#443 : Better handling of null value in SecurityCheck

eclipse-leshan · Jun 7, 2018 · d4639b8 · d4639b8
1 parent 7ce3ead
commit d4639b8
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/leshan-server-core/src/main/java/org/eclipse/leshan/server/security/SecurityCheck.java b/leshan-server-core/src/main/java/org/eclipse/leshan/server/security/SecurityCheck.java
@@ -123,7 +123,7 @@ private static boolean checkRpkIdentity(String endpoint, Identity clientIdentity
             if (LOG.isDebugEnabled()) {
                 LOG.debug("Invalid rpk for client {}: expected \n'{}'\n but was \n'{}'", endpoint,
                         Hex.encodeHexString(securityInfo.getRawPublicKey().getEncoded()),
-                        Hex.encodeHexString(publicKey.getEncoded()));
+                        publicKey != null ? Hex.encodeHexString(publicKey.getEncoded()) : "null");
             }
             return false;
         } else {
@@ -142,7 +142,7 @@ private static boolean checkX509Identity(String endpoint, Identity clientIdentit
             return false;
         }
 
-        if (!x509CommonName.equals(endpoint)) {
+        if (x509CommonName == null || !x509CommonName.equals(endpoint)) {
             LOG.debug("Invalid certificate common name for client '{}': expected \n'{}'\n but was \n'{}'", endpoint,
                     endpoint, x509CommonName);
             return false;