hamada created SOLR-12354:
-----------------------------

             Summary: org.apache.solr.security.PKIAuthenticationPlugin does not 
check response code when retrieving remotePublicKey
                 Key: SOLR-12354
                 URL: https://issues.apache.org/jira/browse/SOLR-12354
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: Authentication
    Affects Versions: 6.6.3, 6.6.2
            Reporter: hamada


in decipherHeader(), if keyCache does not contain the key of interest, then a 
remote call is made to retrieve the key from the remote host, by calling 
getRemotePublicKey, which fails if the server returns an html error page.

e.g.:

org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0 
BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at 
org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at 
org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712) 
~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886) 
~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930) 
~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44) 
~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37) 
~[noggit-0.6.jar:?]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to