[jdk24u] RFR: 8346094: Harden X509CertImpl.getExtensionValue for NPE cases [v2]
Konanki Sreenath
duke at openjdk.org
Thu Feb 27 08:44:05 UTC 2025
On Tue, 25 Feb 2025 06:04:34 GMT, Konanki Sreenath <duke at openjdk.org> wrote:
>> Earlier code will trigger NPE if the certificate does not contain the extensions or if the requested extensions does not exist. The better approach for hardening getExtensionValue here is to to check for NULL explicitly before calling getExtensionValue() and avoding try-catch block which ensures the readability and maintainability.
>>
>> After scanning in multiple places where invokng getExtensions on the X509CertInfo reference, the check for NULL is added in the getKeyUsage() as well while calling before getExtensionValue()
>>
>> The associated tests are written and added in test class CertificateExtensions. Which will ensure to validate the
>> getExtensionValue() and getKeyUsage() methods in X509CertImpl class.
>
> Konanki Sreenath has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
>
> Backport 70a6c0b7ac952eebdffa1d64399cd0ee1efec1f6
This is not critical backport to 24.0.2 from the main hence closing the MR. Since the changes are in internal classes which are not used by user/customer directly.
-------------
PR Comment: https://git.openjdk.org/jdk24u/pull/88#issuecomment-2687267401
More information about the jdk-updates-dev
mailing list