From e46ebb2b8645b180b1896c13cd4d2370666f59ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C4=ABga?= <72249435+liga-oz@users.noreply.github.com> Date: Fri, 25 Aug 2023 10:01:02 +0200 Subject: [PATCH] Fix NPE when accessing XsuaaToken.getPrincipal() and grantType is null (#1271) --- .../sap/cloud/security/token/XsuaaToken.java | 10 +++---- .../cloud/security/token/XsuaaTokenTest.java | 27 +++++++++++++------ 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/java-security/src/main/java/com/sap/cloud/security/token/XsuaaToken.java b/java-security/src/main/java/com/sap/cloud/security/token/XsuaaToken.java index 7019575be..c93fcc068 100644 --- a/java-security/src/main/java/com/sap/cloud/security/token/XsuaaToken.java +++ b/java-security/src/main/java/com/sap/cloud/security/token/XsuaaToken.java @@ -107,15 +107,13 @@ public Set getScopes() { @Override public Principal getPrincipal() { + GrantType grantType = getGrantType(); String principalName; - switch (getGrantType()) { - case CLIENT_CREDENTIALS: - case CLIENT_X509: + + if (grantType != null && (grantType.equals(GrantType.CLIENT_CREDENTIALS) || grantType.equals(GrantType.CLIENT_X509))) { principalName = String.format(UNIQUE_CLIENT_NAME_FORMAT, getClientId()); - break; - default: + } else { principalName = getUniquePrincipalName(getClaimAsString(ORIGIN), getClaimAsString(USER_NAME)); - break; } return createPrincipalByName(principalName); } diff --git a/java-security/src/test/java/com/sap/cloud/security/token/XsuaaTokenTest.java b/java-security/src/test/java/com/sap/cloud/security/token/XsuaaTokenTest.java index 96787fd14..3853671e0 100644 --- a/java-security/src/test/java/com/sap/cloud/security/token/XsuaaTokenTest.java +++ b/java-security/src/test/java/com/sap/cloud/security/token/XsuaaTokenTest.java @@ -13,16 +13,18 @@ import java.io.IOException; +import static com.sap.cloud.security.token.TokenClaims.USER_NAME; import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; import static java.nio.charset.StandardCharsets.UTF_8; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.when; public class XsuaaTokenTest { - private XsuaaToken clientCredentialsToken; - private XsuaaToken userToken; + private final XsuaaToken clientCredentialsToken; + private final XsuaaToken userToken; public XsuaaTokenTest() throws IOException { clientCredentialsToken = new XsuaaToken( @@ -32,13 +34,9 @@ public XsuaaTokenTest() throws IOException { @Test public void constructor_raiseIllegalArgumentExceptions() { - assertThatThrownBy(() -> { - new XsuaaToken(""); - }).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("jwtToken must not be null / empty"); + assertThatThrownBy(() -> new XsuaaToken("")).isInstanceOf(IllegalArgumentException.class).hasMessageContaining("jwtToken must not be null / empty"); - assertThatThrownBy(() -> { - new XsuaaToken("abc"); - }).isInstanceOf(IllegalArgumentException.class) + assertThatThrownBy(() -> new XsuaaToken("abc")).isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("JWT token does not consist of 'header'.'payload'.'signature'."); } @@ -80,6 +78,19 @@ public void getClientPrincipal() { assertThat(clientCredentialsToken.getPrincipal().getName()).isEqualTo("client/sap_osb"); } + @Test + public void getPrincipalGrantTypeIsNull() { + XsuaaToken tokenMock = Mockito.mock(XsuaaToken.class); + Mockito.when(tokenMock.getGrantType()).thenReturn(null); + Mockito.when(tokenMock.getClaimAsString(ORIGIN)).thenReturn("sap"); + Mockito.when(tokenMock.getClaimAsString(USER_NAME)).thenReturn("user"); + Mockito.when(tokenMock.getPrincipal()).thenCallRealMethod(); + Mockito.when(tokenMock.createPrincipalByName(anyString())).thenCallRealMethod(); + + assertThat(tokenMock.getPrincipal()).isNotNull(); + assertThat(tokenMock.getPrincipal().getName()).isEqualTo("user/sap/user"); + } + @Test public void getGrantType() { assertThat(clientCredentialsToken.getGrantType()).isEqualTo(GrantType.CLIENT_CREDENTIALS);