#120: added null check for custom JDKs

Password4j · Aug 20, 2023 · ef9a125 · ef9a125
1 parent 2b01e8c
commit ef9a125
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 5 deletions.
diff --git a/pom.xml b/pom.xml
@@ -184,7 +184,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.5.0</version>
+                        <version>2.9.1</version>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>

diff --git a/src/main/java/com/password4j/AlgorithmFinder.java b/src/main/java/com/password4j/AlgorithmFinder.java
@@ -343,11 +343,16 @@ public static List<String> getAllPBKDF2Variants()
         List<String> result = new ArrayList<>();
         for (Provider provider : Security.getProviders())
         {
-            for (Provider.Service service : provider.getServices())
+            // Some JDK implementation may return null instead of an empty array.
+            // see https://github.com/Password4j/password4j/issues/120
+            if (provider.getServices() != null)
             {
-                if ("SecretKeyFactory".equals(service.getType()) && service.getAlgorithm().startsWith("PBKDF2"))
+                for (Provider.Service service : provider.getServices())
                 {
-                    result.add(service.getAlgorithm());
+                    if ("SecretKeyFactory".equals(service.getType()) && service.getAlgorithm().startsWith("PBKDF2"))
+                    {
+                        result.add(service.getAlgorithm());
+                    }
                 }
             }
         }

diff --git a/src/test/com/password4j/PasswordTest.java b/src/test/com/password4j/PasswordTest.java
@@ -23,6 +23,7 @@
 import java.security.SecureRandom;
 import java.security.Security;
 import java.util.Random;
+import java.util.Set;
 
 import org.junit.Assert;
 import org.junit.Test;
@@ -1221,6 +1222,28 @@ public void afterMigrationTests()
         assertThrows(BadParametersException.class, () -> Password.check(new byte[0], new Hash(null, new byte[0], new byte[0], new byte[0])));
     }
 
+    @Test
+    public void issue120()
+    {
+        // GIVEN
+        String name = "issue120FakeProvider";
+        Provider emptyProvider = new Provider(name, 1, "info")
+        {
+            @Override
+            public synchronized Set<Service> getServices()
+            {
+                return null;
+            }
+        };
+        Security.addProvider(emptyProvider);
+
+        // WHEN
+        Password.hash("hash");
+
+        // THEN
+        Security.removeProvider(name);
+    }
+
     private static String printBytesToString(byte[] bytes)
     {
         StringBuilder byteString= new StringBuilder();

diff --git a/src/test/com/password4j/SaltGeneratorTest.java b/src/test/com/password4j/SaltGeneratorTest.java
@@ -143,12 +143,13 @@ public void testStrongRandom2()
         setSecurityProperty(old);
 
     }
-
+    @SuppressWarnings("removal")
     private String getSecurityProperty()
     {
         return AccessController.doPrivileged((PrivilegedAction<String>) () -> Security.getProperty("securerandom.strongAlgorithms"));
     }
 
+    @SuppressWarnings("removal")
     private void setSecurityProperty(String value)
     {
         AccessController.doPrivileged((PrivilegedAction<Object>) () -> {