Fix check and add a test for it

cloudfoundry · Nov 30, 2024 · fb47e38 · fb47e38
1 parent d3548f8
commit fb47e38
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/...in/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java b/...in/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java
@@ -98,7 +98,7 @@ private void validateRegexStrings(List<String> uris, String fieldName) throws In
 
     private void failIfPartialCertKeyInfo(String samlSpCert, String samlSpKey, String samlSpkeyPassphrase) throws InvalidIdentityZoneConfigurationException {
         if ((samlSpCert == null && samlSpKey == null && samlSpkeyPassphrase == null) ||
-                (samlSpCert != null && samlSpKey != null && samlSpkeyPassphrase == null)) {
+                (samlSpCert != null && samlSpKey != null)) {
             return;
         }
         throw new InvalidIdentityZoneConfigurationException("Identity zone cannot be updated with partial Saml CertKey config.", null);

diff --git a/...st/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java b/...st/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java
@@ -134,6 +134,22 @@ void keyIdNullException() {
         assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class).isThrownBy(() -> bootstrap.afterPropertiesSet());
     }
 
+    @Test
+    void passphraseOnlyException() {
+        bootstrap.setSamlSpPrivateKey(key1());
+        bootstrap.setSamlSpCertificate(certificate1());
+        bootstrap.setSamlSpPrivateKeyPassphrase(passphrase1());
+        Map<String, Map<String, String>> keys = new HashMap<>();
+        Map<String, String> key1 = new HashMap<>();
+        key1.put("passphrase", passphrase1());
+        keys.put("key1", key1);
+        bootstrap.setActiveKeyId(null);
+        bootstrap.setSamlKeys(keys);
+        assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class)
+                .isThrownBy(() -> bootstrap.afterPropertiesSet())
+                .withMessage("The zone configuration is invalid. Identity zone cannot be updated with partial Saml CertKey config.");
+    }
+
     @Test
     void samlKeysAndSigningConfigs() throws Exception {
         bootstrap.setSamlSpPrivateKey(key1());

diff --git a/...test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/...test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java
@@ -781,7 +781,7 @@ void testUpdateWithPartialSamlKeyCertPair() throws Exception {
         samlConfig.setPrivateKey(serviceProviderKey);
         samlConfig.setPrivateKeyPassword(null);
         samlConfig.setCertificate(serviceProviderCertificate);
-        updateZone(created, HttpStatus.UNPROCESSABLE_ENTITY, identityClientToken);
+        updateZone(created, HttpStatus.OK, identityClientToken);
 
         samlConfig = created.getConfig().getSamlConfig();
         samlConfig.setPrivateKey(null);