Fix NPE

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
2023-08-10 14:59:25 +00:00 · 2023-08-10 14:59:25 +00:00 · 85cace1142
commit 85cace1142
parent 5f372b8483
2 changed files with 35 additions and 2 deletions
--- a/core/src/main/java/org/keycloak/jose/jwk/JWKParser.java
+++ b/core/src/main/java/org/keycloak/jose/jwk/JWKParser.java
@ -79,9 +79,23 @@ public class JWKParser {
    }

    private PublicKey createECPublicKey() {
+        /* Check if jwk.getOtherClaims return an empty map */
+        if (jwk.getOtherClaims().size() == 0) {
+            throw new RuntimeException("JWK Otherclaims map is empty.");
+        }
+
+        /* Try retrieving the necessary fields */
        String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV);
-        BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X)));
-        BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y)));
+        String xStr = (String) jwk.getOtherClaims().get(ECPublicJWK.X);
+        String yStr = (String) jwk.getOtherClaims().get(ECPublicJWK.Y);
+
+        /* Check if the retrieving of necessary fields success */
+        if (crv == null || xStr == null || yStr == null) {
+            throw new RuntimeException("Fail to retrieve ECPublicJWK.CRV, ECPublicJWK.X or ECPublicJWK.Y field.");
+        }
+
+        BigInteger x = new BigInteger(1, Base64Url.decode(xStr));
+        BigInteger y = new BigInteger(1, Base64Url.decode(yStr));

        String name;
        switch (crv) {
--- a/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java
+++ b/core/src/test/java/org/keycloak/jose/jwk/JWKTest.java
@ -27,6 +27,7 @@ import org.keycloak.common.util.KeyUtils;
 import org.keycloak.common.util.PemUtils;
 import org.keycloak.crypto.JavaAlgorithm;
 import org.keycloak.crypto.KeyType;
+import org.keycloak.crypto.KeyUse;
 import org.keycloak.common.crypto.CryptoIntegration;
 import org.keycloak.rule.CryptoInitRule;
 import org.keycloak.util.JsonSerialization;
@ -47,6 +48,7 @@ import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 import static org.keycloak.common.util.CertificateUtils.generateV1SelfSignedCertificate;

 /**
@ -207,6 +209,23 @@ public abstract class JWKTest {
        assertEquals("X.509", key.getFormat());
    }

+    @Test
+    public void emptyEcOverclaim() throws Exception {
+        JWKBuilder builder = JWKBuilder.create();
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
+        KeyPair keyPair = generator.generateKeyPair();
+        JWK jwk = builder.ec(keyPair.getPublic(), KeyUse.ENC);
+        JWKParser parser = new JWKParser(jwk);
+
+        try {
+            parser.toPublicKey();
+        } catch (NullPointerException e) {
+            fail("NullPointerException is thrown: " + e.getMessage());
+        } catch (RuntimeException e) {
+            // Other runtime exception is expected.
+        }
+    }
+
    private byte[] sign(byte[] data, String javaAlgorithm, PrivateKey key) throws Exception {
        Signature signature = Signature.getInstance(javaAlgorithm);
        signature.initSign(key);