-
Bug
-
Resolution: Done
-
Critical
-
1.1.0.Beta52
-
None
-
None
When any of attribute digest-from, certificate-from, serial-number-from, subject-dn-from from x509-credential-mapper in ldap-realm includes attribute which does not occur in searched entry in LDAP then internal NPE is thrown. It is caused by missing null checks.
Thrown exception for digest-from:
java.lang.NullPointerException at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$DigestCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:153) at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225) at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937) at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730) at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121) at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72) at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
Thrown exception for certificate-from:
java.lang.NullPointerException at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$EncodedCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:190) at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225) at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937) at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730) at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121) at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72) at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
Thrown exception for serial-number-from:
java.lang.NullPointerException at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SerialNumberCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:98) at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225) at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937) at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730) at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121) at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72) at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
Thrown exception for subject-dn-from:
java.lang.NullPointerException at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SubjectDnCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:125) at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225) at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937) at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730) at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121) at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72) at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
- clones
-
JBEAP-11902 Internal NPE when any attribute from x509-credential-mapper in ldap-realm is missing in LDAP
- Closed