -150,7 +150,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
rep.getConfig().putSingle("keyPassword", "invalid");
Response response = adminClient.realm("test").components().add(rep);
- assertErrror(response, "Failed to load keys");
+ assertErrror(response, "Failed to load keys. Keystore on server can not be recovered.");
}
protected void assertErrror(Response response, String error) {
@@ -159,7 +159,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
}
ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
- assertEquals(error, errorRepresentation.getErrorMessage());
+ assertTrue(errorRepresentation.getErrorMessage().startsWith(error));
}
protected ComponentRepresentation createRep(String name, long priority) {