Uploaded image for project: 'OpenIG'
  1. OpenIG
  2. OPENIG-659

CryptoHeaderFilter - error on handling header value with incorrect length

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.1.1, 4.0.0, 4.5.0, 5.0.0
    • Fix Version/s: None
    • Component/s: None
    • Environment:
      Mac OSX 10.10.5
      JDK 1.7.0_60
      Tomcat 8.0.23

      Description

      With a route containing the following CryptoHeaderFilter :

      {
          "type": "CryptoHeaderFilter",
          "config": {
              "algorithm": "DES/ECB/NoPadding",
              "charSet": "utf-8",
              "headers": [
                  "password"
              ],
              "key": "SoMI5WFkI0o=",
              "keyType": "DES",
              "messageType": "REQUEST",
              "operation": "DECRYPT"
          }
      }
      

      the CryptoHeaderFilter fails and returns an error when a header password is sent with an incorrect length.

      Stack trace in this case :

      28-Sep-2015 09:41:19.774 SEVERE [http-nio-8082-exec-7] org.apache.catalina.core.ApplicationContextn.log HttpFrameworkServlet: Throwable caught in HttpFrameworkServlet
       java.lang.IllegalArgumentException: Null input buffer
      	at javax.crypto.Cipher.doFinal(Cipher.java:2083)
      	at org.forgerock.openig.filter.CryptoHeaderFilter.decrypt(CryptoHeaderFilter.java:186)
      	at org.forgerock.openig.filter.CryptoHeaderFilter.process(CryptoHeaderFilter.java:167)
      	at org.forgerock.openig.filter.CryptoHeaderFilter.filter(CryptoHeaderFilter.java:218)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:55)
      	at org.forgerock.openig.filter.Chain.handle(Chain.java:69)
      	at org.forgerock.openig.decoration.capture.CaptureHandler.handle(CaptureHandler.java:65)
      	at org.forgerock.openig.handler.router.Route.handle(Route.java:188)
      	at org.forgerock.openig.handler.router.RouterHandler.handle(RouterHandler.java:259)
      	at org.forgerock.openig.http.HttpHandler.handle(HttpHandler.java:59)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:214)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      	at com.sun.identity.agents.filter.AmAgentBaseFilter.allowRequestToContinue(AmAgentBaseFilter.java:125)
      	at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:75)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
      	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
      	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jcdevil Jean-Charles Deville
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: