Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-12354

org.apache.solr.security.PKIAuthenticationPlugin does not check response code when retrieving remotePublicKey

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.6.2, 6.6.3
    • Fix Version/s: 7.4, 8.0
    • Component/s: Authentication
    • Labels:
      None

      Description

      in decipherHeader(), if keyCache does not contain the key of interest, then a remote call is made to retrieve the key from the remote host, by calling getRemotePublicKey, which fails if the server returns an html error page.

      e.g.:

      org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0 BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930) ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44) ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37) ~[noggit-0.6.jar:?]

        Attachments

        1. SOLR-12354.patch
          18 kB
          Noble Paul

          Activity

            People

            • Assignee:
              noble.paul Noble Paul
              Reporter:
              hamadaCA hamada
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: