GUACAMOLE-362: Deal gracefully with situations where password cannot be decrypted.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/ed4c025a Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/ed4c025a Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/ed4c025a Branch: refs/heads/master Commit: ed4c025a2e642899427a1866a418d119ebff3bf8 Parents: 36489ff Author: Nick Couchman <[email protected]> Authored: Sun Aug 27 20:55:27 2017 -0400 Committer: Nick Couchman <[email protected]> Committed: Fri Oct 27 13:05:12 2017 -0400 ---------------------------------------------------------------------- .../auth/cas/AuthenticationProviderService.java | 16 ++++++++++++---- .../properties/CipherGuacamoleProperty.java | 3 +++ 2 files changed, 15 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/ed4c025a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java index b7ebdf7..da32f72 100644 --- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java @@ -173,10 +173,15 @@ public class AuthenticationProviderService { final Cipher cipher = confService.getClearpassCipher(); - // Decrypt and return a new string. - final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword); - final byte[] cipherData = cipher.doFinal(pass64); - return new String(cipherData); + if (cipher != null) { + + // Decode and decrypt, and return a new string. + final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword); + final byte[] cipherData = cipher.doFinal(pass64); + return new String(cipherData); + + } + } catch (Throwable t) { logger.error("Failed to decrypt the data, password token will not be available."); @@ -184,6 +189,9 @@ public class AuthenticationProviderService { return null; } + logger.warn("Encrypted password provided by CAS, but no Private Key was available to decrypt it."); + return null; + } } http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/ed4c025a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java ---------------------------------------------------------------------- diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java index e2f95ec..d4d763f 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java @@ -47,6 +47,9 @@ public abstract class CipherGuacamoleProperty implements GuacamoleProperty<Ciphe @Override public Cipher parseValue(String value) throws GuacamoleException { + if (value == null || value.isEmpty()) + return null; + try { final Environment environment = new LocalEnvironment();
