From c53ca291e21761f1de5417ef596afba395a7f5d1 Mon Sep 17 00:00:00 2001 From: Abhishek Koneru Date: Wed, 6 Jun 2012 16:55:54 -0400 Subject: Fixes for NULL_RETURNS Coverity Issues - Part 2 --- .../netscape/certsrv/authentication/AuthToken.java | 48 ++++++++-------------- .../certsrv/authentication/IAuthToken.java | 18 +++++--- .../com/netscape/cms/authentication/CMCAuth.java | 5 ++- .../cms/policy/extensions/SubjAltNameExt.java | 7 ++-- .../cms/servlet/base/DisplayHtmlServlet.java | 2 - .../servlet/cert/ChallengeRevocationServlet1.java | 4 +- .../com/netscape/cms/servlet/cert/UpdateCRL.java | 1 - .../csadmin/LDAPSecurityDomainSessionTable.java | 14 +++++-- .../cmscore/authentication/AuthSubsystem.java | 4 +- .../authentication/PasswdUserDBAuthentication.java | 6 ++- .../src/com/netscape/cmscore/dbs/DBSubsystem.java | 3 ++ .../com/netscape/cmscore/dbs/KeyRepository.java | 6 +++ .../netscape/cmscore/profile/ProfileSubsystem.java | 3 ++ .../certsrv/authentication/AuthTokenTest.java | 12 ++++-- .../cmscore/dbs/DBSubsystemDefaultStub.java | 3 +- .../com/netscape/cmscore/test/CMSBaseTestCase.java | 3 +- .../src/com/netscape/cmstools/DRMTool.java | 4 +- .../src/com/netscape/cmstools/OCSPClient.java | 3 ++ .../src/com/netscape/cmstools/PKCS12Export.java | 6 +++ base/kra/src/com/netscape/kra/RecoveryService.java | 7 +++- .../netscape/pkisilent/argparser/ArgParser.java | 6 ++- .../src/com/netscape/pkisilent/common/CMSLDAP.java | 4 +- .../com/netscape/pkisilent/http/HTTPClient.java | 48 +++++++--------------- .../cmsutil/radius/ChallengeException.java | 9 ++-- .../netscape/cmsutil/radius/RejectException.java | 6 +-- .../security/extensions/NSCertTypeExtension.java | 8 +++- .../src/netscape/security/util/DerInputBuffer.java | 4 +- .../src/netscape/security/util/DerInputStream.java | 3 +- .../x509/IssuingDistributionPointExtension.java | 3 ++ .../test/com/netscape/security/util/JSSUtil.java | 6 ++- 30 files changed, 143 insertions(+), 113 deletions(-) (limited to 'base') diff --git a/base/common/src/com/netscape/certsrv/authentication/AuthToken.java b/base/common/src/com/netscape/certsrv/authentication/AuthToken.java index d934f62e8..1b5bf2350 100644 --- a/base/common/src/com/netscape/certsrv/authentication/AuthToken.java +++ b/base/common/src/com/netscape/certsrv/authentication/AuthToken.java @@ -291,17 +291,13 @@ public class AuthToken implements IAuthToken { return set(name, out.toByteArray()); } - public CertificateExtensions getInCertExts(String name) { + public CertificateExtensions getInCertExts(String name) throws IOException { CertificateExtensions exts = null; byte[] data = getInByteArray(name); if (data != null) { - try { - exts = new CertificateExtensions(); - // exts.decode() doesn't work for empty CertExts - exts.decodeEx(new ByteArrayInputStream(data)); - } catch (IOException e) { - return null; - } + exts = new CertificateExtensions(); + // exts.decode() doesn't work for empty CertExts + exts.decodeEx(new ByteArrayInputStream(data)); } return exts; } @@ -321,7 +317,7 @@ public class AuthToken implements IAuthToken { return set(name, out.toByteArray()); } - public Certificates getInCertificates(String name) { + public Certificates getInCertificates(String name) throws IOException, CertificateException { X509CertImpl[] certArray; byte[] byteValue = getInByteArray(name); @@ -329,18 +325,12 @@ public class AuthToken implements IAuthToken { return null; } - try { - DerInputStream in = new DerInputStream(byteValue); - DerValue[] derValues = in.getSequence(5); - certArray = new X509CertImpl[derValues.length]; - for (int i = 0; i < derValues.length; i++) { - byte[] certData = derValues[i].toByteArray(); - certArray[i] = new X509CertImpl(certData); - } - } catch (IOException e) { - return null; - } catch (CertificateException e) { - return null; + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + certArray = new X509CertImpl[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + byte[] certData = derValues[i].toByteArray(); + certArray[i] = new X509CertImpl(certData); } return new Certificates(certArray); } @@ -372,22 +362,18 @@ public class AuthToken implements IAuthToken { } } - public byte[][] getInByteArrayArray(String name) { + public byte[][] getInByteArrayArray(String name) throws IOException { byte[][] retval; byte[] byteValue = getInByteArray(name); if (byteValue == null) { return null; } - try { - DerInputStream in = new DerInputStream(byteValue); - DerValue[] derValues = in.getSequence(5); - retval = new byte[derValues.length][]; - for (int i = 0; i < derValues.length; i++) { - retval[i] = derValues[i].getOctetString(); - } - } catch (IOException e) { - return null; + DerInputStream in = new DerInputStream(byteValue); + DerValue[] derValues = in.getSequence(5); + retval = new byte[derValues.length][]; + for (int i = 0; i < derValues.length; i++) { + retval[i] = derValues[i].getOctetString(); } return retval; } diff --git a/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java b/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java index 25a73b8f1..e469f3786 100644 --- a/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java +++ b/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java @@ -17,7 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.authentication; +import java.io.IOException; import java.math.BigInteger; +import java.security.cert.CertificateException; import java.util.Date; import java.util.Enumeration; @@ -176,9 +178,10 @@ public interface IAuthToken { * Retrieves the CertificateExtensions value for name. * * @param name The attribute name. - * @return The value or null on error. + * @return The value. + * @throws IOException */ - public CertificateExtensions getInCertExts(String name); + public CertificateExtensions getInCertExts(String name) throws IOException; /** * Stores the CertificateExtensions with the associated key. @@ -193,9 +196,11 @@ public interface IAuthToken { * Retrieves the Certificates value for name. * * @param name The attribute name. - * @return The value or null on error. + * @return The value. + * @throws IOException + * @throws CertificateException */ - public Certificates getInCertificates(String name); + public Certificates getInCertificates(String name) throws IOException, CertificateException; /** * Stores the Certificates with the associated key. @@ -210,9 +215,10 @@ public interface IAuthToken { * Retrieves the byte[][] value for name. * * @param name The attribute name. - * @return The value or null on error. + * @return The value. + * @throws IOException */ - public byte[][] getInByteArrayArray(String name); + public byte[][] getInByteArrayArray(String name) throws IOException; /** * Stores the byte[][] with the associated key. diff --git a/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/base/common/src/com/netscape/cms/authentication/CMCAuth.java index d15f445f3..2844601f4 100644 --- a/base/common/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/common/src/com/netscape/cms/authentication/CMCAuth.java @@ -768,7 +768,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, level, "CMC Authentication: " + msg); } - protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EInvalidCredentials { + protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EBaseException { EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); @@ -875,6 +875,9 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID); + if (agentAuth == null) { + throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_MANAGER_NOT_FOUND", IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)); + } IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials(); agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs); diff --git a/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java index e1ae7d074..d6e626aa9 100644 --- a/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java +++ b/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java @@ -250,9 +250,9 @@ public class SubjAltNameExt extends APolicyRule /** * Generate a String Vector containing all the email addresses * found in this Authentication token + * @throws IOException */ - protected Vector /* of String */ - getEmailList(IAuthToken tok) { + protected Vector getEmailList(IAuthToken tok) throws IOException { Vector v = new Vector(); @@ -267,9 +267,10 @@ public class SubjAltNameExt extends APolicyRule /** * Add attribute values from an LDAP attribute to a vector + * @throws IOException */ protected void - addValues(IAuthToken tok, String attrName, Vector v) { + addValues(IAuthToken tok, String attrName, Vector v) throws IOException { String attr[] = tok.getInStringArray(attrName); if (attr == null) diff --git a/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java index a6cb97908..895e099fb 100644 --- a/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java +++ b/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java @@ -61,9 +61,7 @@ public class DisplayHtmlServlet extends CMSServlet { */ public void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DisplayHtmlServlet about to service "); - authenticate(cmsReq); - try { String realpath = mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); diff --git a/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index e820bb87a..0b59fdc97 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -132,9 +132,9 @@ public class ChallengeRevocationServlet1 extends CMSServlet { * * * @param cmsReq the object holding the request and response information + * @throws EBaseException */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); diff --git a/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index bd12bcfd8..a3cec570a 100644 --- a/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -122,7 +122,6 @@ public class UpdateCRL extends CMSServlet { IAuthToken authToken = authenticate(cmsReq); AuthzToken authzToken = null; - try { authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "update"); diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index b9932722e..ff9ab5eba 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -192,7 +192,11 @@ public class LDAPSecurityDomainSessionTable LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); - ret.add(entry.getAttribute("cn").getStringValueArray()[0]); + LDAPAttribute sid = entry.getAttribute("cn"); + if (sid == null) { + throw new Exception("Invalid LDAP Entry." + entry.getDN() + " No session id(cn)."); + } + ret.add(sid.getStringValueArray()[0]); } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { @@ -228,10 +232,14 @@ public class LDAPSecurityDomainSessionTable LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); if (res.getCount() > 0) { LDAPEntry entry = res.next(); - ret = entry.getAttribute(attr).getStringValueArray()[0]; + LDAPAttribute searchAttribute = entry.getAttribute(attr); + if (searchAttribute == null) { + throw new Exception("No Attribute " + attr + " for this session in LDAPEntry "+entry.getDN()); + } + ret = searchAttribute.getStringValueArray()[0]; } } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e.getMessage()); } try { diff --git a/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java index fbb589376..c5b09a7d7 100644 --- a/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java +++ b/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java @@ -458,9 +458,9 @@ public class AuthSubsystem implements IAuthSubsystem { *

*/ public void shutdown() { - for (Enumeration e = mAuthMgrInsts.keys(); e.hasMoreElements();) { + for (AuthManagerProxy proxy : mAuthMgrInsts.values()) { - IAuthManager mgr = get(e.nextElement()); + IAuthManager mgr = proxy.getAuthManager(); log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_SHUTDOWN", mgr.getName())); diff --git a/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java index 5b6418c00..fa8696c1d 100644 --- a/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java +++ b/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java @@ -191,7 +191,11 @@ public class PasswdUserDBAuthentication implements IAuthManager { e.printStackTrace(); // not a user in our user/group database. log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString())); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL") + " " + e.getMessage()); + } + if (user == null) { + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", + "Failure in User Group subsystem.")); } authToken.set(TOKEN_USERDN, user.getUserDN()); authToken.set(TOKEN_USERID, user.getUserID()); diff --git a/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java b/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java index 304f5aa94..c0bb627c2 100644 --- a/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java +++ b/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java @@ -408,6 +408,9 @@ public class DBSubsystem implements IDBSubsystem { LDAPEntry entry = conn.read(dn); LDAPAttribute attr = entry.getAttribute(PROP_NEXT_RANGE); + if (attr == null) { + throw new Exception("Missing Attribute" + PROP_NEXT_RANGE + "in Entry " + dn); + } nextRange = (String) attr.getStringValues().nextElement(); BigInteger nextRangeNo = new BigInteger(nextRange); diff --git a/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java b/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java index 726746627..0fbff688a 100644 --- a/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java +++ b/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java @@ -251,6 +251,9 @@ public class KeyRepository extends Repository implements IKeyRepository { */ public IKeyRecord readKeyRecord(BigInteger serialNo) throws EBaseException { + if (serialNo == null) { + throw new EBaseException("Invalid Serial Number."); + } IDBSSession s = mDBService.createSession(); KeyRecord rec = null; @@ -264,6 +267,9 @@ public class KeyRepository extends Repository implements IKeyRepository { if (s != null) s.close(); } + if (rec == null) { + throw new EBaseException("Failed to recover Key for Serial Number " + serialNo); + } return rec; } diff --git a/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java b/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java index 53d4fa14a..7da1cc332 100644 --- a/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java +++ b/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java @@ -96,6 +96,9 @@ public class ProfileSubsystem implements IProfileSubsystem { IConfigStore subStore = config.getSubStore(id); String classid = subStore.getString(PROP_CLASS_ID); IPluginInfo info = registry.getPluginInfo("profile", classid); + if (info == null) { + throw new EBaseException("No plugins for type : profile with id " + classid); + } String configPath = subStore.getString(PROP_CONFIG); CMS.debug("Start Profile Creation - " + id + " " + classid + " " + info.getClassName()); diff --git a/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java b/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java index fab809bad..370973f0a 100644 --- a/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java +++ b/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java @@ -109,7 +109,7 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(authToken.set("key4", (BigInteger[]) null)); } - public void testGetSetDate() { + public void testGetSetDate() throws Exception { Date value = new Date(); authToken.set("key", value); assertEquals(String.valueOf(value.getTime()), @@ -118,6 +118,9 @@ public class AuthTokenTest extends CMSBaseTestCase { authToken.set("key2", "234567"); Date retval = authToken.getInDate("key2"); + if (retval == null) { + throw new Exception("Unable to get key2 as Date"); + } assertEquals(234567L, retval.getTime()); authToken.set("key3", "oops"); @@ -137,6 +140,9 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(cmsStub.aToBCalled); String[] retval = authToken.getInStringArray("key"); + if (retval == null) { + throw new IOException("Unable to get key as String Array"); + } assertTrue(cmsStub.aToBCalled); assertEquals(4, retval.length); assertEquals(value[0], retval[0]); @@ -193,7 +199,7 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(authToken.set("key3", (CertificateExtensions) null)); } - public void testGetSetCertificates() throws CertificateException { + public void testGetSetCertificates() throws CertificateException, IOException { X509CertImpl cert1 = getFakeCert(); X509CertImpl cert2 = getFakeCert(); X509CertImpl[] certArray = new X509CertImpl[] { cert1, cert2 }; @@ -216,7 +222,7 @@ public class AuthTokenTest extends CMSBaseTestCase { assertFalse(authToken.set("key2", (Certificates) null)); } - public void testGetSetByteArrayArray() { + public void testGetSetByteArrayArray() throws IOException { byte[][] value = new byte[][] { new byte[] { 1, 2, 3, 4 }, new byte[] { 12, 13, 14 }, diff --git a/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java b/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java index fe19159d5..396121b29 100644 --- a/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java +++ b/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java @@ -7,7 +7,6 @@ import netscape.ldap.LDAPConnection; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; -import com.netscape.certsrv.dbs.EDBException; import com.netscape.certsrv.dbs.IDBRegistry; import com.netscape.certsrv.dbs.IDBSSession; import com.netscape.certsrv.dbs.IDBSubsystem; @@ -25,7 +24,7 @@ public class DBSubsystemDefaultStub implements IDBSubsystem { return null; } - public IDBSSession createSession() throws EDBException { + public IDBSSession createSession() { return null; } diff --git a/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java b/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java index d3971afd4..007ccafcb 100644 --- a/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java +++ b/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java @@ -7,7 +7,6 @@ import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.app.CMSEngineDefaultStub; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.dbs.EDBException; import com.netscape.certsrv.dbs.IDBRegistry; import com.netscape.certsrv.dbs.IDBSSession; import com.netscape.certsrv.logging.ILogger; @@ -88,7 +87,7 @@ public abstract class CMSBaseTestCase extends TestCase { } class DBSubsystemStub extends DBSubsystemDefaultStub { - public IDBSSession createSession() throws EDBException { + public IDBSSession createSession() { return session; } diff --git a/base/java-tools/src/com/netscape/cmstools/DRMTool.java b/base/java-tools/src/com/netscape/cmstools/DRMTool.java index efd83e892..0eaf26ee1 100644 --- a/base/java-tools/src/com/netscape/cmstools/DRMTool.java +++ b/base/java-tools/src/com/netscape/cmstools/DRMTool.java @@ -1642,7 +1642,9 @@ public class DRMTool { new FileReader( mSourcePKISecurityDatabasePwdfile)); pwd = in.readLine(); - + if (pwd == null) { + pwd = ""; + } mPwd = new Password(pwd.toCharArray()); mSourceToken.login(mPwd); diff --git a/base/java-tools/src/com/netscape/cmstools/OCSPClient.java b/base/java-tools/src/com/netscape/cmstools/OCSPClient.java index fc2f081e9..7d581fdb8 100644 --- a/base/java-tools/src/com/netscape/cmstools/OCSPClient.java +++ b/base/java-tools/src/com/netscape/cmstools/OCSPClient.java @@ -174,6 +174,9 @@ public class OCSPClient { ResponseData rd = basic.getResponseData(); for (int i = 0; i < rd.getResponseCount(); i++) { SingleResponse rd1 = rd.getResponseAt(i); + if (rd1 == null) { + throw new Exception("No OCSP Response data."); + } System.out.println("CertID.serialNumber=" + rd1.getCertID().getSerialNumber()); CertStatus status1 = rd1.getCertStatus(); diff --git a/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java b/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java index ad1c485c0..532505867 100644 --- a/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java +++ b/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java @@ -224,6 +224,9 @@ public class PKCS12Export { try { BufferedReader in = new BufferedReader(new FileReader(pwdfile)); pwd = in.readLine(); + if (pwd == null) { + pwd = ""; + } } catch (Exception e) { debug("Failed to read the keydb password from the file. Exception: " + e.toString()); System.exit(1); @@ -233,6 +236,9 @@ public class PKCS12Export { try { BufferedReader in = new BufferedReader(new FileReader(pk12pwdfile)); pk12pwd = in.readLine(); + if (pk12pwd == null) { + pk12pwd = ""; + } } catch (Exception e) { debug("Failed to read the keydb password from the file. Exception: " + e.toString()); System.exit(1); diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index 7fbefd776..19d6b5157 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -20,10 +20,10 @@ package com.netscape.kra; import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.math.BigInteger; -import java.security.SecureRandom; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; +import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Hashtable; @@ -194,6 +194,9 @@ public class RecoveryService implements IService { byte pubData[] = keyRecord.getPublicKeyData(); X509Certificate x509cert = request.getExtDataInCert(ATTR_USER_CERT); + if (x509cert == null) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_INVALID_KEYRECORD")); + } byte inputPubData[] = x509cert.getPublicKey().getEncoded(); if (inputPubData.length != pubData.length) { @@ -380,7 +383,7 @@ public class RecoveryService implements IService { throws EBaseException { CMS.debug("RecoverService: recoverKey: key to recover is RSA? "+ - isRSA); + isRSA); try { if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java b/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java index 0e3325005..f4ea79c2b 100755 --- a/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java +++ b/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java @@ -1610,7 +1610,7 @@ public class ArgParser { return (rec != null) ? rec.valTypeName() : null; } - private Object createResultHolder(Record rec) { + private Object createResultHolder(Record rec) throws ArgParseException { if (rec.numValues == 1) { switch (rec.type) { case Record.LONG: { @@ -1648,7 +1648,9 @@ public class ArgParser { } } } - return null; // can't happen + + throw new ArgParseException("Bad parameters in the Record for Result Holder. Type :" + rec.type + + " ,Number of Values : " + rec.numValues); // can't happen } static void stringToArgs(Vector vec, String s, diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java b/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java index 7558dc88f..80613525d 100644 --- a/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java +++ b/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java @@ -196,7 +196,7 @@ public class CMSLDAP { } - private X509Certificate getXCertificate(byte[] cpack) { + private X509Certificate getXCertificate(byte[] cpack) throws Exception { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); @@ -209,7 +209,7 @@ public class CMSLDAP { return the_cert; } catch (Exception e) { System.out.println("ERROR: getXCertificate " + e.toString()); - return null; + throw e; } } diff --git a/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java b/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java index 428853032..80335c61f 100644 --- a/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java +++ b/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java @@ -24,7 +24,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.PrintStream; -import java.io.UnsupportedEncodingException; import java.net.InetAddress; import java.net.Socket; import java.net.URLDecoder; @@ -39,10 +38,10 @@ import org.mozilla.jss.ssl.SSLSocket; import org.mozilla.jss.ssl.TestCertApprovalCallback; import org.mozilla.jss.ssl.TestClientCertificateSelectionCallback; +import com.netscape.cmsutil.util.Utils; import com.netscape.pkisilent.argparser.ArgParser; import com.netscape.pkisilent.argparser.StringHolder; import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.cmsutil.util.Utils; public class HTTPClient implements SSLCertificateApprovalCallback { @@ -373,11 +372,10 @@ public class HTTPClient implements SSLCertificateApprovalCallback { // posts the given query data // returns HTTPResponse public HTTPResponse nonsslConnect(String hostname, String portnumber, - String url, String query) { + String url, String query) throws Exception { - boolean st = true; HTTPResponse hr = null; - + PrintStream ps = null; try { System.out.println("#############################################"); @@ -397,7 +395,7 @@ public class HTTPClient implements SSLCertificateApprovalCallback { OutputStream rawos = socket.getOutputStream(); BufferedOutputStream os = new BufferedOutputStream(rawos); - PrintStream ps = new PrintStream(os); + ps = new PrintStream(os); System.out.println("Connected."); @@ -423,37 +421,21 @@ public class HTTPClient implements SSLCertificateApprovalCallback { ps.flush(); os.flush(); - try { hr = readResponse(socket.getInputStream()); hr.parseContent(); - } catch (Exception e) { - System.out.println("Exception"); - e.printStackTrace(); - st = false; - } - - socket.close(); - os.close(); - rawos.close(); - ps.close(); - - os = null; - rawos = null; - ps = null; - - } - - catch (Exception e) { + } catch (Exception e) { System.err.println("Exception: Unable to Send Request:" + e); e.printStackTrace(); - st = false; + throw e; + } finally { + if (ps != null) { + ps.close(); + ps = null; + } } - if (!st) - return null; - else - return hr; + return hr; } public HTTPResponse readResponse(InputStream inputStream) @@ -1079,7 +1061,7 @@ public class HTTPClient implements SSLCertificateApprovalCallback { return true; } - public static void main(String args[]) throws UnsupportedEncodingException { + public static void main(String args[]) throws Exception { HTTPClient hc = new HTTPClient(); HTTPResponse hr = null; @@ -1190,8 +1172,8 @@ public class HTTPClient implements SSLCertificateApprovalCallback { // ssl client auth call hr = hc.sslConnectClientAuth(cs_hostname, cs_port, - client_cert_nickname, - uri, query); + client_cert_nickname, + uri, query); } else { diff --git a/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java b/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java index 972f7f084..2c13a6b11 100644 --- a/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java +++ b/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java @@ -32,12 +32,11 @@ public class ChallengeException extends Exception { return _res.getAttributeSet(); } - public String getState() { - return ((StateAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.STATE))).getString(); + public StateAttribute getState() { + return (StateAttribute) _res.getAttributeSet().getAttributeByType(Attribute.STATE); } - public String