From 96aaf74ec6cc2495513d602bd6485e6b8497ce4b Mon Sep 17 00:00:00 2001
From: danila_varatyntsev <danila_varatyntsev@epam.com>
Date: Thu, 23 Apr 2020 10:58:11 +0300
Subject: [PATCH] Fixed an NPE on null map and list claims

---
 .../main/java/com/auth0/jwt/JWTCreator.java   |  4 +--
 .../java/com/auth0/jwt/JWTCreatorTest.java    | 35 +++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/lib/src/main/java/com/auth0/jwt/JWTCreator.java b/lib/src/main/java/com/auth0/jwt/JWTCreator.java
index 3cd0b7ea..0b4da54b 100644
--- a/lib/src/main/java/com/auth0/jwt/JWTCreator.java
+++ b/lib/src/main/java/com/auth0/jwt/JWTCreator.java
@@ -321,7 +321,7 @@ public Builder withArrayClaim(String name, Long[] items) throws IllegalArgumentE
         public Builder withClaim(String name, Map<String, ?> map) throws IllegalArgumentException {
             assertNonNull(name);
             // validate map contents
-            if (!validateClaim(map)) {
+            if (map != null && !validateClaim(map)) {
                 throw new IllegalArgumentException("Expected map containing Map, List, Boolean, Integer, Long, Double, String and Date");
             }
             addClaim(name, map);
@@ -345,7 +345,7 @@ public Builder withClaim(String name, Map<String, ?> map) throws IllegalArgument
         public Builder withClaim(String name, List<?> list) throws IllegalArgumentException {
             assertNonNull(name);
             // validate list contents
-            if (!validateClaim(list)) {
+            if (list != null && !validateClaim(list)) {
                 throw new IllegalArgumentException("Expected list containing Map, List, Boolean, Integer, Long, Double, String and Date");
             }
             addClaim(name, list);
diff --git a/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java b/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java
index 0ab088c2..c8dcae8d 100644
--- a/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java
+++ b/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java
@@ -15,6 +15,7 @@
 import java.security.interfaces.RSAPrivateKey;
 import java.util.*;
 
+import static org.hamcrest.Matchers.anEmptyMap;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.Assert.assertThat;
@@ -574,6 +575,40 @@ public void shouldAcceptCustomClaimForNullListItem() throws Exception {
                 .sign(Algorithm.HMAC256("secret"));
     }
 
+    @Test
+    @SuppressWarnings("unchecked")
+    public void shouldAcceptCustomClaimWithNullMapAndRemoveClaim() throws Exception {
+        String jwt = JWTCreator.init()
+                .withClaim("map", "stubValue")
+                .withClaim("map", (Map<String, ?>) null)
+                .sign(Algorithm.HMAC256("secret"));
+
+        assertThat(jwt, is(notNullValue()));
+        String[] parts = jwt.split("\\.");
+
+        String body = new String(Base64.decodeBase64(parts[1]), StandardCharsets.UTF_8);
+        ObjectMapper mapper = new ObjectMapper();
+        Map<String, Object> map = (Map<String, Object>) mapper.readValue(body, Map.class);
+        assertThat(map, anEmptyMap());
+    }
+
+    @Test
+    @SuppressWarnings("unchecked")
+    public void shouldAcceptCustomClaimWithNullListAndRemoveClaim() throws Exception {
+        String jwt = JWTCreator.init()
+                .withClaim("list", "stubValue")
+                .withClaim("list", (List<String>) null)
+                .sign(Algorithm.HMAC256("secret"));
+
+        assertThat(jwt, is(notNullValue()));
+        String[] parts = jwt.split("\\.");
+
+        String body = new String(Base64.decodeBase64(parts[1]), StandardCharsets.UTF_8);
+        ObjectMapper mapper = new ObjectMapper();
+        Map<String, Object> map = (Map<String, Object>) mapper.readValue(body, Map.class);
+        assertThat(map, anEmptyMap());
+    }
+
     @Test
     public void shouldRefuseCustomClaimForNullMapValue() throws Exception {
         Map<String, Object> data = new HashMap<>();