fix: addressing possible npes (#41944)

close: #40659

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

integration/client-cli/admin-cli/src/main/java/org/keycloak/client/registration/cli/ReflectionUtil.java

@@ -436,16 +436,13 @@ public class ReflectionUtil {
     }
 
     public static String getTypeString(Type type, Field field) {
-        Class clazz = null;
         if (type == null) {
             if (field == null) {
                 throw new IllegalArgumentException("type == null and field == null");
             }
             type = field.getGenericType();
         }
-        if (type instanceof Class) {
-            clazz = (Class) type;
-        } else if (type instanceof ParameterizedType) {
+        if (type instanceof ParameterizedType) {
             StringBuilder sb = new StringBuilder();
             String rtype = getTypeString(((ParameterizedType) type).getRawType(), null);
 
@@ -463,6 +460,12 @@ public class ReflectionUtil {
             return sb.toString();
         }
 
+        if (!(type instanceof Class)) {
+            throw new IllegalArgumentException("unsupported type " + type.getClass().getName());
+        }
+
+        Class clazz = (Class) type;
+
         if (CharSequence.class.isAssignableFrom(clazz)) {
             return "string";
         } else if (Integer.class.isAssignableFrom(clazz) || int.class.isAssignableFrom(clazz)) {

model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java

@@ -21,6 +21,7 @@ import org.keycloak.models.ClientModel;
 import org.keycloak.models.ClientScopeModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelDuplicateException;
+import org.keycloak.models.ModelException;
 import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
@@ -447,6 +448,9 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
     @Override
     public void updateProtocolMapper(ProtocolMapperModel mapping) {
         ProtocolMapperEntity entity = getProtocolMapperEntity(mapping.getId());
+        if (entity == null) {
+            throw new ModelException("mapping with id " + mapping.getId() + " does not exist");
+        }
         entity.setProtocolMapper(mapping.getProtocolMapper());
         if (entity.getConfig() == null) {
             entity.setConfig(mapping.getConfig());

model/jpa/src/main/java/org/keycloak/models/jpa/ClientScopeAdapter.java

@@ -20,6 +20,7 @@ package org.keycloak.models.jpa;
 import org.keycloak.models.ClientScopeModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelDuplicateException;
+import org.keycloak.models.ModelException;
 import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
@@ -54,6 +55,7 @@ public class ClientScopeAdapter implements ClientScopeModel, JpaModel<ClientScop
         this.entity = entity;
     }
 
+    @Override
     public ClientScopeEntity getEntity() {
         return entity;
     }
@@ -169,6 +171,9 @@ public class ClientScopeAdapter implements ClientScopeModel, JpaModel<ClientScop
     @Override
     public void updateProtocolMapper(ProtocolMapperModel mapping) {
         ProtocolMapperEntity entity = getProtocolMapperEntity(mapping.getId());
+        if (entity == null) {
+            throw new ModelException("mapping with id " + mapping.getId() + " does not exist");
+        }
         entity.setProtocolMapper(mapping.getProtocolMapper());
         if (entity.getConfig() == null) {
             entity.setConfig(mapping.getConfig());

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java

@@ -1463,12 +1463,14 @@ public class RealmAdapter implements StorageProviderRealmModel, JpaModel<RealmEn
         realm.setResetCredentialsFlow(flow.getId());
     }
 
+    @Override
     public AuthenticationFlowModel getClientAuthenticationFlow() {
         String flowId = realm.getClientAuthenticationFlow();
         if (flowId == null) return null;
         return getAuthenticationFlowById(flowId);
     }
 
+    @Override
     public void setClientAuthenticationFlow(AuthenticationFlowModel flow) {
         realm.setClientAuthenticationFlow(flow.getId());
     }
@@ -1616,6 +1618,7 @@ public class RealmAdapter implements StorageProviderRealmModel, JpaModel<RealmEn
         return entityToModel(entity);
     }
 
+    @Override
     public AuthenticationExecutionModel getAuthenticationExecutionByFlowId(String flowId) {
         TypedQuery<AuthenticationExecutionEntity> query = em.createNamedQuery("authenticationFlowExecution", AuthenticationExecutionEntity.class)
                 .setParameter("flowId", flowId);
@@ -1637,6 +1640,9 @@ public class RealmAdapter implements StorageProviderRealmModel, JpaModel<RealmEn
         entity.setRequirement(model.getRequirement());
         entity.setAuthenticatorConfig(model.getAuthenticatorConfig());
         AuthenticationFlowEntity flow = em.find(AuthenticationFlowEntity.class, model.getParentFlow());
+        if (flow == null) {
+            throw new ModelException("Parent flow " + model.getParentFlow() + " does not exist");
+        }
         entity.setParentFlow(flow);
         flow.getExecutions().add(entity);
         entity.setRealm(realm);

server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java

@@ -432,7 +432,7 @@ public class RepresentationToModel {
 
         updateClientProperties(resource, rep, false);
 
-        if ("saml".equals(rep.getProtocol())
+        if (newClientId != null && "saml".equals(rep.getProtocol())
                 && (rep.getAttributes() == null
                 || !rep.getAttributes().containsKey("saml.artifact.binding.identifier"))) {
             resource.setAttribute("saml.artifact.binding.identifier", computeArtifactBindingIdentifierString(newClientId));