Skip to content

Commit

Permalink
validate uaadomain earlier in XsuaaJwtDecoder to prevent NPE
Browse files Browse the repository at this point in the history
  • Loading branch information
@finkmanAtSap
finkmanAtSap committed Feb 7, 2024
1 parent b89f98b commit 46e6c2e
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions ...suaa/src/main/java/com/sap/cloud/security/xsuaa/token/authentication/XsuaaJwtDecoder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,8 @@ private Jwt verifyToken(JWT jwt) {
try {
String kid = tokenInfoExtractor.getKid(jwt);
String uaaDomain = tokenInfoExtractor.getUaaDomain(jwt);
validateJwksParameters(kid, uaaDomain);

return verifyToken(jwt.getParsedString(), kid, uaaDomain, getZid(jwt));
} catch (BadJwtException e) {
if (e.getMessage().contains("Couldn't retrieve remote JWK set")
Expand Down Expand Up @@ -168,7 +170,6 @@ private Jwt verifyToken(String token, String kid, String uaaDomain, String zid)
}

try {
canVerifyWithKey(kid, jku);
return verifyWithKey(token, jku, kid);
} catch (JwtValidationException ex) {
throw ex;
Expand All @@ -177,7 +178,7 @@ private Jwt verifyToken(String token, String kid, String uaaDomain, String zid)
}
}

private void canVerifyWithKey(String kid, String uaadomain) {
private void validateJwksParameters(String kid, String uaadomain) {
if (kid != null && uaadomain != null) {
return;
}
Expand Down

0 comments on commit 46e6c2e

Please sign in to comment.