Skip to content

Commit

Permalink
NullPointerException when importing a certificate without critical ex…
Browse files Browse the repository at this point in the history 
…tensions (#932)

- Modifies production code to allow importing certificates with no extensions
- Adds new test certificate with no extensions
- Implements new test case

Updates #930
{patch}

Signed-off-by: Esta Nagy <nagyesta@gmail.com>
  • Loading branch information
@nagyesta
nagyesta committed Apr 4, 2024
1 parent c6d92d7 commit 9ad20a2
Show file tree
Hide file tree
Showing 3 changed files with 71 additions and 5 deletions.
10 changes: 5 additions & 5 deletions ...n/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/CertificateGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,7 @@
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.*;
import java.util.stream.Collectors;
import java.util.stream.Stream;

Expand Down Expand Up @@ -208,7 +205,10 @@ private void addAttributeBasedOnCertificate(
final PKCS10CertificationRequestBuilder builder,
final X509Certificate certificate,
final ASN1ObjectIdentifier extension) {
addAttributeQuietly(builder, extension, certificate.getCriticalExtensionOIDs().contains(extension.getId()),
addAttributeQuietly(builder, extension,
Optional.ofNullable(certificate.getCriticalExtensionOIDs())
.map(criticalExtensions -> criticalExtensions.contains(extension.getId()))
.orElse(false),
certificate.getExtensionValue(extension.getId()));
}

Expand Down
21 changes: 21 additions & 0 deletions ...com/github/nagyesta/lowkeyvault/controller/v7_3/CertificateControllerIntegrationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,27 @@ void testImportCertificateShouldReturnModelWhenCalledWithValidPemData() {
Assertions.assertTrue(body.getId().contains(name));
}

@Test
void testImportCertificateShouldReturnModelWhenCalledWithValidPemDataWithoutAnyExtensions() {
//given
final CertificateImportRequest request = getCreateImportRequest("/cert/no-ext-rsa.pem", CertContentType.PEM);
final String name = CERT_NAME_3 + "-import-pem-no-ext";

//when
final ResponseEntity<KeyVaultCertificateModel> actual = underTest
.importCertificate(name, VAULT_URI_1, request);

//then
Assertions.assertEquals(OK, actual.getStatusCode());
final KeyVaultCertificateModel body = actual.getBody();
Assertions.assertNotNull(body);
Assertions.assertNotNull(body.getCertificate());
Assertions.assertNotNull(body.getThumbprint());
Assertions.assertEquals(Collections.emptyMap(), body.getTags());
Assertions.assertTrue(body.getId().startsWith(VAULT_URI_1.toString()));
Assertions.assertTrue(body.getId().contains(name));
}

