From e0f1b039744a47192c44a8ce98215f2922168a3e Mon Sep 17 00:00:00 2001
From: eugen-keeper <ehartmann@keepersecurity.com>
Date: Mon, 10 Feb 2025 15:27:41 +0000
Subject: [PATCH] GUACAMOLE-2030: Fix KSM static token mapping for per-user
 config.

---
 .../guacamole/vault/ksm/secret/KsmClient.java | 20 +++++++------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmClient.java b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmClient.java
index 1dbcd73a8..c9a74e59b 100644
--- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmClient.java
+++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmClient.java
@@ -651,10 +651,13 @@ public class KsmClient {
 
         }
 
-        // Unfortunately, the notation parser within the Keeper SDK throws
-        // plain Errors for retrieval failures ...
-        catch (Error e) {
-            logger.warn("Record \"{}\" does not exist.", notation);
+        // Unfortunately, the notation parser within the Keeper SDK
+        // only throws plain Errors and Exceptions.
+        // There is no way to differentiate if an error is caused by
+        // a non-existing record or a pure parse failure.
+        catch (Error | Exception e) {
+            logger.warn("Keeper notation \"{}\" could not be resolved "
+                    + "to a record: {}", notation, e.getMessage());
             logger.debug("Retrieval of record by Keeper notation failed.", e);
 
             // If the secret is not found, invoke the fallback function
@@ -663,15 +666,6 @@ public class KsmClient {
 
             return CompletableFuture.completedFuture(null);
         }
-
-        // ... and plain Exceptions for parse failures (no subclasses)
-        catch (Exception e) {
-            logger.warn("\"{}\" is not valid Keeper notation. Please check "
-                    + "the documentation at {} for valid formatting.",
-                    notation, KEEPER_NOTATION_DOC_URL);
-            logger.debug("Provided Keeper notation could not be parsed.", e);
-            return CompletableFuture.completedFuture(null);
-        }
         finally {
             cacheLock.readLock().unlock();
         }