Examples with ComponentExportRepresentation - org.keycloak.representations.idm.ComponentExportRepresentation

Example 6 with ComponentExportRepresentation

use of org.keycloak.representations.idm.ComponentExportRepresentation in project keycloak by keycloak.

the class StripSecretsUtils method strip.

public static ComponentExportRepresentation strip(KeycloakSession session, String providerType, ComponentExportRepresentation rep) {
    Map<String, ProviderConfigProperty> configProperties = ComponentUtil.getComponentConfigProperties(session, providerType, rep.getProviderId());
    if (rep.getConfig() == null) {
        return rep;
    }
    Iterator<Map.Entry<String, List<String>>> itr = rep.getConfig().entrySet().iterator();
    while (itr.hasNext()) {
        Map.Entry<String, List<String>> next = itr.next();
        ProviderConfigProperty configProperty = configProperties.get(next.getKey());
        if (configProperty != null) {
            if (configProperty.isSecret()) {
                if (next.getValue() == null || next.getValue().isEmpty()) {
                    next.setValue(Collections.singletonList(ComponentRepresentation.SECRET_VALUE));
                } else {
                    next.setValue(next.getValue().stream().map(StripSecretsUtils::maskNonVaultValue).collect(Collectors.toList()));
                }
            }
        } else {
            itr.remove();
        }
    }
    MultivaluedHashMap<String, ComponentExportRepresentation> sub = rep.getSubComponents();
    for (Map.Entry<String, List<ComponentExportRepresentation>> ent : sub.entrySet()) {
        for (ComponentExportRepresentation c : ent.getValue()) {
            strip(session, ent.getKey(), c);
        }
    }
    return rep;
}

Also used : ProviderConfigProperty(org.keycloak.provider.ProviderConfigProperty) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) List(java.util.List) Map(java.util.Map) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)

Example 7 with ComponentExportRepresentation

use of org.keycloak.representations.idm.ComponentExportRepresentation in project keycloak by keycloak.

the class PartialExportTest method checkSecretsAreMasked.

private void checkSecretsAreMasked(RealmRepresentation rep) {
    // Client secret
    for (ClientRepresentation client : rep.getClients()) {
        if (Boolean.FALSE.equals(client.isPublicClient()) && Boolean.FALSE.equals(client.isBearerOnly())) {
            Assert.assertEquals("Client secret masked", ComponentRepresentation.SECRET_VALUE, client.getSecret());
        }
    }
    // IdentityProvider clientSecret
    for (IdentityProviderRepresentation idp : rep.getIdentityProviders()) {
        Assert.assertEquals("IdentityProvider clientSecret masked", ComponentRepresentation.SECRET_VALUE, idp.getConfig().get("clientSecret"));
    }
    // smtpServer password
    Assert.assertEquals("SMTP password masked", ComponentRepresentation.SECRET_VALUE, rep.getSmtpServer().get("password"));
    // components rsa KeyProvider privateKey
    MultivaluedHashMap<String, ComponentExportRepresentation> components = rep.getComponents();
    List<ComponentExportRepresentation> keys = components.get("org.keycloak.keys.KeyProvider");
    Assert.assertNotNull("Keys not null", keys);
    Assert.assertTrue("At least one key returned", keys.size() > 0);
    boolean found = false;
    for (ComponentExportRepresentation component : keys) {
        if ("rsa".equals(component.getProviderId())) {
            Assert.assertEquals("RSA KeyProvider privateKey masked", ComponentRepresentation.SECRET_VALUE, component.getConfig().getFirst("privateKey"));
            found = true;
        }
    }
    Assert.assertTrue("Found rsa private key", found);
    // components ldap UserStorageProvider bindCredential
    List<ComponentExportRepresentation> userStorage = components.get("org.keycloak.storage.UserStorageProvider");
    Assert.assertNotNull("UserStorageProvider not null", userStorage);
    Assert.assertTrue("At least one UserStorageProvider returned", userStorage.size() > 0);
    found = false;
    for (ComponentExportRepresentation component : userStorage) {
        if ("ldap".equals(component.getProviderId())) {
            Assert.assertEquals("LDAP provider bindCredential masked", ComponentRepresentation.SECRET_VALUE, component.getConfig().getFirst("bindCredential"));
            found = true;
        }
    }
    Assert.assertTrue("Found ldap bindCredential", found);
}

Also used : IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Aggregations

ComponentExportRepresentation (org.keycloak.representations.idm.ComponentExportRepresentation)7 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)6 List (java.util.List)5 Map (java.util.Map)5 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 LinkedList (java.util.LinkedList)3 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 HashSet (java.util.HashSet)2 ClientModel (org.keycloak.models.ClientModel)2 ClientScopeModel (org.keycloak.models.ClientScopeModel)2 RoleModel (org.keycloak.models.RoleModel)2 ArtifactBindingUtils.computeArtifactBindingIdentifierString (org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)2 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)2 ScopeMappingRepresentation (org.keycloak.representations.idm.ScopeMappingRepresentation)2 JsonEncoding (com.fasterxml.jackson.core.JsonEncoding)1 JsonFactory (com.fasterxml.jackson.core.JsonFactory)1 JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1