[jdk24u] RFR: 8350554: Harden X509CertImpl.getExtensionValue for NPE cases
Konanki Sreenath
duke at openjdk.org
Mon Feb 24 08:24:12 UTC 2025
Earlier code will trigger NPE if the certificate does not contain the extensions or if the requested extensions does not exist. The better approach for hardening getExtensionValue here is to to check for NULL explicitly before calling getExtensionValue() and avoding try-catch block which ensures the readability and maintainability.
After scanning in multiple places where invokng getExtensions on the X509CertInfo reference, the check for NULL is added in the getKeyUsage() as well while calling before getExtensionValue()
The associated tests are written and added in test class CertificateExtensions. Which will ensure to validate the
getExtensionValue() and getKeyUsage() methods in X509CertImpl class.
-------------
Commit messages:
- 8350554: Harden X509CertImpl.getExtensionValue for NPE cases
Changes: https://git.openjdk.org/jdk24u/pull/88/files
Webrev: https://webrevs.openjdk.org/?repo=jdk24u&pr=88&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8350554
Stats: 267 lines in 3 files changed: 209 ins; 47 del; 11 mod
Patch: https://git.openjdk.org/jdk24u/pull/88.diff
Fetch: git fetch https://git.openjdk.org/jdk24u.git pull/88/head:pull/88
PR: https://git.openjdk.org/jdk24u/pull/88
More information about the jdk-updates-dev
mailing list