added proper null safety to binary encoder/decoder

2014-10-06 22:11:00 -04:00 · 2014-10-06 22:11:00 -04:00 · f420003be7
parent ac8e8e29b9
commit f420003be7
1 changed files with 15 additions and 6 deletions
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
@ -18,10 +18,6 @@
 */
 package org.mitre.openid.connect.service.impl;

-import com.google.common.io.BaseEncoding;
-import com.google.gson.stream.JsonReader;
-import com.google.gson.stream.JsonToken;
-import com.google.gson.stream.JsonWriter;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@ -37,6 +33,7 @@ import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
+
 import org.mitre.jose.JWEAlgorithmEmbed;
 import org.mitre.jose.JWEEncryptionMethodEmbed;
 import org.mitre.jose.JWSAlgorithmEmbed;
@ -71,6 +68,11 @@ import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Service;

+import com.google.common.io.BaseEncoding;
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonToken;
+import com.google.gson.stream.JsonWriter;
+
 /**
 *
 * Data service to import and export MITREid 1.0 configuration.
@ -257,6 +259,9 @@ public class MITREidDataService_1_0 implements MITREidDataService {
    }

    private String base64UrlEncodeObject(Serializable obj) throws IOException {
+    	if (obj == null) {
+    		return null;
+    	}
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        ObjectOutputStream oos = new ObjectOutputStream(baos);
        oos.writeObject(obj);
@ -670,8 +675,12 @@ public class MITREidDataService_1_0 implements MITREidDataService {
                                        if (subName.equals("clientAuthorization")) {
                                            clientAuthorization = readAuthorizationRequest(reader);
                                        } else if (subName.equals("userAuthentication")) {
-                                            String authString = reader.nextString();
-                                            userAuthentication = base64UrlDecodeObject(authString, Authentication.class);
+                                        	if (reader.peek() == JsonToken.NULL) {
+                                        		reader.skipValue();
+                                        	} else {
+                                        		String authString = reader.nextString();
+                                        		userAuthentication = base64UrlDecodeObject(authString, Authentication.class);
+                                        	}
                                        } else {
                                            logger.debug("Found unexpected entry");
                                            reader.skipValue();