From 580b988e7f76b0146d386fe8aaaeabb1665fa7b3 Mon Sep 17 00:00:00 2001
From: tristanessquare <44587610+tristanessquare@users.noreply.github.com>
Date: Tue, 22 Dec 2020 14:02:42 +0100
Subject: [PATCH] Fix NullPointerException

- Caused by a malformed WWW-Authenticate value

Closes gh-9364
---
 .../client/http/OAuth2ErrorResponseErrorHandler.java  |  5 ++++-
 .../http/OAuth2ErrorResponseErrorHandlerTests.java    | 11 ++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index 2b50b967ac..9ab74d9655 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -70,6 +70,9 @@ public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
 			return null;
 		}
 		BearerTokenError bearerTokenError = getBearerToken(wwwAuthenticateHeader);
+		if (bearerTokenError == null) {
+			return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null);
+		}
 		String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode()
 				: OAuth2ErrorCodes.SERVER_ERROR;
 		String errorDescription = bearerTokenError.getDescription();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index 7f33e8e745..cf168aaec7 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -58,4 +58,13 @@ public class OAuth2ErrorResponseErrorHandlerTests {
 				.withMessage("[insufficient_scope] The access token expired");
 	}
 
+	@Test
+	public void handleErrorWhenErrorResponseWithInvalidWwwAuthenticateHeaderThenHandled() {
+		String invalidWwwAuthenticateHeader = "Unauthorized";
+		MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);
+		response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, invalidWwwAuthenticateHeader);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.errorHandler.handleError(response)).withMessage("[server_error] ");
+	}
+
 }