Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-328

Upload-certificate admin endpoint does not nullify private keys

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • RH-SSO-7.1.0.ER1
    • RH-SSO-7.0.0.GA
    • None
    • None

    Description

      Uploading certificate to /upload-certificate updates the certificate for client but does not nullify any previous private key.

      There should be another line in this code block:

      client.removeAttribute(privateAttribute);

      Additionally, the endpoint returns information extracted from uploaded certificate, rather than the new state of certificate - the same information received when calling GET /auth/admin/realms/

      {realm}

      /clients/

      {id}

      /certificates/

      {attr}

      , which I would intuitively expect.

      But I guess that's intentional, and should be pointed out in JavaDoc.

      Attachments

        Activity

          People

            rh_vmuzikar Václav Muzikář
            pdrozd1@redhat.com Pavel Drozd
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: