[9] request for review 8079129: NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java

Vincent Ryan vincent.x.ryan at oracle.com
Tue May 5 15:17:10 UTC 2015


FYI updated webrev at:
  http://cr.openjdk.java.net/~vinnie/8079129/webrev.01/ <http://cr.openjdk.java.net/~vinnie/8079129/webrev.01/>


> On 5 May 2015, at 15:53, Vincent Ryan <vincent.x.ryan at oracle.com> wrote:
> 
> I’ll skip the initialization.
> Thanks.
> 
> 
>> On 5 May 2015, at 15:52, Weijun Wang <weijun.wang at oracle.com> wrote:
>> 
>> That's good, but there is no need to assign null in
>> 
>>      Certificate[] certs = null;
>> 
>> Or, maybe you can add "if (certs != null)" around the loop, but you might not like an extra indentation.
>> 
>> --Max
>> 
>> On 5/5/2015 10:44 PM, Vincent Ryan wrote:
>>> OK. How about this?
>>> 
>>> --- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
>>> +++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
>>> @@ -1,5 +1,5 @@
>>> /*
>>> - * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights
>>> reserved.
>>> + * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights
>>> reserved.
>>>  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>  *
>>>  * This code is free software; you can redistribute it and/or modify it
>>> @@ -1642,23 +1642,22 @@
>>>             Entry entry = entries.get(alias);
>>> 
>>> 
>>>             // certificate chain
>>> -            int chainLen = 1;
>>>             Certificate[] certs = null;
>>> 
>>> 
>>>             if (entry instanceof PrivateKeyEntry) {
>>>                 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
>>> -                    if (keyEntry.chain == null) {
>>> -                        chainLen = 0;
>>> -                    } else {
>>> -                        chainLen = keyEntry.chain.length;
>>> -                    }
>>> -                certs = keyEntry.chain;
>>> -
>>> +                if (keyEntry.chain != null) {
>>> +                    certs = keyEntry.chain;
>>> +                } else {
>>> +                    certs = new Certificate[0];
>>> +                }
>>>             } else if (entry instanceof CertEntry) {
>>> -               certs = new Certificate[]{((CertEntry) entry).cert};
>>> +                certs = new Certificate[]{((CertEntry) entry).cert};
>>> +            } else {
>>> +                certs = new Certificate[0];
>>>             }
>>> 
>>> 
>>> -            for (int i = 0; i < chainLen; i++) {
>>> +            for (int i = 0; i < certs.length; i++) {
>>>                 // create SafeBag of Type CertBag
>>>                 DerOutputStream safeBag = new DerOutputStream();
>>>                 safeBag.putOID(CertBag_OID);
>>> 
>>> 
>>> 
>>>> On 5 May 2015, at 15:10, Weijun Wang <weijun.wang at oracle.com
>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>> 
>>>> Anyway it looks redundant and error-prone to maintain the length of an
>>>> array in a separate variable.
>>>> 
>>>> --Max
>>>> 
>>>> On 5/5/2015 8:32 PM, Vincent Ryan wrote:
>>>>> Replacing the for loop below with a for-each loop on certs would be
>>>>> fine except that certs can be null.
>>>>> I could initialize certs with an empty array on each iteration of the
>>>>> outer loop but it doesn’t seem to gain much overall.
>>>>> 
>>>>> 
>>>>>> On 4 May 2015, at 13:10, Weijun Wang <weijun.wang at oracle.com
>>>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>>>> 
>>>>>> 1662             for (int i = 0; i < chainLen; i++) {
>>>>>> 
>>>>>> 
>>>>>> On 5/4/2015 6:08 PM, Vincent Ryan wrote:
>>>>>>> Which line?
>>>>>>> 
>>>>>>>> On 2 May 2015, at 02:22, Weijun Wang <weijun.wang at oracle.com
>>>>>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>>>>>> 
>>>>>>>> Is it safe to just run for-each on certs (if it's not null)?
>>>>>>>> 
>>>>>>>> --Max
>>>>>>>> 
>>>>>>>> On 5/2/2015 6:39 AM, Vincent Ryan wrote:
>>>>>>>>> Please review this fix to correct the PKCS12 encoding when a
>>>>>>>>> secret key is being stored in one keystore entry and a
>>>>>>>>> certificate in another.
>>>>>>>>> 
>>>>>>>>> Thanks.
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8079129
>>>>>>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8079129/webrev.00/
>>>>>>>>> 
>>>>>>> 
>>>>> 
>>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150505/d757a9d5/attachment.htm>


More information about the security-dev mailing list