From bed6480a5a252c40cacb2c40de5c820e61362ac8 Mon Sep 17 00:00:00 2001
From: Lukas Vydra <lvydra@redhat.com>
Date: Tue, 10 Jan 2023 16:57:35 +0100
Subject: [PATCH] [ELY-1745] The AvailableRealmsCallback should not result in a
 NPE if there is no mechanism configuration.

---
 .../server/ServerAuthenticationContext.java   |  3 +
 .../auth/server/_private/ElytronMessages.java |  5 +-
 .../server/AvailableRealmsCallbackTest.java   | 58 +++++++++++++++++++
 3 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 auth/server/base/src/test/java/org/wildfly/security/server/AvailableRealmsCallbackTest.java

diff --git a/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java b/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java
index d28743acd4b..140412b5170 100644
--- a/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java
+++ b/auth/server/base/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java
@@ -1492,6 +1492,9 @@ private void transition() {
         }
 
         private InitialState selectMechanismConfiguration() {
+            if (mechanismConfigurationSelector == null) {
+                throw log.mechanismConfigurationSelectorNotDefined();
+            }
             MechanismConfiguration mechanismConfiguration = mechanismConfigurationSelector.selectConfiguration(mechanismInformation);
             if (mechanismConfiguration == null) {
                 throw log.unableToSelectMechanismConfiguration(mechanismInformation.getMechanismType(),
diff --git a/auth/server/base/src/main/java/org/wildfly/security/auth/server/_private/ElytronMessages.java b/auth/server/base/src/main/java/org/wildfly/security/auth/server/_private/ElytronMessages.java
index 197dce5b8d6..8f1e5bf3819 100644
--- a/auth/server/base/src/main/java/org/wildfly/security/auth/server/_private/ElytronMessages.java
+++ b/auth/server/base/src/main/java/org/wildfly/security/auth/server/_private/ElytronMessages.java
@@ -47,7 +47,7 @@
 @ValidIdRanges({
     @ValidIdRange(min = 3, max = 3),
     @ValidIdRange(min = 8, max = 8),
-    @ValidIdRange(min = 1000, max = 1156),
+    @ValidIdRange(min = 1000, max = 1157),
     @ValidIdRange(min = 8510, max = 8511),
     @ValidIdRange(min = 16000, max = 16999)
 })
@@ -129,6 +129,9 @@ IllegalStateException unableToSelectMechanismConfiguration(String mechanismType,
     @Message(id = 1156, value = "Cannot obtain a credential from a security factory")
     IOException cannotObtainCredentialFromFactory(@Cause GeneralSecurityException e);
 
+    @Message(id = 1157, value = "MechanismConfigurationSelector is not defined.")
+    IllegalStateException mechanismConfigurationSelectorNotDefined();
+
     @LogMessage(level = ERROR)
     @Message(id = 1094, value = "An event handler threw an exception")
     void eventHandlerFailed(@Cause Throwable cause);
diff --git a/auth/server/base/src/test/java/org/wildfly/security/server/AvailableRealmsCallbackTest.java b/auth/server/base/src/test/java/org/wildfly/security/server/AvailableRealmsCallbackTest.java
new file mode 100644
index 00000000000..2f3cc09b7b0
--- /dev/null
+++ b/auth/server/base/src/test/java/org/wildfly/security/server/AvailableRealmsCallbackTest.java
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2023 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.wildfly.security.server;
+
+import org.junit.Test;
+import org.wildfly.security.auth.server.MechanismConfiguration;
+import org.wildfly.security.auth.server.MechanismConfigurationSelector;
+import org.wildfly.security.auth.server.SecurityDomain;
+import org.wildfly.security.auth.server.ServerAuthenticationContext;
+
+import java.io.IOException;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class AvailableRealmsCallbackTest {
+
+    @Test
+    public void testNullMechanismConfigurationSelector() {
+        SecurityDomain securityDomain = SecurityDomain.builder().build();
+        ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext(null);
+
+        try {
+            sac.setAuthenticationName("user");
+            fail("The exception should be thrown.");
+        } catch (Exception e) {
+            String expectedMessage = "MechanismConfigurationSelector is not defined.";
+            String actualMessage = e.getMessage();
+
+            assertTrue(actualMessage.contains(expectedMessage));
+        }
+    }
+
+    @Test
+    public void testEmptyMechanismConfiguration() throws IOException {
+        SecurityDomain securityDomain = SecurityDomain.builder().build();
+        MechanismConfigurationSelector mechanismConfigurationSelector = MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY);
+        ServerAuthenticationContext sac = securityDomain.createNewAuthenticationContext(mechanismConfigurationSelector);
+        sac.setAuthenticationName("user");
+    }
+}
+