KNOX-3232: Handle pac4j cookies with "null" value

Author: bonampak

gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java

@@ -105,7 +105,7 @@ public Optional<String> getSessionId(WebContext context, boolean createSession)
     }
 
     private Object uncompressDecryptBase64(final String v) {
-        if (v != null && !v.isEmpty()) {
+        if (v != null && !v.isEmpty() && !"null".equals(v)) {
             byte[] bytes = Base64.decodeBase64(v);
             EncryptionResult result = EncryptionResult.fromByteArray(bytes);
             byte[] clear = cryptoService.decryptForCluster(this.clusterName,

gateway-provider-security-pac4j/src/test/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStoreTest.java

@@ -24,13 +24,15 @@
 import org.easymock.EasyMock;
 import org.junit.Assert;
 import org.junit.Test;
+import org.pac4j.core.context.Cookie;
 import org.pac4j.core.profile.CommonProfile;
 import org.pac4j.core.util.Pac4jConstants;
 import org.pac4j.jee.context.JEEContext;
 import org.pac4j.saml.profile.SAML2Profile;
 
 import javax.servlet.http.HttpServletResponse;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -44,6 +46,7 @@
 import static org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_ROLES;
 import static org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.PAC4J_SESSION_STORE_EXCLUDE_ROLES_DEFAULT;
 import static org.apache.knox.gateway.pac4j.session.KnoxSessionStore.PAC4J_PASSWORD;
+import static org.apache.knox.gateway.pac4j.session.KnoxSessionStore.PAC4J_SESSION_PREFIX;
 
 public class KnoxSessionStoreTest {
   private static final String CLUSTER_NAME = "knox";
@@ -158,4 +161,29 @@ public void filterConfigParamsTest()
     Assert.assertNotNull(samlProfile.getAttribute("https://knox.apache.org/SAML/Attributes/groups"));
     Assert.assertNotNull(samlProfile.getAttribute("https://knox.apache.org/SAML/Attributes/groups2"));
   }
+
+  @Test
+  public void testNullCookieValue() throws AliasServiceException {
+    final AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
+    EasyMock.expect(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, PAC4J_PASSWORD, true))
+    .andReturn(PAC4J_PASSWORD.toCharArray()).anyTimes();
+    EasyMock.expect(aliasService.getPasswordFromAliasForCluster(CLUSTER_NAME, PAC4J_PASSWORD))
+    .andReturn(PAC4J_PASSWORD.toCharArray()).anyTimes();
+    EasyMock.replay(aliasService);
+
+    final DefaultCryptoService cryptoService = new DefaultCryptoService();
+    cryptoService.setAliasService(aliasService);
+
+    final Map<String, String> sessionStoreConfigs = new HashMap<>();
+
+    final JEEContext mockContext = EasyMock.createNiceMock(JEEContext.class);
+    String keyWithNullValue = "CasClient$attemptedAuthentication";
+    Cookie cookie = new Cookie(PAC4J_SESSION_PREFIX + keyWithNullValue, "null");
+    EasyMock.expect(mockContext.getRequestCookies()).andReturn(Collections.singletonList(cookie));
+    EasyMock.replay(mockContext);
+
+    final KnoxSessionStore sessionStore = new KnoxSessionStore(cryptoService, CLUSTER_NAME, null, sessionStoreConfigs);
+    Assert.assertTrue(sessionStore.get(mockContext, keyWithNullValue).isEmpty());
+  }
+
 }