[3/3] syncope git commit: NPE guards for both the RelayState and Response

Wed, 02 Aug 2017 09:10:42 -0700 

NPE guards for both the RelayState and Response


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c7a50578
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c7a50578
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c7a50578

Branch: refs/heads/master
Commit: c7a505783c87c7b595f20512c706ba7f4edbfa37
Parents: bfce004
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Wed Aug 2 15:31:47 2017 +0100
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Wed Aug 2 17:10:05 2017 +0100

----------------------------------------------------------------------
 .../main/java/org/apache/syncope/core/logic/SAML2SPLogic.java  | 6 ++++++
 1 file changed, 6 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/c7a50578/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
----------------------------------------------------------------------
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 222d3cf..28a1ef0 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -421,6 +421,9 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic<AbstractBaseBean> {
         check();
 
         // 1. first checks for the provided relay state
+        if (response.getRelayState() == null) {
+            throw new IllegalArgumentException("No Relay State was provided");
+        }
         JwsJwtCompactConsumer relayState = new 
JwsJwtCompactConsumer(response.getRelayState());
         if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
             throw new IllegalArgumentException("Invalid signature found in 
Relay State");
@@ -429,6 +432,9 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic<AbstractBaseBean> {
                 
relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString());
 
         // 2. parse the provided SAML response
+        if (response.getSamlResponse() == null) {
+            throw new IllegalArgumentException("No SAML Response was 
provided");
+        }
         Response samlResponse;
         try {
             XMLObject responseObject = saml2rw.read(useDeflateEncoding, 
response.getSamlResponse());

Reply via email to