Fix NPE if message does not contain a subject - addresses SIDP-104

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2506 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
index e35fb32..da25b73 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
@@ -28,6 +28,7 @@ import org.opensaml.saml1.core.Request;
 import org.opensaml.saml1.core.Response;
 import org.opensaml.saml1.core.Statement;
 import org.opensaml.saml1.core.StatusCode;
+import org.opensaml.saml1.core.Subject;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
@@ -172,7 +173,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             }
             AttributeQuery query = request.getAttributeQuery();
             if (query != null) {
-                requestContext.setSubjectNameIdentifier(query.getSubject().getNameIdentifier());
+                Subject subject = query.getSubject();
+                if(subject == null){
+                    log.error("Attribute query did not contain a proper subject");
+                    requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER, null,
+                            "Attribute query did not contain a proper subject"));
+                    throw new ProfileException("Attribute query did not contain a proper subject");
+                }
+                requestContext.setSubjectNameIdentifier(subject.getNameIdentifier());
             }
 
             String relyingPartyId = requestContext.getInboundMessageIssuer();

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
index 6de59f6..8c9fcef 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
@@ -27,6 +27,7 @@ import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Statement;
 import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
@@ -168,7 +169,14 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             // Set as much information as can be retrieved from the decoded message
             AttributeQuery query = requestContext.getInboundSAMLMessage();
             if (query != null) {
-                requestContext.setSubjectNameIdentifier(query.getSubject().getNameID());
+                Subject subject = query.getSubject();
+                if(subject == null){
+                    log.error("Attribute query did not contain a proper subject");
+                    requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER_URI, null,
+                            "Attribute query did not contain a proper subject"));
+                    throw new ProfileException("Attribute query did not contain a proper subject");
+                }
+                requestContext.setSubjectNameIdentifier(subject.getNameID());
             }
 
             String relyingPartyId = requestContext.getInboundMessageIssuer();