SIDP-228: Improve error reporting in SAML 2 profile handlers when no encryption key...
authorputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 26 Sep 2008 19:41:44 +0000 (19:41 +0000)
committerputmanb <putmanb@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 26 Sep 2008 19:41:44 +0000 (19:41 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2770 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

doc/RELEASE-NOTES.txt
src/main/java/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java

index 6d13a54..56aaaef 100644 (file)
@@ -28,4 +28,5 @@ Changes in Release 2.1.0
 [SIDP-224] - Add version information in library JAR manifest and provide command line tool to view it
 [SIDP-225] - Credential theft vulnerability in login.jsp
 [SIDP-226] - Cross site scripting vulnerability
-[SIDP-227] - Default relying-party.xml has SAML2-specific security policy rules included in SAML 1 security policies
\ No newline at end of file
+[SIDP-227] - Default relying-party.xml has SAML2-specific security policy rules included in SAML 1 security policies
+[SIDP-228] - Improve error reporting in SAML 2 profile handlers when no encryption key is resolveable for the peer entity ID
\ No newline at end of file
index 17530e8..d48dc24 100644 (file)
@@ -842,9 +842,13 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
         EncryptionParameters dataEncParams = SecurityHelper
                 .buildDataEncryptionParams(null, securityConfiguration, null);
 
-        Credential keyEncryptionCredentials = getKeyEncryptionCredential(peerEntityId);
+        Credential keyEncryptionCredential = getKeyEncryptionCredential(peerEntityId);
+        if (keyEncryptionCredential == null) {
+            log.error("Could not resolve a key encryption credential for peer entity: {}", peerEntityId);
+            throw new SecurityException("Could not resolve key encryption credential");
+        }
         String wrappedJCAKeyAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(dataEncParams.getAlgorithm());
-        KeyEncryptionParameters keyEncParams = SecurityHelper.buildKeyEncryptionParams(keyEncryptionCredentials,
+        KeyEncryptionParameters keyEncParams = SecurityHelper.buildKeyEncryptionParams(keyEncryptionCredential,
                 wrappedJCAKeyAlgorithm, securityConfiguration, null, null);
 
         Encrypter encrypter = new Encrypter(dataEncParams, keyEncParams);