Merge pull request #13554 from msm1992/master

msm1992 · web-flow · commit a155e7e3165c · 2026-01-27T14:43:22.000+05:30
Fix issue when registering a KM for 'Other' KM type
diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java
@@ -1742,23 +1742,30 @@ private String getEncryptedValue(String value) {
     private void maskValues(KeyManagerConfigurationDTO keyManagerConfigurationDTO) {
         KeyManagerConnectorConfiguration keyManagerConnectorConfiguration = ServiceReferenceHolder.getInstance()
                 .getKeyManagerConnectorConfiguration(keyManagerConfigurationDTO.getType());
-
-        Map<String, Object> additionalProperties = keyManagerConfigurationDTO.getAdditionalProperties();
-        List<ConfigurationDto> connectionConfigurations =
-                keyManagerConnectorConfiguration.getConnectionConfigurations();
-        for (ConfigurationDto connectionConfiguration : connectionConfigurations) {
-            if (connectionConfiguration.isMask()) {
-                additionalProperties.replace(connectionConfiguration.getName(),
-                        APIConstants.DEFAULT_MODIFIED_ENDPOINT_PASSWORD);
+        // When the KM is used for Token Exchange,there won't be any connection configurations to mask.
+        if (keyManagerConnectorConfiguration != null) {
+            Map<String, Object> additionalProperties = keyManagerConfigurationDTO.getAdditionalProperties();
+            List<ConfigurationDto> connectionConfigurations =
+                    keyManagerConnectorConfiguration.getConnectionConfigurations();
+            if (connectionConfigurations != null && !connectionConfigurations.isEmpty()) {
+                for (ConfigurationDto connectionConfiguration : connectionConfigurations) {
+                    if (connectionConfiguration.isMask()) {
+                        additionalProperties.replace(connectionConfiguration.getName(),
+                                APIConstants.DEFAULT_MODIFIED_ENDPOINT_PASSWORD);
+                    }
+                }
             }
-        }
-        // if authConfiguration array is not empty, check for maskable values there as well
-        if (keyManagerConnectorConfiguration.getAuthConfigurations() != null
-                && !(keyManagerConnectorConfiguration.getAuthConfigurations().isEmpty())) {
-            List<ConfigurationDto> authConfigurations = keyManagerConnectorConfiguration.getAuthConfigurations();
-            // Recursively check nested objects in authConfigurations and apply masking
-            for (ConfigurationDto authConfiguration : authConfigurations) {
-                applyMaskToNestedFields(authConfiguration.getValues(), additionalProperties);
+
+            // if authConfiguration array is not empty, check for maskable values there as well
+            if (keyManagerConnectorConfiguration.getAuthConfigurations() != null
+                    && !(keyManagerConnectorConfiguration.getAuthConfigurations().isEmpty())) {
+                List<ConfigurationDto> authConfigurations = keyManagerConnectorConfiguration.getAuthConfigurations();
+                if (authConfigurations != null && !authConfigurations.isEmpty()) {
+                    // Recursively check nested objects in authConfigurations and apply masking
+                    for (ConfigurationDto authConfiguration : authConfigurations) {
+                        applyMaskToNestedFields(authConfiguration.getValues(), additionalProperties);
+                    }
+                }
             }
         }
     }
