Fix NPE when key null and using JWT tokens with RS256 or ES256 algori…

…thms(#59) thanks to @DolphFlynn
ozzi- · Jan 7, 2022 · 6d02b00 · 6d02b00
1 parent 80198fa
commit 6d02b00
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 2 deletions.
diff --git a/src/app/algorithm/AlgorithmLinker.java b/src/app/algorithm/AlgorithmLinker.java
@@ -19,6 +19,8 @@
 import app.helpers.KeyHelper;
 import app.helpers.Output;
 
+import static org.apache.commons.lang.StringUtils.isNotEmpty;
+
 public class AlgorithmLinker {
 
   public static final String[] keyBeginMarkers = new String[]{"-----BEGIN PUBLIC KEY-----",
@@ -53,7 +55,7 @@ public class AlgorithmLinker {
 
   private static PublicKey generatePublicKeyFromString(String key, String algorithm) {
     PublicKey publicKey = null;
-    if (key.length() > 1) {
+    if (isNotEmpty(key)) {
       key = cleanKey(key);
       byte[] keyByteArray = java.util.Base64.getDecoder().decode(key);
       try {

diff --git a/src/app/helpers/KeyHelper.java b/src/app/helpers/KeyHelper.java
@@ -16,6 +16,8 @@
 import app.algorithm.AlgorithmLinker;
 import app.algorithm.AlgorithmType;
 
+import static org.apache.commons.lang.StringUtils.isNotEmpty;
+
 public class KeyHelper {
 
   public static final String[] keyHeaderBeginMarkers = new String[]{"-----BEGIN PUBLIC KEY-----",
@@ -52,7 +54,7 @@ public static String getRandomKey(String algorithm) {
 
   public static PrivateKey generatePrivateKeyFromString(String key, String algorithm) {
     PrivateKey privateKey = null;
-    if (key.length() > 1) {
+    if (isNotEmpty(key)) {
       key = cleanKey(key);
       try {
         byte[] keyByteArray = Base64.decodeBase64(key);

diff --git a/test/app/TestAlgorithmLinker.java b/test/app/TestAlgorithmLinker.java
@@ -1,6 +1,7 @@
 package app;
 
 import java.io.UnsupportedEncodingException;
+import java.security.Key;
 
 import org.junit.Test;
 
@@ -11,6 +12,8 @@
 import app.algorithm.AlgorithmLinker;
 import model.CustomJWToken;
 
+import static org.junit.Assert.assertNull;
+
 public class TestAlgorithmLinker {
 
 	@Test
@@ -44,4 +47,32 @@ public void testESWithFalseKey() throws IllegalArgumentException, UnsupportedEnc
 		DecodedJWT test = verifier.verify(TestTokens.es256_token);
 		test.getAlgorithm();
 	}
+
+	@Test
+	public void testGetKeyInstanceWithNullKeyForPublicRSA() {
+		Key key = AlgorithmLinker.getKeyInstance(null, "RSA", false);
+
+		assertNull(key);
+	}
+
+	@Test
+	public void testGetKeyInstanceWithNullKeyForPublicEC() {
+		Key key = AlgorithmLinker.getKeyInstance(null, "EC", false);
+
+		assertNull(key);
+	}
+
+	@Test
+	public void testGetKeyInstanceWithNullKeyForPrivateRSA() {
+		Key key = AlgorithmLinker.getKeyInstance(null, "RSA", true);
+
+		assertNull(key);
+	}
+
+	@Test
+	public void testGetKeyInstanceWithNullKeyForPrivateEC() {
+		Key key = AlgorithmLinker.getKeyInstance(null, "EC", true);
+
+		assertNull(key);
+	}
 }