Skip to content

Commit f420003

Browse files
jricherjricher
committed
added proper null safety to binary encoder/decoder
1 parent ac8e8e2 commit f420003

File tree

1 file changed

+15
-6
lines changed

1 file changed

+15
-6
lines changed

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,6 @@
1818
*/
1919
package org.mitre.openid.connect.service.impl;
2020

21-
import com.google.common.io.BaseEncoding;
22-
import com.google.gson.stream.JsonReader;
23-
import com.google.gson.stream.JsonToken;
24-
import com.google.gson.stream.JsonWriter;
2521
import java.io.ByteArrayInputStream;
2622
import java.io.ByteArrayOutputStream;
2723
import java.io.IOException;
@@ -37,6 +33,7 @@
3733
import java.util.Map;
3834
import java.util.Map.Entry;
3935
import java.util.Set;
36+
4037
import org.mitre.jose.JWEAlgorithmEmbed;
4138
import org.mitre.jose.JWEEncryptionMethodEmbed;
4239
import org.mitre.jose.JWSAlgorithmEmbed;
@@ -71,6 +68,11 @@
7168
import org.springframework.security.oauth2.provider.OAuth2Authentication;
7269
import org.springframework.stereotype.Service;
7370

71+
import com.google.common.io.BaseEncoding;
72+
import com.google.gson.stream.JsonReader;
73+
import com.google.gson.stream.JsonToken;
74+
import com.google.gson.stream.JsonWriter;
75+
7476
/**
7577
*
7678
* Data service to import and export MITREid 1.0 configuration.
@@ -257,6 +259,9 @@ private void writeAuthorizationRequest(AuthorizationRequest authReq, JsonWriter
257259
}
258260

259261
private String base64UrlEncodeObject(Serializable obj) throws IOException {
262+
if (obj == null) {
263+
return null;
264+
}
260265
ByteArrayOutputStream baos = new ByteArrayOutputStream();
261266
ObjectOutputStream oos = new ObjectOutputStream(baos);
262267
oos.writeObject(obj);
@@ -670,8 +675,12 @@ private void readAuthenticationHolders(JsonReader reader) throws IOException {
670675
if (subName.equals("clientAuthorization")) {
671676
clientAuthorization = readAuthorizationRequest(reader);
672677
} else if (subName.equals("userAuthentication")) {
673-
String authString = reader.nextString();
674-
userAuthentication = base64UrlDecodeObject(authString, Authentication.class);
678+
if (reader.peek() == JsonToken.NULL) {
679+
reader.skipValue();
680+
} else {
681+
String authString = reader.nextString();
682+
userAuthentication = base64UrlDecodeObject(authString, Authentication.class);
683+
}
675684
} else {
676685
logger.debug("Found unexpected entry");
677686
reader.skipValue();

0 commit comments

Comments
 (0)