Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14239

FMSigProvider.verify NPE with null input for certificates

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.0.0.6, 6.5.0
    • Fix Version/s: 6.5.1, 6.0.1, 7.0.0, 5.5.2
    • Component/s: SAML
    • Labels:
    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 60
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      FMSigProvider signature validation bails out with NullPointerException.

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      see unit test provided in diff.

      Expected behaviour
      Defensive programming should be done
      
      Current behaviour
      NullPointerException for null collection of input parameter verificationCerts
      

      Code analysis

      com.sun.identity.saml2.xmlsig.FMSigProvider.java
      @Override
      public boolean verify(String xmlString, String idAttribute, String idValue, Set<X509Certificate> verificationCerts)
              throws SAML2Exception {
          Reject.ifNull(idAttribute);
          String classMethod = "FMSigProvider.verify: ";
      ....
      if (certToUse != null && checkCert) {
          if (!verificationCerts.contains(certToUse)) {
      ....
      

        Attachments

          Activity

            People

            • Assignee:
              lawrence.yarham Lawrence Yarham
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: