hamada created SOLR-12354:
-----------------------------
Summary: org.apache.solr.security.PKIAuthenticationPlugin does not
check response code when retrieving remotePublicKey
Key: SOLR-12354
URL: https://issues.apache.org/jira/browse/SOLR-12354
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: Authentication
Affects Versions: 6.6.3, 6.6.2
Reporter: hamada
in decipherHeader(), if keyCache does not contain the key of interest, then a
remote call is made to retrieve the key from the remote host, by callingÂ
getRemotePublicKey, which fails if the server returns an html error page.
e.g.:
org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0
BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at
org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at
org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712)
~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886)
~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930)
~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44)
~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37)
~[noggit-0.6.jar:?]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
