Fix SAML config: convert SamlConfig toLower (#2158)

* Convert SamlConfig toLower * sonar findings * review * sorry, yes
cloudfoundry · Jan 20, 2023 · ffaf945 · ffaf945
1 parent e8b6efd
commit ffaf945
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/...in/java/org/cloudfoundry/identity/uaa/impl/config/IdentityZoneConfigurationBootstrap.java b/...in/java/org/cloudfoundry/identity/uaa/impl/config/IdentityZoneConfigurationBootstrap.java
@@ -28,6 +28,7 @@
 import java.util.Collection;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 
 import static java.util.Collections.EMPTY_MAP;
@@ -97,7 +98,7 @@ public void afterPropertiesSet() throws InvalidIdentityZoneDetailsException {
         samlKeys = ofNullable(samlKeys).orElse(EMPTY_MAP);
         for (Map.Entry<String, Map<String,String>> entry : samlKeys.entrySet()) {
             SamlKey samlKey = new SamlKey(entry.getValue().get("key"), entry.getValue().get("passphrase"), entry.getValue().get("certificate"));
-            definition.getSamlConfig().addKey(entry.getKey(), samlKey);
+            definition.getSamlConfig().addKey(ofNullable(entry.getKey()).orElseThrow(() -> new InvalidIdentityZoneDetailsException("SAML key id must not be null.", null)).toLowerCase(Locale.ROOT), samlKey);
         }
         definition.getSamlConfig().setActiveKeyId(this.activeKeyId);
 
@@ -165,7 +166,7 @@ public IdentityZoneConfigurationBootstrap setSamlKeys(Map<String, Map<String, St
     }
 
     public IdentityZoneConfigurationBootstrap setActiveKeyId(String activeKeyId) {
-        this.activeKeyId = activeKeyId;
+        this.activeKeyId = activeKeyId != null ? activeKeyId.toLowerCase(Locale.ROOT) : null;
         return this;
     }
 

diff --git a/...st/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java b/...st/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java
@@ -121,8 +121,8 @@ public void test_multiple_keys() throws InvalidIdentityZoneDetailsException {
         key1.put("key", SamlTestUtils.PROVIDER_PRIVATE_KEY);
         key1.put("passphrase", SamlTestUtils.PROVIDER_PRIVATE_KEY_PASSWORD);
         key1.put("certificate", SamlTestUtils.PROVIDER_CERTIFICATE);
-        keys.put("key1", key1);
-        bootstrap.setActiveKeyId("key1");
+        keys.put("Key1", key1);
+        bootstrap.setActiveKeyId("KEY1");
         bootstrap.setSamlKeys(keys);
         bootstrap.afterPropertiesSet();
         IdentityZone uaa = provisioning.retrieve(IdentityZone.getUaaZoneId());
@@ -139,6 +139,22 @@ public void test_multiple_keys() throws InvalidIdentityZoneDetailsException {
         assertEquals(SamlTestUtils.PROVIDER_CERTIFICATE, config.getKeys().get("key1").getCertificate());
     }
 
+    @Test
+    void test_keyId_null_exception() {
+        bootstrap.setSamlSpPrivateKey(SamlTestUtils.PROVIDER_PRIVATE_KEY);
+        bootstrap.setSamlSpCertificate(SamlTestUtils.PROVIDER_CERTIFICATE);
+        bootstrap.setSamlSpPrivateKeyPassphrase(SamlTestUtils.PROVIDER_PRIVATE_KEY_PASSWORD);
+        Map<String, Map<String, String>> keys = new HashMap<>();
+        Map<String, String> key1 = new HashMap<>();
+        key1.put("key", SamlTestUtils.PROVIDER_PRIVATE_KEY);
+        key1.put("passphrase", SamlTestUtils.PROVIDER_PRIVATE_KEY_PASSWORD);
+        key1.put("certificate", SamlTestUtils.PROVIDER_CERTIFICATE);
+        keys.put(null, key1);
+        bootstrap.setActiveKeyId(null);
+        bootstrap.setSamlKeys(keys);
+        assertThrows(InvalidIdentityZoneDetailsException.class, () -> bootstrap.afterPropertiesSet());
+    }
+
     @Test
     public void testDefaultSamlKeys() throws Exception {
         bootstrap.setSamlSpPrivateKey(SamlTestUtils.PROVIDER_PRIVATE_KEY);