New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitise and UTF-8 url decode cert before base64 decoding #2438
Conversation
private X509Certificate parseCertificate(String content) throws CertificateException, UnsupportedEncodingException { | ||
|
||
if (log.isDebugEnabled()) { | ||
log.debug("Trying to parse the client certificate: " + content); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need to log certifiate now?ince we know the reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed with 15b4763
PR builder started |
PR builder completed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/8872652153
PR builder started |
PR builder completed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/8873407180
Purpose
There is a bug in
CertificateBasedTokenBinder
when decoding the certificates passed via a header which contains whitespaces, newlines and url encoded certs. This throws a 500 server error. This PR fixes this by sanitising and url decoding before base64 decoding.Related Issues
wso2/product-is#20229