GUACAMOLE-839: Merge corrected handling of possible null values within SSL/TLS client auth support.

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLClientAuthenticationResource.java

@@ -253,7 +253,20 @@ public class SSLClientAuthenticationResource extends SSOResource {
         try (Reader reader = new StringReader(new String(certificate, StandardCharsets.UTF_8))) {
 
             PEMParser parser = new PEMParser(reader);
-            cert = (X509CertificateHolder) parser.readObject();
+            Object object = parser.readObject();
+
+            // Verify received data is indeed an X.509 certificate
+            if (object == null || !(object instanceof X509CertificateHolder))
+                throw new GuacamoleClientException("Certificate did not "
+                        + "contain an X.509 certificate.");
+
+            // Verify sanity of received certificate (there should be only
+            // one object here)
+            if (parser.readObject() != null)
+                throw new GuacamoleClientException("Certificate contains "
+                        + "more than a single X.509 certificate.");
+
+            cert = (X509CertificateHolder) object;
 
             // Verify certificate is valid (it should be given pre-validation
             // from SSL termination, but it's worth rechecking for sanity)

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/WildcardURIGuacamoleProperty.java

@@ -45,6 +45,9 @@ public abstract class WildcardURIGuacamoleProperty extends URIGuacamoleProperty
     @Override
     public URI parseValue(String value) throws GuacamoleException {
 
+        if (value == null)
+            return null;
+
         // Verify wildcard prefix is present
         Matcher matcher = WILDCARD_URI_PATTERN.matcher(value);
         if (matcher.matches()) {