You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2016/07/05 14:07:25 UTC
[2/6] directory-kerby git commit: Fix NPE if the KDC does not
configure identity keys for PKINIT
Fix NPE if the KDC does not configure identity keys for PKINIT
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/2d31702f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/2d31702f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/2d31702f
Branch: refs/heads/trunk
Commit: 2d31702f083c0c27b1469a805f81212995b96c84
Parents: 4600ee3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 12:29:18 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 12:29:18 2016 +0100
----------------------------------------------------------------------
.../server/preauth/pkinit/PkinitPreauth.java | 48 +++++++++++---------
1 file changed, 26 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2d31702f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index f0080c9..0e4867d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -302,32 +302,36 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
private PaPkAsRep makePaPkAsRep(DHPublicKey severPubKey, String identityString) throws KrbException {
- List<String> identityList = Arrays.asList(identityString.split(","));
-
List<X509Certificate> certificates = new ArrayList<>();
- for (String identity : identityList) {
- File file = new File(identity);
- try (Scanner scanner = new Scanner(file, "UTF-8")) {
- String found = scanner.findInLine("CERTIFICATE");
-
- if (found != null) {
- InputStream res = null;
- try {
- res = new FileInputStream(identity);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- }
- X509Certificate certificate = null;
- try {
- certificate = (X509Certificate) CertificateHelper.loadCerts(res).iterator().next();
- } catch (KrbException e) {
- e.printStackTrace();
+ if (identityString != null) {
+ List<String> identityList = Arrays.asList(identityString.split(","));
+ for (String identity : identityList) {
+ File file = new File(identity);
+ try (Scanner scanner = new Scanner(file, "UTF-8")) {
+ String found = scanner.findInLine("CERTIFICATE");
+
+ if (found != null) {
+ InputStream res = null;
+ try {
+ res = new FileInputStream(identity);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ }
+ X509Certificate certificate = null;
+ try {
+ certificate = (X509Certificate) CertificateHelper.loadCerts(res).iterator().next();
+ } catch (KrbException e) {
+ e.printStackTrace();
+ }
+ certificates.add(certificate);
+ res.close();
}
- certificates.add(certificate);
+ } catch (IOException e) {
+ e.getMessage();
}
- } catch (FileNotFoundException e) {
- e.getMessage();
}
+ } else {
+ LOG.warn("No PKINIT identity keys specified");
}
PaPkAsRep paPkAsRep = new PaPkAsRep();