[jboss-jira] [JBoss JIRA] (ELY-1273) Internal NPE when any attribute from x509-credential-mapper in ldap-realm is missing in LDAP
Ondrej Lukas (JIRA)
issues at jboss.org
Fri Jun 30 09:11:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated ELY-1273:
------------------------------
Affects Version/s: 1.1.0.Beta52
> Internal NPE when any attribute from x509-credential-mapper in ldap-realm is missing in LDAP
> --------------------------------------------------------------------------------------------
>
> Key: ELY-1273
> URL: https://issues.jboss.org/browse/ELY-1273
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta52
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Critical
>
> When any of attribute {{digest-from}}, {{certificate-from}}, {{serial-number-from}}, {{subject-dn-from}} from {{x509-credential-mapper}} in {{ldap-realm}} includes attribute which does not occur in searched entry in LDAP then internal NPE is thrown. It is caused by missing null checks.
> Thrown exception for {{digest-from}}:
> {code}
> java.lang.NullPointerException
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$DigestCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:153)
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
> at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
> at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
> at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
> at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> Thrown exception for {{certificate-from}}:
> {code}
> java.lang.NullPointerException
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$EncodedCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:190)
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
> at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
> at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
> at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
> at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> Thrown exception for {{serial-number-from}}:
> {code}
> java.lang.NullPointerException
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SerialNumberCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:98)
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
> at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
> at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
> at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
> at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> Thrown exception for {{subject-dn-from}}:
> {code}
> java.lang.NullPointerException
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SubjectDnCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:125)
> at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
> at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
> at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
> at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
> at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
> at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
> at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
> at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list