GUACAMOLE-362: Deal gracefully with situations where password cannot be decrypted.

2025-09-06 05:07:41 +00:00 · 2017-08-27 20:55:27 -04:00
parent 36489ff403
commit ed4c025a2e
2 changed files with 15 additions and 4 deletions
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
@@ -173,10 +173,15 @@ public class AuthenticationProviderService {

            final Cipher cipher = confService.getClearpassCipher();

-            // Decrypt and return a new string.
+            if (cipher != null) {
+
+                // Decode and decrypt, and return a new string.
                final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword);
                final byte[] cipherData = cipher.doFinal(pass64);
                return new String(cipherData);
+
+            }
+
        }
        catch (Throwable t) {
            logger.error("Failed to decrypt the data, password token will not be available.");
@@ -184,6 +189,9 @@ public class AuthenticationProviderService {
            return null;
        }

+        logger.warn("Encrypted password provided by CAS, but no Private Key was available to decrypt it.");
+        return null;
+
    }

 }
--- a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
@@ -47,6 +47,9 @@ public abstract class CipherGuacamoleProperty implements GuacamoleProperty<Ciphe
    @Override
    public Cipher parseValue(String value) throws GuacamoleException {

+        if (value == null || value.isEmpty())
+            return null;
+
        try {

            final Environment environment = new LocalEnvironment();