From 8720966d203d02b0fcf5cdaea74b74adbba22e48 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Thu, 28 Jan 2010 16:34:45 +0000
Subject: [PATCH] SEC-1390: Added null check on claimedIdentifier returned by
 DiscoveryInformation to prevent NPE.

---
 .../springframework/security/openid/OpenID4JavaConsumer.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index c6527da562..ed44c5d281 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -158,7 +158,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
                 }
             } catch (MessageException e) {
                 attributes.clear();
-                throw new OpenIDConsumerException("Attribute retrievel failed", e);
+                throw new OpenIDConsumerException("Attribute retrieval failed", e);
             }
             if (debug) {
                 logger.debug("Retrieved attributes" + attributes);
@@ -169,8 +169,9 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
         Identifier verified = verification.getVerifiedId();
 
         if (verified == null) {
+            Identifier id = discovered.getClaimedIdentifier();
             return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
-                    discovered.getClaimedIdentifier().getIdentifier(),
+                    id == null ? "Unknown" : id.getIdentifier(),
                     "Verification status message: [" + verification.getStatusMsg() + "]", attributes);
         }