Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1273

Internal NPE when any attribute from x509-credential-mapper in ldap-realm is missing in LDAP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.1.0.CR3
    • 1.1.0.Beta52
    • None
    • None

      When any of attribute digest-from, certificate-from, serial-number-from, subject-dn-from from x509-credential-mapper in ldap-realm includes attribute which does not occur in searched entry in LDAP then internal NPE is thrown. It is caused by missing null checks.

      Thrown exception for digest-from:

      java.lang.NullPointerException
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$DigestCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:153)
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
      	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
      	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
      	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
      	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      

      Thrown exception for certificate-from:

      java.lang.NullPointerException
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$EncodedCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:190)
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
      	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
      	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
      	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
      	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      

      Thrown exception for serial-number-from:

      java.lang.NullPointerException
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SerialNumberCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:98)
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
      	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
      	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
      	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
      	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      

      Thrown exception for subject-dn-from:

      java.lang.NullPointerException
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SubjectDnCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:125)
      	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
      	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
      	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
      	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
      	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
      	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
      	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      

              rhn-support-iweiss Ingo Weiss
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: