keycloak-aplcache

diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
index d2d32eb..4c9e655 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@@ -42,15 +42,13 @@ import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConsta
 import org.keycloak.saml.processing.core.util.JAXPValidationUtil;
 import org.keycloak.saml.processing.core.util.XMLEncryptionUtil;
 import org.keycloak.saml.processing.core.util.XMLSignatureUtil;
+import org.keycloak.saml.processing.web.util.PostBindingUtil;
 import org.keycloak.services.ErrorPage;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.messages.Messages;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.keycloak.services.ErrorPage;
-import org.keycloak.services.managers.AuthenticationManager;
-import org.keycloak.services.messages.Messages;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.FormParam;
@@ -447,7 +445,9 @@ public class SAMLEndpoint {
         }
         @Override
         protected SAMLDocumentHolder extractResponseDocument(String response) {
-            return SAMLRequestParser.parseResponsePostBinding(response);
+            byte[] samlBytes = PostBindingUtil.base64Decode(response);
+            String xml = new String(samlBytes);
+            return SAMLRequestParser.parseResponseDocument(samlBytes);
         }
 
         @Override

diff --git a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
index 8ee918b..44f14c2 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
@@ -111,7 +111,9 @@ public final class KeycloakModelUtils {
     public static void generateRealmKeys(RealmModel realm) {
         KeyPair keyPair = null;
         try {
-            keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+            generator.initialize(2048);
+            keyPair = generator.generateKeyPair();
         } catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e);
         }
@@ -142,7 +144,9 @@ public final class KeycloakModelUtils {
         String subject = client.getClientId();
         KeyPair keyPair = null;
         try {
-            keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+            generator.initialize(2048);
+            keyPair = generator.generateKeyPair();
         } catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e);
         }

diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
index 49aed7a..1223faf 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
@@ -417,7 +417,9 @@ public class ProxyServerBuilder {
                 log.warn("Generating temporary SSL cert");
                 KeyPair keyPair = null;
                 try {
-                    keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+                    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+                    generator.initialize(2048);
+                    keyPair = generator.generateKeyPair();
                 } catch (NoSuchAlgorithmException e) {
                     throw new RuntimeException(e);
                 }

diff --git a/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java b/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java
index 5daf8e6..793f608 100755
--- a/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java
+++ b/saml/saml-core/src/main/java/org/keycloak/saml/processing/core/util/KeyStoreUtil.java
@@ -120,20 +120,6 @@ public class KeyStoreUtil {
     }
 
     /**
-     * Generate a Key Pair
-     *
-     * @param algo (RSA, DSA etc)
-     *
-     * @return
-     *
-     * @throws GeneralSecurityException
-     */
-    public static KeyPair generateKeyPair(String algo) throws GeneralSecurityException {
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo);
-        return kpg.genKeyPair();
-    }
-
-    /**
      * Get the Public Key from the keystore
      *
      * @param ks

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java
index f4cfd77..af97752 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAMLRequestParser.java
@@ -47,9 +47,12 @@ public class SAMLRequestParser {
     }
 
     public static SAMLDocumentHolder parseResponsePostBinding(String samlMessage) {
-        InputStream is;
         byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
-        is = new ByteArrayInputStream(samlBytes);
+        return parseResponseDocument(samlBytes);
+    }
+
+    public static SAMLDocumentHolder parseResponseDocument(byte[] samlBytes) {
+        InputStream is = new ByteArrayInputStream(samlBytes);
         SAML2Response response = new SAML2Response();
         try {
             response.getSAML2ObjectFromStream(is);
@@ -61,8 +64,7 @@ public class SAMLRequestParser {
     }
 
     public static SAMLDocumentHolder parseResponseRedirectBinding(String samlMessage) {
-        InputStream is;
-        is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+        InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
         SAML2Response response = new SAML2Response();
         try {
             response.getSAML2ObjectFromStream(is);

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
index b728607..fafb2e9 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
@@ -154,7 +154,7 @@ public class TokenManager {
                 throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token");
             }
             refreshToken = jws.readJsonContent(RefreshToken.class);
-        } catch (IOException e) {
+        } catch (Exception e) {
             throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token", e);
         }
         if (refreshToken.isExpired()) {

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
index b1ec4d1..16a0fbe 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
@@ -111,7 +111,9 @@ public class ClientAttributeCertificateResource {
         String subject = client.getClientId();
         KeyPair keyPair = null;
         try {
-            keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+            generator.initialize(2048);
+            keyPair = generator.generateKeyPair();
         } catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e);
         }