From ed14fa3ecf8df1570a5c247860b9e6c2570731c7 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sun, 30 Jan 2022 11:33:14 -0800 Subject: [PATCH] GUACAMOLE-641: Use "KeyPair" typed field for private key only if non-empty. An SSH server record in KSM has an associated "KeyPair" field, but this field need not be set. If unset, the current logic ignores the rest of the record and assumes there is no private key at all. Instead, the standard fallbacks of locating an attached PEM file, locating an alternative password field, etc. should be used. --- .../guacamole/vault/ksm/secret/KsmRecordService.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmRecordService.java b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmRecordService.java index e2543ba1b..9528ad7d6 100644 --- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmRecordService.java +++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmRecordService.java @@ -434,8 +434,11 @@ public class KsmRecordService { // Attempt to find single matching keypair field KeyPairs keyPairsField = getField(record, KeyPairs.class, PRIVATE_KEY_LABEL_PATTERN); - if (keyPairsField != null) - return CompletableFuture.completedFuture(getSingleValue(keyPairsField.getValue(), KeyPair::getPrivateKey)); + if (keyPairsField != null) { + String privateKey = getSingleValue(keyPairsField.getValue(), KeyPair::getPrivateKey); + if (privateKey != null && !privateKey.isEmpty()) + return CompletableFuture.completedFuture(privateKey); + } // Lacking a typed keypair field, prefer a PEM-type attachment KeeperFile keyFile = getFile(record, PRIVATE_KEY_FILENAME_PATTERN);