From 453a87987698f83479466450560bbab7ef0ee52e Mon Sep 17 00:00:00 2001
From: Nick Couchman <vnick@apache.org>
Date: Wed, 27 Sep 2017 10:42:20 -0400
Subject: [PATCH] GUACAMOLE-362: Catch exceptions individually and display
 useful error messages.

---
 .../cas/AuthenticationProviderService.java    | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
index 617d3d964..ecb02d277 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
@@ -36,8 +36,10 @@ import java.security.spec.KeySpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Arrays;
 import java.util.Enumeration;
+import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import javax.xml.bind.DatatypeConverter;
@@ -193,9 +195,23 @@ public class AuthenticationProviderService {
             return new String(cipherData);
 
         }
-        catch (Throwable t) {
-            logger.debug("Failed to either convert Base64 or decrypt the password.  CAS Password will not be available inside Guacamole.  Exception is: {}", t);
-            throw new GuacamoleServerException("Failed to decrypt CAS ClearPass password.", t);
+        catch (BadPaddingException e) {
+            throw new GuacamoleServerException("Bad padding when decrypting cipher data.", e);
+        }
+        catch (IllegalBlockSizeException e) {
+            throw new GuacamoleServerException("Illegal block size while opening private key.", e);
+        }
+        catch (InvalidKeyException e) {
+            throw new GuacamoleServerException("Specified private key for ClearPass decryption is invalid.", e);
+        }
+        catch (NoSuchAlgorithmException e) {
+            throw new GuacamoleServerException("Unexpected algorithm for the private key.", e);
+        }
+        catch (NoSuchPaddingException e) {
+            throw new GuacamoleServerException("No such padding tryingto initialize cipher with private key.", e);
+        }
+        finally {
+            logger.debug("Yah.");
         }
 
     }