DelegatingPasswordEncoder handles null encodedPassword

Fixes: gh-4872

crypto/src/main/java/org/springframework/security/crypto/password/DelegatingPasswordEncoder.java

@@ -200,6 +200,9 @@ public class DelegatingPasswordEncoder implements PasswordEncoder {
 	}
 
 	private String extractId(String prefixEncodedPassword) {
+		if (prefixEncodedPassword == null) {
+			return null;
+		}
 		int start = prefixEncodedPassword.indexOf(PREFIX);
 		if(start != 0) {
 			return null;

crypto/src/test/java/org/springframework/security/crypto/password/DelegatingPasswordEncoderTests.java

@@ -177,4 +177,9 @@ public class DelegatingPasswordEncoderTests {
 		verify(this.invalidId).matches(this.rawPassword, this.encodedPassword);
 		verifyZeroInteractions(this.bcrypt, this.noop);
 	}
+
+	@Test(expected = IllegalStateException.class)
+	public void matchesWhenRawPasswordNotNullAndEncodedPasswordNullThenThrowsIllegalStateException() {
+		this.passwordEncoder.matches(this.rawPassword, null);
+	}
 }