Fix #516: Fix possible null dereference in ClientEciesEncryptor (#517)

wultra · Aug 31, 2023 · 9afc6b1 · 9afc6b1
1 parent 8829d32
commit 9afc6b1
Showing 1 changed file with 14 additions and 7 deletions.
diff --git a/...n/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.java b/...n/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/ClientEciesEncryptor.java
@@ -149,11 +149,17 @@ public EncryptedRequest encryptRequest(byte[] data) throws EncryptorException {
         this.envelopeKey = envelopeKey;
         this.requestNonce = validator.isUseTimestamp() ? null : requestNonce;
 
+        final Base64.Encoder base64Encoder = Base64.getEncoder();
+        final EciesCryptogram eciesCryptogram = eciesPayload.getCryptogram();
+        if (eciesCryptogram == null) {
+            throw new EncryptorException("The cryptogram value is null.");
+        }
+
         return new EncryptedRequest(
-                Base64.getEncoder().encodeToString(eciesPayload.getCryptogram().getEphemeralPublicKey()),
-                Base64.getEncoder().encodeToString(eciesPayload.getCryptogram().getEncryptedData()),
-                Base64.getEncoder().encodeToString(eciesPayload.getCryptogram().getMac()),
-                validator.isUseNonceForRequest() ? Base64.getEncoder().encodeToString(requestNonce) : null,
+                base64Encoder.encodeToString(eciesCryptogram.getEphemeralPublicKey()),
+                base64Encoder.encodeToString(eciesCryptogram.getEncryptedData()),
+                base64Encoder.encodeToString(eciesCryptogram.getMac()),
+                validator.isUseNonceForRequest() ? base64Encoder.encodeToString(requestNonce) : null,
                 requestTimestamp
         );
     }
@@ -174,9 +180,10 @@ public byte[] decryptResponse(EncryptedResponse response) throws EncryptorExcept
             throw new EncryptorException("Invalid encrypted response object");
         }
 
-        final byte[] mac = Base64.getDecoder().decode(response.getMac());
-        final byte[] encryptedData = Base64.getDecoder().decode(response.getEncryptedData());
-        final byte[] responseNonce = validator.isUseTimestamp() ? Base64.getDecoder().decode(response.getNonce()) : requestNonce;
+        final Base64.Decoder base64Decoder = Base64.getDecoder();
+        final byte[] mac = base64Decoder.decode(response.getMac());
+        final byte[] encryptedData = base64Decoder.decode(response.getEncryptedData());
+        final byte[] responseNonce = validator.isUseTimestamp() ? base64Decoder.decode(response.getNonce()) : requestNonce;
         final Long responseTimestamp = validator.isUseTimestamp() ? response.getTimestamp() : null;
 
         // Build sharedInfo2 with parameters received from the request.