[jboss-jira] [JBoss JIRA] (ELY-1273) Internal NPE when any attribute from x509-credential-mapper in ldap-realm is missing in LDAP
Ondrej Lukas (JIRA)
issues at jboss.org
Fri Jun 30 09:11:00 EDT 2017
Ondrej Lukas created ELY-1273:
---------------------------------
Summary: Internal NPE when any attribute from x509-credential-mapper in ldap-realm is missing in LDAP
Key: ELY-1273
URL: https://issues.jboss.org/browse/ELY-1273
Project: WildFly Elytron
Issue Type: Bug
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
When any of attribute {{digest-from}}, {{certificate-from}}, {{serial-number-from}}, {{subject-dn-from}} from {{x509-credential-mapper}} in {{ldap-realm}} includes attribute which does not occur in searched entry in LDAP then internal NPE is thrown. It is caused by missing null checks.
Thrown exception for {{digest-from}}:
{code}
java.lang.NullPointerException
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$DigestCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:153)
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
{code}
Thrown exception for {{certificate-from}}:
{code}
java.lang.NullPointerException
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$EncodedCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:190)
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
{code}
Thrown exception for {{serial-number-from}}:
{code}
java.lang.NullPointerException
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SerialNumberCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:98)
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
{code}
Thrown exception for {{subject-dn-from}}:
{code}
java.lang.NullPointerException
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SubjectDnCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:125)
at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list