Loading...

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.ER3
Affects Version/s: 7.1.0.ER1
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When any of attribute digest-from, certificate-from, serial-number-from, subject-dn-from from x509-credential-mapper in ldap-realm includes attribute which does not occur in searched entry in LDAP then internal NPE is thrown. It is caused by missing null checks.

Thrown exception for digest-from:

java.lang.NullPointerException
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$DigestCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:153)
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

Thrown exception for certificate-from:

java.lang.NullPointerException
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$EncodedCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:190)
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

Thrown exception for serial-number-from:

java.lang.NullPointerException
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SerialNumberCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:98)
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

Thrown exception for subject-dn-from:

java.lang.NullPointerException
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$SubjectDnCertificateVerifier.verifyCertificate(X509EvidenceVerifier.java:125)
	at org.wildfly.security.auth.realm.ldap.X509EvidenceVerifier$1.verifyEvidence(X509EvidenceVerifier.java:225)
	at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:618)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1937)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:730)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.doClientTrustCheck(SecurityDomainTrustManager.java:121)
	at org.wildfly.security.ssl.SecurityDomainTrustManager.checkClientTrusted(SecurityDomainTrustManager.java:72)
	at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1869)
	at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

is cloned by

ELY-1273 Internal NPE when any attribute from x509-credential-mapper in ldap-realm is missing in LDAP

Resolved

is incorporated by

JBEAP-12265 Upgrade WildFly Elytron to 1.1.0.CR3

Closed

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates