From fb26edfd7275b479531d2cc1fb715e114622f11e Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Fri, 03 Apr 2009 14:10:46 +0000
Subject: [PATCH] This fix prevents a null certificate from being passed into the MessageDigest digest() method. That method throws a NPE if the certificate is null. This fix is related to: Issue 3119 NPE when disabling referential integrity plugin.
---
opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java b/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java
index 9c61fdb..7e6a94c 100644
--- a/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java
+++ b/opends/src/server/org/opends/server/crypto/CryptoManagerImpl.java
@@ -489,11 +489,13 @@
* from the ADS backed keystore). If the certificate entry does not
* yet exist in the truststore backend, the truststore is signaled
* to initialized that entry, and the newly generated certificate
- * is then retrieved and returned.
+ * is then retrieved and returned. The certificate returned can never
+ * be null.
+ *
* @return This instance's instance-key public-key certificate from
* the local truststore backend.
* @throws CryptoManagerException If the certificate cannot be
- * retrieved.
+ * retrieved, or, was not able to be initialized by the trust-store.
*/
static byte[] getInstanceKeyCertificateFromLocalTruststore()
throws CryptoManagerException {
@@ -572,6 +574,13 @@
ERR_CRYPTOMGR_FAILED_TO_RETRIEVE_INSTANCE_CERTIFICATE.get(
entryDN.toString(), getExceptionMessage(ex)), ex);
}
+ //The certificate can never be null. The Message digest code that will
+ //use it later throws a NPE if the certificate is null.
+ if(certificate == null) {
+ Message msg =
+ ERR_CRYPTOMGR_FAILED_INSTANCE_CERTIFICATE_NULL.get(entryDN.toString());
+ throw new CryptoManagerException(msg);
+ }
return(certificate);
}
--
Gitblit v1.10.0