Prosoft Git

keycloak-uncached

KEYCLOAK-9123 Fix content-type check

12/18/2018 2:38:42 PM
Hynek Mlnarik

Hynek Mlnarik

Commit: 2e52093

Tree: 6ce1379

Parents: 602b720

Changes

services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java 14(+12 -2)

Details

services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java 14(+12 -2) 

diff --git a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
index 42d135f..b05b736 100755
--- a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@@ -365,6 +365,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
         }
     }
 
+    private static final MediaType APPLICATION_JWT_TYPE = MediaType.valueOf("application/jwt");
 
     protected BrokeredIdentityContext extractIdentity(AccessTokenResponse tokenResponse, String accessToken, JsonWebToken idToken) throws IOException {
         String id = idToken.getSubject();
@@ -380,11 +381,20 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
                 if (accessToken != null) {
                     SimpleHttp.Response response = executeRequest(userInfoUrl, SimpleHttp.doGet(userInfoUrl, session).header("Authorization", "Bearer " + accessToken));
                     String contentType = response.getFirstHeader(HttpHeaders.CONTENT_TYPE);
+                    MediaType contentMediaType;
+                    try {
+                        contentMediaType = MediaType.valueOf(contentType);
+                    } catch (IllegalArgumentException ex) {
+                        contentMediaType = null;
+                    }
+                    if (contentMediaType == null || contentMediaType.isWildcardSubtype() || contentMediaType.isWildcardType()) {
+                        throw new RuntimeException("Unsupported content-type [" + contentType + "] in response from [" + userInfoUrl + "].");
+                    }
                     JsonNode userInfo;
 
-                    if (MediaType.APPLICATION_JSON.equals(contentType)) {
+                    if (MediaType.APPLICATION_JSON_TYPE.isCompatible(contentMediaType)) {
                         userInfo = response.asJson();
-                    } else if ("application/jwt".equals(contentType)) {
+                    } else if (APPLICATION_JWT_TYPE.isCompatible(contentMediaType)) {
                         JWSInput jwsInput;
 
                         try {

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github