From 1fbdd240f1ec83ab87c5429c7f7c7a022fba443e Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 6 Oct 2014 23:25:48 -0400 Subject: [PATCH] made binary encode/decode null safe --- .../service/impl/MITREidDataService_1_0.java | 8 ++- .../service/impl/MITREidDataService_1_1.java | 8 ++- .../service/impl/MITREidDataService_1_X.java | 56 +++++++++++-------- 3 files changed, 44 insertions(+), 28 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java index f1034dbbb..9b1c11f39 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java @@ -328,8 +328,12 @@ public class MITREidDataService_1_0 extends MITREidDataService_1_X { if (subName.equals("clientAuthorization")) { clientAuthorization = readAuthorizationRequest(reader); } else if (subName.equals("userAuthentication")) { - String authString = reader.nextString(); - userAuthentication = base64UrlDecodeObject(authString, Authentication.class); + if (reader.peek() == JsonToken.NULL) { + reader.skipValue(); + } else { + String authString = reader.nextString(); + userAuthentication = base64UrlDecodeObject(authString, Authentication.class); + } } else { logger.debug("Found unexpected entry"); reader.skipValue(); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java index 08aebb0e1..7e37dd367 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java @@ -667,8 +667,12 @@ public class MITREidDataService_1_1 extends MITREidDataService_1_X { if (subName.equals("clientAuthorization")) { clientAuthorization = readAuthorizationRequest(reader); } else if (subName.equals("userAuthentication")) { - String authString = reader.nextString(); - userAuthentication = base64UrlDecodeObject(authString, Authentication.class); + if (reader.peek() == JsonToken.NULL) { + reader.skipValue(); + } else { + String authString = reader.nextString(); + userAuthentication = base64UrlDecodeObject(authString, Authentication.class); + } } else { logger.debug("Found unexpected entry"); reader.skipValue(); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java index da5d5eaa9..34b8a8cab 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java @@ -71,33 +71,41 @@ public abstract class MITREidDataService_1_X implements MITREidDataService { } protected static T base64UrlDecodeObject(String encoded, Class type) { - T deserialized = null; - try { - byte[] decoded = BaseEncoding.base64Url().decode(encoded); - ByteArrayInputStream bais = new ByteArrayInputStream(decoded); - ObjectInputStream ois = new ObjectInputStream(bais); - deserialized = type.cast(ois.readObject()); - ois.close(); - bais.close(); - } catch (Exception ex) { - logger.error("Unable to decode object", ex); - } - return deserialized; + if (encoded == null) { + return null; + } else { + T deserialized = null; + try { + byte[] decoded = BaseEncoding.base64Url().decode(encoded); + ByteArrayInputStream bais = new ByteArrayInputStream(decoded); + ObjectInputStream ois = new ObjectInputStream(bais); + deserialized = type.cast(ois.readObject()); + ois.close(); + bais.close(); + } catch (Exception ex) { + logger.error("Unable to decode object", ex); + } + return deserialized; + } } protected static String base64UrlEncodeObject(Serializable obj) { - String encoded = null; - try { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - ObjectOutputStream oos = new ObjectOutputStream(baos); - oos.writeObject(obj); - encoded = BaseEncoding.base64Url().encode(baos.toByteArray()); - oos.close(); - baos.close(); - } catch (IOException ex) { - logger.error("Unable to encode object", ex); - } - return encoded; + if (obj == null) { + return null; + } else { + String encoded = null; + try { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + ObjectOutputStream oos = new ObjectOutputStream(baos); + oos.writeObject(obj); + encoded = BaseEncoding.base64Url().encode(baos.toByteArray()); + oos.close(); + baos.close(); + } catch (IOException ex) { + logger.error("Unable to encode object", ex); + } + return encoded; + } } protected static Set readSet(JsonReader reader) throws IOException { Set arraySet = null;