Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SAML keypair without a passphrase #3172

Merged
merged 3 commits into from
Dec 2, 2024
Merged

Support SAML keypair without a passphrase #3172

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d3548f8
Support SAML keypair without a password
strehle Nov 29, 2024
fb47e38
Fix check and add a test for it
strehle Nov 30, 2024
d723265
Update uaa.yml
strehle Dec 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ...in/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,9 @@ private void validateRegexStrings(List<String> uris, String fieldName) throws In

private void failIfPartialCertKeyInfo(String samlSpCert, String samlSpKey, String samlSpkeyPassphrase) throws InvalidIdentityZoneConfigurationException {
if ((samlSpCert == null && samlSpKey == null && samlSpkeyPassphrase == null) ||
(samlSpCert != null && samlSpKey != null && samlSpkeyPassphrase != null)) {
(samlSpCert != null && samlSpKey != null)) {
return;
}
throw new InvalidIdentityZoneConfigurationException("Identity zone cannot be udpated with partial Saml CertKey config.", null);
throw new InvalidIdentityZoneConfigurationException("Identity zone cannot be updated with partial Saml CertKey config.", null);
}
}
16 changes: 16 additions & 0 deletions ...st/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,22 @@ void keyIdNullException() {
assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class).isThrownBy(() -> bootstrap.afterPropertiesSet());
}

@Test
void passphraseOnlyException() {
bootstrap.setSamlSpPrivateKey(key1());
bootstrap.setSamlSpCertificate(certificate1());
bootstrap.setSamlSpPrivateKeyPassphrase(passphrase1());
Map<String, Map<String, String>> keys = new HashMap<>();
Map<String, String> key1 = new HashMap<>();
key1.put("passphrase", passphrase1());
keys.put("key1", key1);
bootstrap.setActiveKeyId(null);
bootstrap.setSamlKeys(keys);
assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class)
.isThrownBy(() -> bootstrap.afterPropertiesSet())
.withMessage("The zone configuration is invalid. Identity zone cannot be updated with partial Saml CertKey config.");
}

@Test
void samlKeysAndSigningConfigs() throws Exception {
bootstrap.setSamlSpPrivateKey(key1());
Expand Down
2 changes: 1 addition & 1 deletion ...test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -781,7 +781,7 @@ void testUpdateWithPartialSamlKeyCertPair() throws Exception {
samlConfig.setPrivateKey(serviceProviderKey);
samlConfig.setPrivateKeyPassword(null);
samlConfig.setCertificate(serviceProviderCertificate);
updateZone(created, HttpStatus.UNPROCESSABLE_ENTITY, identityClientToken);
updateZone(created, HttpStatus.OK, identityClientToken);

samlConfig = created.getConfig().getSamlConfig();
samlConfig.setPrivateKey(null);
Expand Down
Loading