From ef9a125ff788a9da962ea997b1d42acb9bfdd86a Mon Sep 17 00:00:00 2001
From: firaja <david.bert@ymail.com>
Date: Sun, 20 Aug 2023 21:28:38 +0200
Subject: [PATCH] #120: added null check for custom JDKs

---
 pom.xml                                       |  2 +-
 .../java/com/password4j/AlgorithmFinder.java  | 11 ++++++---
 src/test/com/password4j/PasswordTest.java     | 23 +++++++++++++++++++
 .../com/password4j/SaltGeneratorTest.java     |  3 ++-
 4 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index dc9d1e0b..a6d77f8f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -184,7 +184,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.5.0</version>
+                        <version>2.9.1</version>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>
diff --git a/src/main/java/com/password4j/AlgorithmFinder.java b/src/main/java/com/password4j/AlgorithmFinder.java
index 3c0b7f45..56188dea 100644
--- a/src/main/java/com/password4j/AlgorithmFinder.java
+++ b/src/main/java/com/password4j/AlgorithmFinder.java
@@ -343,11 +343,16 @@ public static List<String> getAllPBKDF2Variants()
         List<String> result = new ArrayList<>();
         for (Provider provider : Security.getProviders())
         {
-            for (Provider.Service service : provider.getServices())
+            // Some JDK implementation may return null instead of an empty array.
+            // see https://github.com/Password4j/password4j/issues/120
+            if (provider.getServices() != null)
             {
-                if ("SecretKeyFactory".equals(service.getType()) && service.getAlgorithm().startsWith("PBKDF2"))
+                for (Provider.Service service : provider.getServices())
                 {
-                    result.add(service.getAlgorithm());
+                    if ("SecretKeyFactory".equals(service.getType()) && service.getAlgorithm().startsWith("PBKDF2"))
+                    {
+                        result.add(service.getAlgorithm());
+                    }
                 }
             }
         }
diff --git a/src/test/com/password4j/PasswordTest.java b/src/test/com/password4j/PasswordTest.java
index ce21f748..2fe1c7de 100644
--- a/src/test/com/password4j/PasswordTest.java
+++ b/src/test/com/password4j/PasswordTest.java
@@ -23,6 +23,7 @@
 import java.security.SecureRandom;
 import java.security.Security;
 import java.util.Random;
+import java.util.Set;
 
 import org.junit.Assert;
 import org.junit.Test;
@@ -1221,6 +1222,28 @@ public void afterMigrationTests()
         assertThrows(BadParametersException.class, () -> Password.check(new byte[0], new Hash(null, new byte[0], new byte[0], new byte[0])));
     }
 
+    @Test
+    public void issue120()
+    {
+        // GIVEN
+        String name = "issue120FakeProvider";
+        Provider emptyProvider = new Provider(name, 1, "info")
+        {
+            @Override
+            public synchronized Set<Service> getServices()
+            {
+                return null;
+            }
+        };
+        Security.addProvider(emptyProvider);
+
+        // WHEN
+        Password.hash("hash");
+
+        // THEN
+        Security.removeProvider(name);
+    }
+
     private static String printBytesToString(byte[] bytes)
     {
         StringBuilder byteString= new StringBuilder();
diff --git a/src/test/com/password4j/SaltGeneratorTest.java b/src/test/com/password4j/SaltGeneratorTest.java
index 21fdaccd..22f4b963 100644
--- a/src/test/com/password4j/SaltGeneratorTest.java
+++ b/src/test/com/password4j/SaltGeneratorTest.java
@@ -143,12 +143,13 @@ public void testStrongRandom2()
         setSecurityProperty(old);
 
     }
-
+    @SuppressWarnings("removal")
     private String getSecurityProperty()
     {
         return AccessController.doPrivileged((PrivilegedAction<String>) () -> Security.getProperty("securerandom.strongAlgorithms"));
     }
 
+    @SuppressWarnings("removal")
     private void setSecurityProperty(String value)
     {
         AccessController.doPrivileged((PrivilegedAction<Object>) () -> {