There is missing or unnecessary null check in getSaltedPasswordFromTwoWay method of org.wildfly.security.sasl.digest.AbstractDigestMechanism. char[] passwordChars is assigned on line 650 [1].

• In case when null can be assigned to passwordChars then there is missing null check before calling userRealmPasswordDigest(messageDigest, username, realm, passwordChars); on line 658 which can result to NPE.
• In case when null cannot be assigned to passwordChars then there is unnecessary null check on line 659.

[1] https://github.com/wildfly-security/wildfly-elytron/blob/e01a09572b02f33db01695eb85638e88b0cd944f/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java#L650