diff --git a/scripts/cargo/uaa.yml b/scripts/cargo/uaa.yml index 3f73eb91a3b..4a6ccbe2ad7 100644 --- a/scripts/cargo/uaa.yml +++ b/scripts/cargo/uaa.yml @@ -73,7 +73,6 @@ login: N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/ -----END RSA PRIVATE KEY----- - passphrase: password certificate: | -----BEGIN CERTIFICATE----- MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO @@ -128,4 +127,4 @@ ratelimit: - name: EverythingElse global: 200r/s pathSelectors: - - "other" \ No newline at end of file + - "other" diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java index 69a03c3e8c3..6f0b026834f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java @@ -98,9 +98,9 @@ private void validateRegexStrings(List uris, String fieldName) throws In private void failIfPartialCertKeyInfo(String samlSpCert, String samlSpKey, String samlSpkeyPassphrase) throws InvalidIdentityZoneConfigurationException { if ((samlSpCert == null && samlSpKey == null && samlSpkeyPassphrase == null) || - (samlSpCert != null && samlSpKey != null && samlSpkeyPassphrase != null)) { + (samlSpCert != null && samlSpKey != null)) { return; } - throw new InvalidIdentityZoneConfigurationException("Identity zone cannot be udpated with partial Saml CertKey config.", null); + throw new InvalidIdentityZoneConfigurationException("Identity zone cannot be updated with partial Saml CertKey config.", null); } } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java index 42783edc4f1..5953a882be2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java @@ -134,6 +134,22 @@ void keyIdNullException() { assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class).isThrownBy(() -> bootstrap.afterPropertiesSet()); } + @Test + void passphraseOnlyException() { + bootstrap.setSamlSpPrivateKey(key1()); + bootstrap.setSamlSpCertificate(certificate1()); + bootstrap.setSamlSpPrivateKeyPassphrase(passphrase1()); + Map> keys = new HashMap<>(); + Map key1 = new HashMap<>(); + key1.put("passphrase", passphrase1()); + keys.put("key1", key1); + bootstrap.setActiveKeyId(null); + bootstrap.setSamlKeys(keys); + assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class) + .isThrownBy(() -> bootstrap.afterPropertiesSet()) + .withMessage("The zone configuration is invalid. Identity zone cannot be updated with partial Saml CertKey config."); + } + @Test void samlKeysAndSigningConfigs() throws Exception { bootstrap.setSamlSpPrivateKey(key1()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java index c1215cde525..2185452cc65 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java @@ -781,7 +781,7 @@ void testUpdateWithPartialSamlKeyCertPair() throws Exception { samlConfig.setPrivateKey(serviceProviderKey); samlConfig.setPrivateKeyPassword(null); samlConfig.setCertificate(serviceProviderCertificate); - updateZone(created, HttpStatus.UNPROCESSABLE_ENTITY, identityClientToken); + updateZone(created, HttpStatus.OK, identityClientToken); samlConfig = created.getConfig().getSamlConfig(); samlConfig.setPrivateKey(null);