From 494c997e21a8dc7660b5e7a01aca743aecd0655b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 27 Aug 2018 06:35:07 +0200 Subject: fix possible NullPointerException in SL2.0 authentication module --- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 150 ++++++++++++--------- 1 file changed, 87 insertions(+), 63 deletions(-) diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 42783468d..a02f86376 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -61,71 +61,75 @@ public class JsonSecurityUtils implements IJOSETools{ protected void initalize() { Logger.info("Initialize SL2.0 authentication security constrains ... "); try { - KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), - getKeyStorePassword()); - - //load signing key - signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); - Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); - signCertChain = new X509Certificate[certChainSigning.length]; - for (int i=0; i aliases = keyStore.aliases(); - while(aliases.hasMoreElements()) { - String el = aliases.nextElement(); - Logger.trace("Process TrustStoreEntry: " + el); - if (keyStore.isCertificateEntry(el)) { - Certificate cert = keyStore.getCertificate(el); - if (cert != null && cert instanceof X509Certificate) - trustedCerts.add((X509Certificate) cert); - else - Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + } + + //load trusted certificates + Enumeration aliases = keyStore.aliases(); + while(aliases.hasMoreElements()) { + String el = aliases.nextElement(); + Logger.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) + trustedCerts.add((X509Certificate) cert); + else + Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + + } + } + + //some short validation + if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { + Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"}); } - } - - //some short validation - if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { - Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"}); - } - - if (signCertChain == null || signCertChain.length == 0) { - Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"}); + if (signCertChain == null || signCertChain.length == 0) { + Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"}); + + } - } - - Logger.info("SL2.0 authentication security constrains initialized."); - + Logger.info("SL2.0 authentication security constrains initialized."); + + } else + Logger.info("NO SL2.0 authentication security configuration. Initialization was skipped"); + } catch ( Exception e) { Logger.error("SL2.0 security constrains initialization FAILED.", e); @@ -332,28 +336,48 @@ public class JsonSecurityUtils implements IJOSETools{ } private String getKeyStorePassword() { - return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); + if (value != null) + value = value.trim(); + + return value; } private String getSigningKeyAlias() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + if (value != null) + value = value.trim(); + + return value; } private String getSigningKeyPassword() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + if (value != null) + value = value.trim(); + + return value; } private String getEncryptionKeyAlias() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + if (value != null) + value = value.trim(); + + return value; } private String getEncryptionKeyPassword() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim(); + if (value != null) + value = value.trim(); + + return value; } } -- cgit v1.2.3