GUACAMOLE-362: Merge changes addressing InputStream leak when reading CAS ClearPass private key.

2025-09-06 13:17:41 +00:00 · 2017-10-28 22:20:53 -07:00
parent 1a7f85ae51 32ccde08d2
commit 393c70f236
1 changed files with 29 additions and 22 deletions
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/PrivateKeyGuacamoleProperty.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/PrivateKeyGuacamoleProperty.java
@@ -49,38 +49,45 @@ public abstract class PrivateKeyGuacamoleProperty implements GuacamoleProperty<P
        if (value == null || value.isEmpty())
            return null;
        FileInputStream keyStreamIn = null;
        try {
            try {
-            // Open and read the file specified in the configuration.
+                // Open and read the file specified in the configuration.
-            File keyFile = new File(value);
+                File keyFile = new File(value);
-            FileInputStream keyStreamIn = new FileInputStream(keyFile);
+                keyStreamIn = new FileInputStream(keyFile);
-            ByteArrayOutputStream keyStreamOut = new ByteArrayOutputStream();
+                ByteArrayOutputStream keyStreamOut = new ByteArrayOutputStream();
-            byte[] keyBuffer = new byte[1024];
+                byte[] keyBuffer = new byte[1024];
-            for (int readBytes; (readBytes = keyStreamIn.read(keyBuffer)) != -1;)
+                for (int readBytes; (readBytes = keyStreamIn.read(keyBuffer)) != -1;)
-                keyStreamOut.write(keyBuffer, 0, readBytes);
+                    keyStreamOut.write(keyBuffer, 0, readBytes);
-            final byte[] keyBytes = keyStreamOut.toByteArray();
+                final byte[] keyBytes = keyStreamOut.toByteArray();
-            // Set up decryption infrastructure
+                // Set up decryption infrastructure
-            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
-            KeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
+                KeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
-            return keyFactory.generatePrivate(keySpec);
+                return keyFactory.generatePrivate(keySpec);
-        }
+            }
-        catch (FileNotFoundException e) {
+            catch (FileNotFoundException e) {
-            throw new GuacamoleServerException("Could not find the specified key file.", e);
+                throw new GuacamoleServerException("Could not find the specified key file.", e);
            }
            catch (NoSuchAlgorithmException e) {
                throw new GuacamoleServerException("RSA algorithm is not available.", e);
            }
            catch (InvalidKeySpecException e) {
                throw new GuacamoleServerException("Key is not in expected PKCS8 encoding.", e);
            }
            finally {
                if (keyStreamIn != null)
                    keyStreamIn.close();
            }
        }
        catch (IOException e) {
            throw new GuacamoleServerException("Could not read in the specified key file.", e);
        }
        catch (NoSuchAlgorithmException e) {
            throw new GuacamoleServerException("RSA algorithm is not available.", e);
        }
        catch (InvalidKeySpecException e) {
            throw new GuacamoleServerException("Key is not in expected PKCS8 encoding.", e);
        }
    }
 }