getReplyMessage() { - return ((ReplyMessageAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE))) - .getString(); + public ReplyMessageAttribute getReplyMessage() { + return (ReplyMessageAttribute) _res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE); } } diff --git a/base/util/src/com/netscape/cmsutil/radius/RejectException.java b/base/util/src/com/netscape/cmsutil/radius/RejectException.java index f312ef2a4..79678fb32 100644 --- a/base/util/src/com/netscape/cmsutil/radius/RejectException.java +++ b/base/util/src/com/netscape/cmsutil/radius/RejectException.java @@ -32,8 +32,8 @@ public class RejectException extends Exception { return _res.getAttributeSet(); } - public String getReplyMessage() { - return ((ReplyMessageAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE))) - .getString(); + public ReplyMessageAttribute getReplyMessage() { + return (ReplyMessageAttribute) _res.getAttributeSet().getAttributeByType( + Attribute.REPLY_MESSAGE); } } diff --git a/base/util/src/netscape/security/extensions/NSCertTypeExtension.java b/base/util/src/netscape/security/extensions/NSCertTypeExtension.java index 22197be9b..1a240f1ce 100644 --- a/base/util/src/netscape/security/extensions/NSCertTypeExtension.java +++ b/base/util/src/netscape/security/extensions/NSCertTypeExtension.java @@ -24,6 +24,7 @@ import java.security.cert.CertificateException; import java.util.Enumeration; import java.util.Vector; +import netscape.security.util.BitArray; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; @@ -241,8 +242,11 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { this.extensionValue = extValue; DerValue val = new DerValue(extValue); - - this.mBitString = val.getUnalignedBitString().toByteArray(); + BitArray bitArray = val.getUnalignedBitString(); + if (bitArray == null) { + throw new IOException("Invalid Encoded DER Value"); + } + this.mBitString = bitArray.toByteArray(); } /** diff --git a/base/util/src/netscape/security/util/DerInputBuffer.java b/base/util/src/netscape/security/util/DerInputBuffer.java index 429bf4d6a..e1cdcf6fb 100644 --- a/base/util/src/netscape/security/util/DerInputBuffer.java +++ b/base/util/src/netscape/security/util/DerInputBuffer.java @@ -52,10 +52,10 @@ class DerInputBuffer extends ByteArrayInputStream implements Cloneable { } } - byte[] toByteArray() { + byte[] toByteArray() throws IOException { int len = available(); if (len <= 0) - return null; + throw new IOException("No Buffer Space Available."); byte[] retval = new byte[len]; System.arraycopy(buf, pos, retval, 0, len); diff --git a/base/util/src/netscape/security/util/DerInputStream.java b/base/util/src/netscape/security/util/DerInputStream.java index b8c1c8c93..ff1c54ba2 100644 --- a/base/util/src/netscape/security/util/DerInputStream.java +++ b/base/util/src/netscape/security/util/DerInputStream.java @@ -112,8 +112,9 @@ public class DerInputStream { /** * Return what has been written to this DerInputStream * as a byte array. Useful for debugging. + * @throws IOException */ - public byte[] toByteArray() { + public byte[] toByteArray() throws IOException { return buffer.toByteArray(); } diff --git a/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java b/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java index 67ace692e..0f8c8835c 100644 --- a/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java +++ b/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java @@ -195,6 +195,9 @@ public class IssuingDistributionPointExtension extends Extension opt.resetTag(DerValue.tag_BitString); try { BitArray reasons = opt.getUnalignedBitString(); + if (reasons == null) { + throw new IOException("Unable to get the unaligned bit string."); + } issuingDistributionPoint.setOnlySomeReasons(reasons); @SuppressWarnings("unused") diff --git a/base/util/test/com/netscape/security/util/JSSUtil.java b/base/util/test/com/netscape/security/util/JSSUtil.java index bbbabbf14..5c7ddcddb 100644 --- a/base/util/test/com/netscape/security/util/JSSUtil.java +++ b/base/util/test/com/netscape/security/util/JSSUtil.java @@ -68,6 +68,10 @@ public class JSSUtil { default: throw new Exception("Unsupported tag: " + tag); } - return ASN1Util.decode(new Tag(Tag.UNIVERSAL, tag), template, bytes).toString(); + ASN1Value asnValue = ASN1Util.decode(new Tag(Tag.UNIVERSAL, tag), template, bytes); + if (asnValue == null) { + throw new Exception("Cannot decode the given bytes."); + } + return asnValue.toString(); } } -- cgit