From 494c997e21a8dc7660b5e7a01aca743aecd0655b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 27 Aug 2018 06:35:07 +0200
Subject: fix possible NullPointerException in SL2.0 authentication module

---
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  | 150 ++++++++++++---------
 1 file changed, 87 insertions(+), 63 deletions(-)

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 42783468d..a02f86376 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -61,71 +61,75 @@ public class JsonSecurityUtils implements IJOSETools{
 	protected void initalize() {
 		Logger.info("Initialize SL2.0 authentication security constrains ... ");
 		try {
-			KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-					getKeyStorePassword());
-			
-			//load signing key
-			signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray());
-			Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias());
-			signCertChain = new X509Certificate[certChainSigning.length];
-			for (int i=0; i<certChainSigning.length; i++) {
-				if (certChainSigning[i] instanceof X509Certificate) {
-					signCertChain[i] = (X509Certificate)certChainSigning[i];
-				} else
-					Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType());
+			if (getKeyStoreFilePath() != null) { 			
+				KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
+						getKeyStorePassword());
 				
-			}
-			
-			//load encryption key
-			try {
-				encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-				if (encPrivKey != null) {
-					Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
-					encCertChain = new X509Certificate[certChainEncryption.length];
-					for (int i=0; i<certChainEncryption.length; i++) {
-						if (certChainEncryption[i] instanceof X509Certificate) {
-							encCertChain[i] = (X509Certificate)certChainEncryption[i];
-						} else
-							Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType());
-					}									
-				} else
-					Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used.");
+				//load signing key
+				signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray());
+				Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias());
+				signCertChain = new X509Certificate[certChainSigning.length];
+				for (int i=0; i<certChainSigning.length; i++) {
+					if (certChainSigning[i] instanceof X509Certificate) {
+						signCertChain[i] = (X509Certificate)certChainSigning[i];
+					} else
+						Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType());
+					
+				}
 				
-			} catch (Exception e) {
-				Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e);
-		
-			}
+				//load encryption key
+				try {
+					encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
+					if (encPrivKey != null) {
+						Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
+						encCertChain = new X509Certificate[certChainEncryption.length];
+						for (int i=0; i<certChainEncryption.length; i++) {
+							if (certChainEncryption[i] instanceof X509Certificate) {
+								encCertChain[i] = (X509Certificate)certChainEncryption[i];
+							} else
+								Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType());
+						}									
+					} else
+						Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used.");
+					
+				} catch (Exception e) {
+					Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e);
 			
-			//load trusted certificates
-			Enumeration<String> aliases = keyStore.aliases();
-			while(aliases.hasMoreElements()) {
-				String el = aliases.nextElement();
-				Logger.trace("Process TrustStoreEntry: " + el);
-				if (keyStore.isCertificateEntry(el)) {
-					Certificate cert = keyStore.getCertificate(el); 
-					if (cert != null && cert instanceof X509Certificate)
-						trustedCerts.add((X509Certificate) cert);
-					else
-						Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString());
+				}
+				
+				//load trusted certificates
+				Enumeration<String> aliases = keyStore.aliases();
+				while(aliases.hasMoreElements()) {
+					String el = aliases.nextElement();
+					Logger.trace("Process TrustStoreEntry: " + el);
+					if (keyStore.isCertificateEntry(el)) {
+						Certificate cert = keyStore.getCertificate(el); 
+						if (cert != null && cert instanceof X509Certificate)
+							trustedCerts.add((X509Certificate) cert);
+						else
+							Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString());
+						
+					}
+				}
+	
+				//some short validation
+				if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
+					Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
+					throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"});
 					
 				}
-			}
-
-			//some short validation
-			if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
-				Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
-				throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"});
 				
-			}
-			
-			if (signCertChain == null || signCertChain.length == 0) {
-				Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
-				throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"});
+				if (signCertChain == null || signCertChain.length == 0) {
+					Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
+					throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"});
+					
+				}
 				
-			}
-			
-			Logger.info("SL2.0 authentication security constrains initialized.");
-			
+				Logger.info("SL2.0 authentication security constrains initialized.");
+				
+			} else
+				Logger.info("NO SL2.0 authentication security configuration. Initialization was skipped");
+							
 		} catch ( Exception e) {
 			Logger.error("SL2.0 security constrains initialization FAILED.", e);
 			
@@ -332,28 +336,48 @@ public class JsonSecurityUtils implements IJOSETools{
 	}
 	
 	private String getKeyStorePassword() {
-		return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim();
+		String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD);
+		if (value != null)
+			value = value.trim();
+		
+		return value;
 
 	}
 	
 	private String getSigningKeyAlias() {
-		return authConfig.getBasicConfiguration(
+		String value = authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim();
+		if (value != null)
+			value = value.trim();
+		
+		return value;
 	}
 	
 	private String getSigningKeyPassword() {
-		return authConfig.getBasicConfiguration(
+		String value = authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim();
+		if (value != null)
+			value = value.trim();
+		
+		return value;
 	}
 
 	private String getEncryptionKeyAlias() {
-		return authConfig.getBasicConfiguration(
+		String value = authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim();
+		if (value != null)
+			value = value.trim();
+		
+		return value;
 	}
 	
 	private String getEncryptionKeyPassword() {
-		return authConfig.getBasicConfiguration(
+		String value = authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim();
+		if (value != null)
+			value = value.trim();
+		
+		return value;
 	}
 	
 }
-- 
cgit v1.2.3