diff options
| author | Ade Lee <alee@redhat.com> | 2017-06-01 17:46:27 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-06-02 12:55:39 -0400 |
| commit | 08bf26f786b8d233382c6fedfad5d33d8c11d78f (patch) | |
| tree | 96c0e0524d53f14f1ca2dccaf75485cdc37afe70 | |
| parent | 03235ab51d102ba722e71adf00d2f721c77cd222 (diff) | |
| download | pki-08bf26f786b8d233382c6fedfad5d33d8c11d78f.tar.gz pki-08bf26f786b8d233382c6fedfad5d33d8c11d78f.tar.xz pki-08bf26f786b8d233382c6fedfad5d33d8c11d78f.zip | |
Fix NPE in audit log invocation
Some audit log objects take a RequestId or KeyId, on which we call
toString(). In some cases, we were creating a KeyId or RequestId
with null values, resulting in an NPE. We fix these in this patch.
Bugzilla BZ# 1458043
Change-Id: I38d5a20e9920966c8414d56afd7690dc3c11a1db
3 files changed, 8 insertions, 4 deletions
diff --git a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java index ed20394b3..5e3b8a9d7 100644 --- a/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java +++ b/base/kra/src/com/netscape/kra/KeyRecoveryAuthority.java @@ -1128,7 +1128,8 @@ public class KeyRecoveryAuthority implements IAuthority, IKeyService, IKeyRecove r = queue.findRequest(new RequestId(reqID)); auditAgents = r.getExtDataInString(IRequest.ATTR_APPROVE_AGENTS); - keyID = new KeyId(r.getExtDataInBigInteger("serialNumber")); + BigInteger serialNumber = r.getExtDataInBigInteger("serialNumber"); + keyID = serialNumber != null? new KeyId(serialNumber) : null; // set transient parameters params = createVolatileRequest(r.getRequestId()); diff --git a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java index da82e97a2..3c44d5391 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java +++ b/base/kra/src/com/netscape/kra/SecurityDataRecoveryService.java @@ -17,6 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.kra; +import java.math.BigInteger; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.keydb.KeyId; @@ -66,7 +68,8 @@ public class SecurityDataRecoveryService implements IService { // parameters for auditing String auditSubjectID = request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER); - KeyId keyId = new KeyId(request.getExtDataInBigInteger("serialNumber")); + BigInteger serialNumber = request.getExtDataInBigInteger("serialNumber"); + KeyId keyId = serialNumber != null ? new KeyId(serialNumber): null; RequestId requestID = request.getRequestId(); String approvers = request.getExtDataInString(IRequest.ATTR_APPROVE_AGENTS); diff --git a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index c0b5cdd2d..891b0831f 100644 --- a/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -283,7 +283,7 @@ public class TokenKeyRecoveryService implements IService { // retrieve based on Certificate String cert_s = request.getExtDataInString(ATTR_USER_CERT); String keyid_s = request.getExtDataInString(IRequest.NETKEY_ATTR_KEYID); - KeyId keyId = new KeyId(request.getExtDataInString(IRequest.NETKEY_ATTR_KEYID)); + KeyId keyId = keyid_s != null ? new KeyId(keyid_s): null; /* have to have at least one */ if ((cert_s == null) && (keyid_s == null)) { CMS.debug("TokenKeyRecoveryService: not receive cert or keyid"); @@ -593,7 +593,7 @@ public class TokenKeyRecoveryService implements IService { return true; } catch (Exception e) { - CMS.debug("TokenKeyRecoveryService: " + e.toString()); + CMS.debug(e); request.setExtData(IRequest.RESULT, Integer.valueOf(4)); } |