You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/06 02:52:00 UTC

[3/7] directory-kerby git commit: Avoid array out of bounds exception if the client forgets to configure pkinit trust anchors

Avoid array out of bounds exception if the client forgets to configure pkinit trust anchors


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/36ed64d8
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/36ed64d8
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/36ed64d8

Branch: refs/heads/kadmin-remote
Commit: 36ed64d8f02753adb37c22c0bd16231674c2e607
Parents: 2d31702
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 12:31:29 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 12:31:29 2016 +0100

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java | 4 ++++
 1 file changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/36ed64d8/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 3620f23..9a15c4e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -350,6 +350,10 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
             PkinitCrypto.verifyCmsSignedData(
                     CmsMessageType.CMS_SIGN_SERVER, signedData);
 
+            if (kdcRequest.getContext().getConfig().getPkinitAnchors().isEmpty()) {
+                LOG.error("No PKINIT anchors specified");
+                throw new KrbException("No PKINIT anchors specified");
+            }
             String anchorFileName = kdcRequest.getContext().getConfig().getPkinitAnchors().get(0);
 
             X509Certificate x509Certificate = null;