Merge pull request quarkusio#47668 from ayagmar/issues/47630

gsmet · web-flow · commit cf83646c3449 · 2025-05-05T15:47:26.000+02:00
Handle empty bearer token file in ClientAssertionProvider
diff --git a/extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/ClientAssertionProvider.java b/extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/ClientAssertionProvider.java
@@ -75,6 +75,11 @@ private ClientAssertion loadFromFileSystem() {
         if (Files.exists(bearerTokenPath)) {
             try {
                 String bearerToken = Files.readString(bearerTokenPath).trim();
+                if (bearerToken.isEmpty()) {
+                    LOG.error(String.format("Bearer token file at path %s is empty or contains only whitespace",
+                            bearerTokenPath));
+                    return null;
+                }
                 Long expiresAt = getExpiresAtFromExpClaim(bearerToken);
                 if (expiresAt != null) {
                     return new ClientAssertion(bearerToken, expiresAt, scheduleRefresh(expiresAt));
diff --git a/extensions/oidc-common/runtime/src/test/java/io/quarkus/oidc/common/runtime/ClientAssertionProviderTest.java b/extensions/oidc-common/runtime/src/test/java/io/quarkus/oidc/common/runtime/ClientAssertionProviderTest.java
@@ -4,6 +4,7 @@
 import static java.nio.file.StandardOpenOption.TRUNCATE_EXISTING;
 import static java.nio.file.StandardOpenOption.WRITE;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
 
 import java.io.IOException;
 import java.nio.file.Files;
@@ -40,6 +41,25 @@ public void testJwtBearerTokenRefresh() {
         }
     }
 
+    @Test
+    public void EmptyBearerTokenFileShouldReturnNullClientAssertion() {
+        Vertx vertx = Vertx.vertx();
+        Path emptyTokenPath = Path.of("target").resolve("empty-jwt-bearer-token.json");
+
+        storeNewJwtBearerToken(emptyTokenPath, "");
+        try (var clientAssertionProvider = new ClientAssertionProvider(vertx, emptyTokenPath)) {
+            assertNull(clientAssertionProvider.getClientAssertion());
+
+            String validToken = createJwtBearerToken();
+            storeNewJwtBearerToken(emptyTokenPath, validToken);
+
+            Awaitility.await().atMost(Duration.ofSeconds(10))
+                    .untilAsserted(() -> assertEquals(validToken, clientAssertionProvider.getClientAssertion()));
+        } finally {
+            vertx.close().toCompletionStage().toCompletableFuture().join();
+        }
+    }
+
     private static void storeNewJwtBearerToken(Path jwtBearerTokenPath, String jwtBearerToken) {
         try {
             Files.writeString(jwtBearerTokenPath, jwtBearerToken, TRUNCATE_EXISTING, CREATE, WRITE);
