From dee78c130c380bde85a34cf2c63c145322dde195 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Mon, 25 Aug 2014 22:48:42 -0400
Subject: [PATCH] fixed missing null check in request object parser

---
 .../openid/connect/ConnectOAuth2RequestFactory.java | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
index fae822841..37f68798e 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
@@ -39,6 +39,7 @@ import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
 import org.springframework.stereotype.Component;
 
+import com.google.common.base.Strings;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
@@ -358,11 +359,15 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
 	 * @return
 	 */
 	private JsonObject parseClaimRequest(String claimRequestString) {
-		JsonElement el = parser .parse(claimRequestString);
-		if (el != null && el.isJsonObject()) {
-			return el.getAsJsonObject();
-		} else {
+		if (Strings.isNullOrEmpty(claimRequestString)) {
 			return null;
+		} else {
+			JsonElement el = parser.parse(claimRequestString);
+			if (el != null && el.isJsonObject()) {
+				return el.getAsJsonObject();
+			} else {
+				return null;
+			}
 		}
 	}