From fb47e384b136619d0968e7daebd7d65c6a85757a Mon Sep 17 00:00:00 2001 From: strehle Date: Sat, 30 Nov 2024 10:05:57 +0100 Subject: [PATCH] Fix check and add a test for it --- ...eneralIdentityZoneConfigurationValidator.java | 2 +- .../IdentityZoneConfigurationBootstrapTests.java | 16 ++++++++++++++++ .../zones/IdentityZoneEndpointsMockMvcTests.java | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java index 7d078aee14c..6f0b026834f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/GeneralIdentityZoneConfigurationValidator.java @@ -98,7 +98,7 @@ private void validateRegexStrings(List uris, String fieldName) throws In private void failIfPartialCertKeyInfo(String samlSpCert, String samlSpKey, String samlSpkeyPassphrase) throws InvalidIdentityZoneConfigurationException { if ((samlSpCert == null && samlSpKey == null && samlSpkeyPassphrase == null) || - (samlSpCert != null && samlSpKey != null && samlSpkeyPassphrase == null)) { + (samlSpCert != null && samlSpKey != null)) { return; } throw new InvalidIdentityZoneConfigurationException("Identity zone cannot be updated with partial Saml CertKey config.", null); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java index 42783edc4f1..5953a882be2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java @@ -134,6 +134,22 @@ void keyIdNullException() { assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class).isThrownBy(() -> bootstrap.afterPropertiesSet()); } + @Test + void passphraseOnlyException() { + bootstrap.setSamlSpPrivateKey(key1()); + bootstrap.setSamlSpCertificate(certificate1()); + bootstrap.setSamlSpPrivateKeyPassphrase(passphrase1()); + Map> keys = new HashMap<>(); + Map key1 = new HashMap<>(); + key1.put("passphrase", passphrase1()); + keys.put("key1", key1); + bootstrap.setActiveKeyId(null); + bootstrap.setSamlKeys(keys); + assertThatExceptionOfType(InvalidIdentityZoneDetailsException.class) + .isThrownBy(() -> bootstrap.afterPropertiesSet()) + .withMessage("The zone configuration is invalid. Identity zone cannot be updated with partial Saml CertKey config."); + } + @Test void samlKeysAndSigningConfigs() throws Exception { bootstrap.setSamlSpPrivateKey(key1()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java index c1215cde525..2185452cc65 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java @@ -781,7 +781,7 @@ void testUpdateWithPartialSamlKeyCertPair() throws Exception { samlConfig.setPrivateKey(serviceProviderKey); samlConfig.setPrivateKeyPassword(null); samlConfig.setCertificate(serviceProviderCertificate); - updateZone(created, HttpStatus.UNPROCESSABLE_ENTITY, identityClientToken); + updateZone(created, HttpStatus.OK, identityClientToken); samlConfig = created.getConfig().getSamlConfig(); samlConfig.setPrivateKey(null);