Skip to content

Commit

Permalink
Fix NPE when accessing XsuaaToken.getPrincipal() and grantType is null (
Browse files Browse the repository at this point in the history 
#1271)
  • Loading branch information
@liga-oz
liga-oz authored Aug 25, 2023
1 parent 2ceaf87 commit e46ebb2
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 14 deletions.
10 changes: 4 additions & 6 deletions java-security/src/main/java/com/sap/cloud/security/token/XsuaaToken.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,15 +107,13 @@ public Set<String> getScopes() {

@Override
public Principal getPrincipal() {
GrantType grantType = getGrantType();
String principalName;
switch (getGrantType()) {
case CLIENT_CREDENTIALS:
case CLIENT_X509:

if (grantType != null && (grantType.equals(GrantType.CLIENT_CREDENTIALS) || grantType.equals(GrantType.CLIENT_X509))) {
principalName = String.format(UNIQUE_CLIENT_NAME_FORMAT, getClientId());
break;
default:
} else {
principalName = getUniquePrincipalName(getClaimAsString(ORIGIN), getClaimAsString(USER_NAME));
break;
}
return createPrincipalByName(principalName);
}
Expand Down
27 changes: 19 additions & 8 deletions java-security/src/test/java/com/sap/cloud/security/token/XsuaaTokenTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,18 @@

import java.io.IOException;

import static com.sap.cloud.security.token.TokenClaims.USER_NAME;
import static com.sap.cloud.security.token.TokenClaims.XSUAA.*;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.when;

public class XsuaaTokenTest {

private XsuaaToken clientCredentialsToken;
private XsuaaToken userToken;
private final XsuaaToken clientCredentialsToken;
private final XsuaaToken userToken;

public XsuaaTokenTest() throws IOException {
clientCredentialsToken = new XsuaaToken(
Expand All @@ -32,13 +34,9 @@ public XsuaaTokenTest() throws IOException {

@Test
public void constructor_raiseIllegalArgumentExceptions() {
assertThatThrownBy(() -> {
new XsuaaToken("");
}).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("jwtToken must not be null / empty");
assertThatThrownBy(() -> new XsuaaToken("")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("jwtToken must not be null / empty");

assertThatThrownBy(() -> {
new XsuaaToken("abc");
}).isInstanceOf(IllegalArgumentException.class)
assertThatThrownBy(() -> new XsuaaToken("abc")).isInstanceOf(IllegalArgumentException.class)
.hasMessageContaining("JWT token does not consist of 'header'.'payload'.'signature'.");
}

Expand Down Expand Up @@ -80,6 +78,19 @@ public void getClientPrincipal() {
assertThat(clientCredentialsToken.getPrincipal().getName()).isEqualTo("client/sap_osb");
}

@Test
public void getPrincipalGrantTypeIsNull() {
XsuaaToken tokenMock = Mockito.mock(XsuaaToken.class);
Mockito.when(tokenMock.getGrantType()).thenReturn(null);
Mockito.when(tokenMock.getClaimAsString(ORIGIN)).thenReturn("sap");
Mockito.when(tokenMock.getClaimAsString(USER_NAME)).thenReturn("user");
Mockito.when(tokenMock.getPrincipal()).thenCallRealMethod();
Mockito.when(tokenMock.createPrincipalByName(anyString())).thenCallRealMethod();

assertThat(tokenMock.getPrincipal()).isNotNull();
assertThat(tokenMock.getPrincipal().getName()).isEqualTo("user/sap/user");
}

@Test
public void getGrantType() {
assertThat(clientCredentialsToken.getGrantType()).isEqualTo(GrantType.CLIENT_CREDENTIALS);
Expand Down

0 comments on commit e46ebb2

Please sign in to comment.