static block in Password class does not initialize due to NPE

[divijen]

Issue Description:
Application throws a NoClassDefFoundError for Password class even though it is present in the final application build.

Steps to reproduce:
Simply use the Password class to create an scrypt hash as mentioned in the password4j getstarted page.

Expected behavior:
Generate a hash without Exception.

Environment:

• OS: mxlinux
• JDK Amazon Corretto
• Version 8
• enterprise ear file deployed on wildfly server

Additional context:
This is happening because the static block of Password.java is not loading due to an eventual NPE that occurs in the library code. This in turn stops this class from loading and manifests as a java.lang.NoClassDefFoundError in the application.

Please confirm if this is an issue or requires any configuration change.

Exception stack trace:
Caused by: java.lang.NullPointerException
at com.password4j.AlgorithmFinder.getAllPBKDF2Variants(AlgorithmFinder.java:346)
at com.password4j.Utils.printBanner(Utils.java:582)
at com.password4j.Password.(Password.java:37)

Problem in line number 346 of AlgorithmFinder class. The provider creating the problem is ThreadLocalSecurityProvider. The size says 4 but returns null.

[firaja]

Hi @divijen,

thank you for opening the issue.
This is caused by your JVM that has a provider containing no services.

Can you post the result of this in your environment? Thank you

        for (Provider provider : Security.getProviders())
        {
            System.out.println(provider.getName());
            if (provider.getServices() != null)
            {
                for (Provider.Service service : provider.getServices())
                {
                    System.out.println(" - " + service.getAlgorithm());
                }
            }

        }

[divijen]

Thank you @firaja

I could probably write a small chunk where there might be an issue:

XMLDSig
 - http://www.w3.org/2006/12/xml-c14n11#WithComments
 - http://www.w3.org/2000/09/xmldsig#base64
 - http://www.w3.org/TR/1999/REC-xslt-19991116
 - http://www.w3.org/2001/10/xml-exc-c14n#
 - http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
 - http://www.w3.org/2000/09/xmldsig#enveloped-signature
 - http://www.w3.org/2002/06/xmldsig-filter2
 - DOM
 - http://www.w3.org/TR/2001/REC-xml-c14n-20010315
 - http://www.w3.org/2001/10/xml-exc-c14n#WithComments
 - http://www.w3.org/2006/12/xml-c14n11
 - http://www.w3.org/TR/1999/REC-xpath-19991116
 - DOM
TLSP
SunPCSC
 - PC/SC

[firaja]

Hi @divijen a fix is published for this problem.
You can try version 1.7.2 and see if it's solved.

What I found weird is that with Amazon Corretto 1.8 I never get a null from provider.getServices(), even if the Provider has no Service.
The only way to replicate it was to override method Provider#getServices() and force it to return null. Maybe you have a library doing so.