keycloak-aplcache
Changes
services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java 2(+2 -0)
Details
diff --git a/common/src/main/java/org/keycloak/common/util/PemUtils.java b/common/src/main/java/org/keycloak/common/util/PemUtils.java
index fc4e193..2057556 100755
--- a/common/src/main/java/org/keycloak/common/util/PemUtils.java
+++ b/common/src/main/java/org/keycloak/common/util/PemUtils.java
@@ -149,7 +149,7 @@ public final class PemUtils {
return Base64.decode(pem);
}
- private static String removeBeginEnd(String pem) {
+ public static String removeBeginEnd(String pem) {
pem = pem.replaceAll("-----BEGIN (.*)-----", "");
pem = pem.replaceAll("-----END (.*)----", "");
pem = pem.replaceAll("\r\n", "");
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
index a798414..8cd50c2 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
@@ -190,6 +190,8 @@ public class ClientAttributeCertificateResource {
if (keystoreFormat.equals(CERTIFICATE_PEM)) {
String pem = StreamUtil.readString(inputParts.get(0).getBody(InputStream.class, null));
+ pem = PemUtils.removeBeginEnd(pem);
+
// Validate format
KeycloakModelUtils.getCertificate(pem);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java
index c6468d6..9b24537 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/CredentialsTest.java
@@ -165,6 +165,23 @@ public class CredentialsTest extends AbstractClientTest {
cert = certRsc.getKeyInfo();
assertEquals("cert properly set", certificate2, cert.getCertificate());
assertNull("privateKey nullified", cert.getPrivateKey());
+
+ // Upload certificate with header - should be stored without header
+ form = new MultipartFormDataOutput();
+ form.addFormData("keystoreFormat", "Certificate PEM", MediaType.TEXT_PLAIN_TYPE);
+
+ String certificate2WithHeaders = "-----BEGIN CERTIFICATE-----\n" + certificate2 + "\n-----END CERTIFICATE-----";
+
+ form.addFormData("file", certificate2WithHeaders.getBytes(Charset.forName("ASCII")), MediaType.APPLICATION_OCTET_STREAM_TYPE);
+ cert = certRsc.uploadJks(form);
+ assertNotNull("cert not null", cert);
+ assertEquals("cert properly extracted", certificate2, cert.getCertificate());
+ assertNull("privateKey not included", cert.getPrivateKey());
+
+ // Get the certificate again - to make sure cert is set, and privateKey is null
+ cert = certRsc.getKeyInfo();
+ assertEquals("cert properly set", certificate2, cert.getCertificate());
+ assertNull("privateKey nullified", cert.getPrivateKey());
}
@Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
index 4a74829..48c72e9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
@@ -43,11 +43,7 @@ import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator;
import org.keycloak.common.constants.ServiceAccountConstants;
-import org.keycloak.common.util.BouncyIntegration;
-import org.keycloak.common.util.KeycloakUriBuilder;
-import org.keycloak.common.util.KeystoreUtil;
-import org.keycloak.common.util.Time;
-import org.keycloak.common.util.UriUtils;
+import org.keycloak.common.util.*;
import org.keycloak.constants.ServiceUrlConstants;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
@@ -727,6 +723,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
}
private static void assertCertificate(ClientRepresentation client, String certOld, String pem) {
+ pem = PemUtils.removeBeginEnd(pem);
final String certNew = client.getAttributes().get(JWTClientAuthenticator.CERTIFICATE_ATTR);
assertNotEquals("The old and new certificates shouldn't match", certOld, certNew);
assertEquals("Certificates don't match", pem, certNew);