From d8ca0d4ec803aed059bf3bb332511d57b1ad5111 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 17 Feb 2023 15:27:49 +0100
Subject: [client] Fix NPE when connecting to unknown satellite server

---
 .../dozmod/authentication/FingerprintManager.java  |  10 +-
 .../openslx/dozmod/gui/GraphicalCertHandler.java   | 114 +++++++++++----------
 2 files changed, 68 insertions(+), 56 deletions(-)

(limited to 'dozentenmodul/src')

diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java
index e41e4f28..4ec19dbe 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/FingerprintManager.java
@@ -63,7 +63,10 @@ public class FingerprintManager {
 	 * @return fingerprint, null if unknown
 	 */
 	public static byte[] getKnownFingerprint(String address) {
-		return Base64.getDecoder().decode(prop.getProperty(address));
+		String str = prop.getProperty(address);
+		if (str == null)
+			return null;
+		return Base64.getDecoder().decode(str);
 	}
 
 	/**
@@ -74,7 +77,10 @@ public class FingerprintManager {
 	 * @return fingerprint, null if unknown
 	 */
 	public static byte[] getSuggestedFingerprint(String address) {
-		return Base64.getDecoder().decode(prop.getProperty(address + "_master"));
+		String str = prop.getProperty(address + "_master");
+		if (str == null)
+			return null;
+		return Base64.getDecoder().decode(str);
 	}
 
 }
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java
index 48b6a14a..648a0403 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/gui/GraphicalCertHandler.java
@@ -31,66 +31,72 @@ public class GraphicalCertHandler {
 
 		@Override
 		public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
-			if (certs == null || certs.length == 0) {
-				Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() {
+			try {
+				if (certs == null || certs.length == 0) {
+					Boolean ret = Gui.syncExec(new GuiCallable<Boolean>() {
+						@Override
+						public Boolean run() {
+							return Gui.showMessageBox(null,
+									I18n.GUI.getString("GraphicalCertHandler.Message.warning.noCertificate"),
+									MessageType.WARNING, LOGGER, null);
+						}
+					});
+					if (ret)
+						return;
+					throw new CertificateException("No certificate provided by server");
+				}
+				byte[] encoded = certs[0].getEncoded();
+				MessageDigest md;
+				try {
+					md = MessageDigest.getInstance("SHA-256");
+				} catch (NoSuchAlgorithmException e) {
+					LOGGER.warn("Could not get SHA-256 hash of certificate", e);
+					throw new CertificateException("Could not get SHA-256 hash of certificate");
+				}
+				md.update(encoded);
+				byte[] actualFingerprint = md.digest();
+				final String actualFingerprintReadable = new BigInteger(actualFingerprint).toString(16);
+				// Now check the finger print
+				byte[] expectedFingerprint = FingerprintManager.getKnownFingerprint(address);
+				if (expectedFingerprint == null) {
+					expectedFingerprint = FingerprintManager.getSuggestedFingerprint(address);
+				}
+				final String question;
+				if (expectedFingerprint == null) {
+					// First time we connect to this server, so remember the finger print
+					FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
+					return;
+				} else if (Arrays.equals(actualFingerprint, expectedFingerprint)) {
+					// Known, matches, everything's fine
+					return;
+				} else {
+					byte[] sf = FingerprintManager.getSuggestedFingerprint(address);
+					if (sf != null && Arrays.equals(actualFingerprint, sf)) {
+						// User stored invalid finger print, but master suggests the finger print we found.
+						// It probably changed, the satellite told the master server, but the user doesn't know yet.
+						FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
+						return;
+					}
+					// Known, mismatch, panic!
+					question = I18n.GUI.getString("GraphicalCertHandler.Message.yesNo.fingerprintChanged",
+							address,
+							new BigInteger(expectedFingerprint).toString(16), actualFingerprintReadable);
+				}
+				// Some question needs to be asked
+				Boolean userOk = Gui.syncExec(new GuiCallable<Boolean>() {
 					@Override
 					public Boolean run() {
-						return Gui.showMessageBox(null,
-								I18n.GUI.getString("GraphicalCertHandler.Message.warning.noCertificate"),
-								MessageType.WARNING, LOGGER, null);
+						return Gui.showMessageBox(null, question, MessageType.QUESTION_YESNO, null, null);
 					}
 				});
-				if (ret)
-					return;
-				throw new CertificateException("No certificate provided by server");
-			}
-			byte[] encoded = certs[0].getEncoded();
-			MessageDigest md;
-			try {
-				md = MessageDigest.getInstance("SHA-256");
-			} catch (NoSuchAlgorithmException e) {
-				LOGGER.warn("Could not get SHA-256 hash of certificate", e);
-				throw new CertificateException("Could not get SHA-256 hash of certificate");
-			}
-			md.update(encoded);
-			byte[] actualFingerprint = md.digest();
-			final String actualFingerprintReadable = new BigInteger(actualFingerprint).toString(16);
-			// Now check the finger print
-			byte[] expectedFingerprint = FingerprintManager.getKnownFingerprint(address);
-			if (expectedFingerprint == null) {
-				expectedFingerprint = FingerprintManager.getSuggestedFingerprint(address);
-			}
-			final String question;
-			if (expectedFingerprint == null) {
-				// First time we connect to this server, so remember the finger print
-				FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
-				return;
-			} else if (Arrays.equals(actualFingerprint, expectedFingerprint)) {
-				// Known, matches, everything's fine
-				return;
-			} else {
-				byte[] sf = FingerprintManager.getSuggestedFingerprint(address);
-				if (sf != null && Arrays.equals(actualFingerprint, sf)) {
-					// User stored invalid finger print, but master suggests the finger print we found.
-					// It probably changed, the satellite told the master server, but the user doesn't know yet.
+				if (userOk) {
 					FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
-					return;
-				}
-				// Known, mismatch, panic!
-				question = I18n.GUI.getString("GraphicalCertHandler.Message.yesNo.fingerprintChanged", address,
-						new BigInteger(expectedFingerprint).toString(16), actualFingerprintReadable);
-			}
-			// Some question needs to be asked
-			Boolean userOk = Gui.syncExec(new GuiCallable<Boolean>() {
-				@Override
-				public Boolean run() {
-					return Gui.showMessageBox(null, question, MessageType.QUESTION_YESNO, null, null);
+				} else {
+					throw new CertificateException("Rejected by user");
 				}
-			});
-			if (userOk) {
-				FingerprintManager.saveKnownFingerprint(address, actualFingerprint);
-			} else {
-				throw new CertificateException("Rejected by user");
+			} catch (Throwable t) {
+				LOGGER.warn("Exception when checking cert of satellite", t);
+				throw t;
 			}
 		}
 
-- 
cgit v1.2.3-55-g7522