@Test
void testImportCertificateShouldReturnModelWhenCalledWithValidPkcs12Data() {
//given
Expand Down
45 changes: 45 additions & 0 deletions lowkey-vault-app/src/test/resources/cert/no-ext-rsa.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDlDtLzMzQK39Me
vEztuJL6p1vGpYT4/QkJ3TPP5Lnv1QJO7H/0T3EdYfJAPiuRwQ5Igr+7eKlMKxAd
f7rLCqVu5DUXwa20y9ovy7bllsiwf9bZK+dmLFTrPQ5XkCCjAH2pPf4JqT0yEN/m
0ajqVC9FEJPkyw3H2BeGDuzVV3x1PZL4+JEjwRU58uGjPpB+CUFQntKrllEl59nr
deQomkjsKelbx02Z/I2Xr+xdoUKneIh57WIHQFouiBJjru7QW5rqiZnmgbhjfIZz
QjsyHDtYygIW0V9+9ge1avESF2EFW+nfemZcAyTLXKfhwMRbKSByxVAU+QLe9eZ9
muIFpwFHAgMBAAECggEAH51nrUyMatHQzGW2AnuewbzWtHjE/S7DkBp5W8DYjwsp
6eXHlVtfo+wQaSCLl+76/zQYrZHuYAZzj3bBO+QIyGD0GQbQ6GrYfw9Re6fPpFjI
uSnPovEMeXlwYNKSRp07OuBFD2VN/nqIxM18UHd1HMW4e/QwvzwKpySpOJr+IRov
MWTWZuHLTuKEktb3TH6mbTuv62BBaMD/5/nDaEh0u33PuDf/bI43t7v3/0v1KRIA
uK5vXOGA7s1TyujYTzO3waZGQ+UduXk69pLTT6AmvVax8rs3/dvjpA5JKWRPyMNu
Ucf4q8IVmFIJFyQBOiGZU7Xa+J2PVDM/2m4mWI44vQKBgQD3wfdPEMAtNaiji8G4
qE+wvhwNq/hMLQoBl2jely2y/KNLHLOFU3mh2zIpvdolPshExU+HetQeOozS26qU
cwMJhXnT3LbgwmrVk0RnmUHE8+fA5CgFFGXu4a6oq1D+zHwJW9cIyYIrmldjbW+Y
3DrtAReQp4anYehmb9frCCeBhQKBgQDsrZnWJ6hx7JtQH64G5rFm6n8dRMfluidB
Fiam5hAyCIdj9XkyO/cTeQeYcpTwEcGa3lexgKrXktgColyXJ5Y1oaAraLCwPss8
iJpWHDcYvsGzMqgk4czGbeGFcUaG+8epsD88lJ6CkaqB5+IMX+cntFLA9OVrDAAu
0uFoxSJLWwKBgQC4cmjBLgFEJwxzJRqFdJhPRljwPLTPUUB/ys7B196nv7l5s9Za
TbjhrKP9u19qFwFVYWdBv0mnb4NjfzHQ7oa2Ue5OsaRcU6Dhe4+TaN8z1zkTu0en
8HWqj81NuKzF5En7VaoS2qHUAEVKujA4pswfoY5/nJh8iEFR8bXXPezbWQKBgFsb
iLiTk5gnSLJTP56Qd4HyivQtYfXg7vNzH3Xn4hwghF3KRNk9lCL+2BmrIgI4E5sW
NBO0QA+0C0sYTSQyrPQAP7P2HO37fijTPPYg7mSsKcxdl7R652ULL2E69bdIfNep
bO5ZF5uTj1tqc+3njQgPtjtpCldmyzs7GmJGYKk5AoGBAKn1gH/hhS07xQsy6ggP
fk/HUUCym/njJfiGlOQklIQRBBKj+y1zOQJJj+oNbJGjI5yH0S2BHFNKNrdHOiat
aaPjqUBmTEVK8wCycmQH/IlCcmjz72/RMuQZs5Ld/VGJpnSxT8iS2tim2eWQLuDh
JVlsHJfJ7wdGruqToOFvoxa6
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICyTCCAbECFFNfBU1MxMcC7ErLQXahCm0tHf1rMA0GCSqGSIb3DQEBCwUAMCEx
HzAdBgNVBAMMFm5vbi1jcml0aWNhbC5sb2NhbGhvc3QwHhcNMjQwNDA0MjAxNjM5
WhcNMzQwNDAyMjAxNjM5WjAhMR8wHQYDVQQDDBZub24tY3JpdGljYWwubG9jYWxo
b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Q7S8zM0Ct/THrxM
7biS+qdbxqWE+P0JCd0zz+S579UCTux/9E9xHWHyQD4rkcEOSIK/u3ipTCsQHX+6
ywqlbuQ1F8GttMvaL8u25ZbIsH/W2SvnZixU6z0OV5AgowB9qT3+Cak9MhDf5tGo
6lQvRRCT5MsNx9gXhg7s1Vd8dT2S+PiRI8EVOfLhoz6QfglBUJ7Sq5ZRJefZ63Xk
KJpI7CnpW8dNmfyNl6/sXaFCp3iIee1iB0BaLogSY67u0Fua6omZ5oG4Y3yGc0I7
Mhw7WMoCFtFffvYHtWrxEhdhBVvp33pmXAMky1yn4cDEWykgcsVQFPkC3vXmfZri
BacBRwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQC/pcStGC32vqmgsjtLNdJiP1FO
P0NXfOTc01PBTCKrAJPUYPagKpt8sj7F6Iakhz0vTQ0100jYFfqfwJNfdsZ4CbOG
qbUFn5yUxl9j7t+lgFYpJVIB9BxLS+KpX6DyVnTt/xK9clw2SUwZdV2Qy+OoB1OE
irbtGl/Y8fG3RzsGPsSu0bkohPTTWrFl+VXUIm8a3AHGOfoQuexpfzEyHV9ZVRP5
kzHTSH5Bm5E8tnXRcqCgXTOB97szqNX6HkRmJ3Oj+lfsA76Zcjc788THIBssQ+ug
gpRzcVoGoAmm83Qx0CtMpejt+DIWm1DiKNzdUWmZT199nOIV9DR0t7XSP2+h
-----END CERTIFICATE-----

0 comments on commit 9ad20a2

Please sign in to comment.