From 6bf0b8cf631bded9def46084b9113a4f5e2d232c Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Thu, 26 Jan 2023 11:35:44 -0800
Subject: [PATCH] GUACAMOLE-839: Allow testing of null nonce values.

---
 .../java/org/apache/guacamole/auth/sso/NonceService.java   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java
index 5eb1e4b5d..5717794fd 100644
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java
@@ -120,13 +120,18 @@ public class NonceService {
      * invalidates that nonce.
      *
      * @param nonce
-     *     The nonce value to test. Comparisons are case-insensitive.
+     *     The nonce value to test. This value may be null, which will be
+     *     considered an invalid nonce. Comparisons are case-insensitive.
      *
      * @return
      *     true if the provided nonce is valid, false otherwise.
      */
     public boolean isValid(String nonce) {
 
+        // All null nonces are invalid.
+        if (nonce == null)
+            return false;
+
         // Remove nonce, verifying whether it was present at all
         Long expires = nonces.remove(nonce.toLowerCase(Locale.US));
         if (expires == null)