From ed4c025a2e642899427a1866a418d119ebff3bf8 Mon Sep 17 00:00:00 2001
From: Nick Couchman <vnick@apache.org>
Date: Sun, 27 Aug 2017 20:55:27 -0400
Subject: [PATCH] GUACAMOLE-362: Deal gracefully with situations where password
 cannot be decrypted.

---
 .../auth/cas/AuthenticationProviderService.java  | 16 ++++++++++++----
 .../properties/CipherGuacamoleProperty.java      |  3 +++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
index b7ebdf768..da32f72eb 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
@@ -173,10 +173,15 @@ public class AuthenticationProviderService {
 
             final Cipher cipher = confService.getClearpassCipher();
 
-            // Decrypt and return a new string.
-            final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword);
-            final byte[] cipherData = cipher.doFinal(pass64);
-            return new String(cipherData);
+            if (cipher != null) {
+
+                // Decode and decrypt, and return a new string.
+                final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword);
+                final byte[] cipherData = cipher.doFinal(pass64);
+                return new String(cipherData);
+
+            }
+
         }
         catch (Throwable t) {
             logger.error("Failed to decrypt the data, password token will not be available.");
@@ -184,6 +189,9 @@ public class AuthenticationProviderService {
             return null;
         }
 
+        logger.warn("Encrypted password provided by CAS, but no Private Key was available to decrypt it.");
+        return null;
+
     }
 
 }
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
index e2f95ec76..d4d763f7f 100644
--- a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
@@ -47,6 +47,9 @@ public abstract class CipherGuacamoleProperty implements GuacamoleProperty<Ciphe
     @Override
     public Cipher parseValue(String value) throws GuacamoleException {
 
+        if (value == null || value.isEmpty())
+            return null;
+
         try {
 
             final Environment environment = new LocalEnvironment();