From 77817ae31433601ae49417fc31636bc30aeb6091 Mon Sep 17 00:00:00 2001
From: Phillip Webb <phil.webb@broadcom.com>
Date: Fri, 8 Nov 2024 23:05:48 -0800
Subject: [PATCH] Protect against NPE when keystore is missing

Update `SslInfo` to protect against a potential `NullPointerException`.

Fixes gh-43078
---
 .../java/org/springframework/boot/info/SslInfo.java    |  3 +++
 .../org/springframework/boot/info/SslInfoTests.java    | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/info/SslInfo.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/info/SslInfo.java
index 484167a981c..c88eb43a288 100644
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/info/SslInfo.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/info/SslInfo.java
@@ -76,6 +76,9 @@ public class SslInfo {
 		}
 
 		private List<CertificateChainInfo> extractCertificateChains(KeyStore keyStore) {
+			if (keyStore == null) {
+				return Collections.emptyList();
+			}
 			try {
 				return Collections.list(keyStore.aliases())
 					.stream()
diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/info/SslInfoTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/info/SslInfoTests.java
index b2412a73565..316c05d1dc2 100644
--- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/info/SslInfoTests.java
+++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/info/SslInfoTests.java
@@ -34,6 +34,7 @@ import org.springframework.boot.info.SslInfo.CertificateInfo;
 import org.springframework.boot.info.SslInfo.CertificateValidityInfo.Status;
 import org.springframework.boot.ssl.DefaultSslBundleRegistry;
 import org.springframework.boot.ssl.SslBundle;
+import org.springframework.boot.ssl.SslBundleKey;
 import org.springframework.boot.ssl.SslStoreBundle;
 import org.springframework.boot.ssl.jks.JksSslStoreBundle;
 import org.springframework.boot.ssl.jks.JksSslStoreDetails;
@@ -211,6 +212,15 @@ class SslInfoTests {
 		});
 	}
 
+	@Test
+	void nullKeyStore() {
+		DefaultSslBundleRegistry sslBundleRegistry = new DefaultSslBundleRegistry();
+		sslBundleRegistry.registerBundle("test", SslBundle.of(SslStoreBundle.NONE, SslBundleKey.NONE));
+		SslInfo sslInfo = new SslInfo(sslBundleRegistry, Duration.ofDays(7));
+		assertThat(sslInfo.getBundles()).hasSize(1);
+		assertThat(sslInfo.getBundles().get(0).getCertificateChains()).isEmpty();
+	}
+
 	private SslInfo createSslInfo(String... locations) {
 		DefaultSslBundleRegistry sslBundleRegistry = new DefaultSslBundleRegistry();
 		for (int i = 0; i < locations.length; i++) {