[9] request for review 8079129: NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java
Weijun Wang
weijun.wang at oracle.com
Tue May 5 15:23:28 UTC 2015
Good.
Thanks
Max
On 5/5/2015 11:17 PM, Vincent Ryan wrote:
> FYI updated webrev at:
> http://cr.openjdk.java.net/~vinnie/8079129/webrev.01/
>
>
>> On 5 May 2015, at 15:53, Vincent Ryan <vincent.x.ryan at oracle.com
>> <mailto:vincent.x.ryan at oracle.com>> wrote:
>>
>> I’ll skip the initialization.
>> Thanks.
>>
>>
>>> On 5 May 2015, at 15:52, Weijun Wang <weijun.wang at oracle.com
>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>
>>> That's good, but there is no need to assign null in
>>>
>>> Certificate[] certs = null;
>>>
>>> Or, maybe you can add "if (certs != null)" around the loop, but you
>>> might not like an extra indentation.
>>>
>>> --Max
>>>
>>> On 5/5/2015 10:44 PM, Vincent Ryan wrote:
>>>> OK. How about this?
>>>>
>>>> ---
>>>> a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
>>>> +++
>>>> b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
>>>> @@ -1,5 +1,5 @@
>>>> /*
>>>> - * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights
>>>> reserved.
>>>> + * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights
>>>> reserved.
>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>> *
>>>> * This code is free software; you can redistribute it and/or modify it
>>>> @@ -1642,23 +1642,22 @@
>>>> Entry entry = entries.get(alias);
>>>>
>>>>
>>>> // certificate chain
>>>> - int chainLen = 1;
>>>> Certificate[] certs = null;
>>>>
>>>>
>>>> if (entry instanceof PrivateKeyEntry) {
>>>> PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
>>>> - if (keyEntry.chain == null) {
>>>> - chainLen = 0;
>>>> - } else {
>>>> - chainLen = keyEntry.chain.length;
>>>> - }
>>>> - certs = keyEntry.chain;
>>>> -
>>>> + if (keyEntry.chain != null) {
>>>> + certs = keyEntry.chain;
>>>> + } else {
>>>> + certs = new Certificate[0];
>>>> + }
>>>> } else if (entry instanceof CertEntry) {
>>>> - certs = new Certificate[]{((CertEntry) entry).cert};
>>>> + certs = new Certificate[]{((CertEntry) entry).cert};
>>>> + } else {
>>>> + certs = new Certificate[0];
>>>> }
>>>>
>>>>
>>>> - for (int i = 0; i < chainLen; i++) {
>>>> + for (int i = 0; i < certs.length; i++) {
>>>> // create SafeBag of Type CertBag
>>>> DerOutputStream safeBag = new DerOutputStream();
>>>> safeBag.putOID(CertBag_OID);
>>>>
>>>>
>>>>
>>>>> On 5 May 2015, at 15:10, Weijun Wang <weijun.wang at oracle.com
>>>>> <mailto:weijun.wang at oracle.com>
>>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>>>
>>>>> Anyway it looks redundant and error-prone to maintain the length of an
>>>>> array in a separate variable.
>>>>>
>>>>> --Max
>>>>>
>>>>> On 5/5/2015 8:32 PM, Vincent Ryan wrote:
>>>>>> Replacing the for loop below with a for-each loop on certs would be
>>>>>> fine except that certs can be null.
>>>>>> I could initialize certs with an empty array on each iteration of the
>>>>>> outer loop but it doesn’t seem to gain much overall.
>>>>>>
>>>>>>
>>>>>>> On 4 May 2015, at 13:10, Weijun Wang <weijun.wang at oracle.com
>>>>>>> <mailto:weijun.wang at oracle.com>
>>>>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>>>>>
>>>>>>> 1662 for (int i = 0; i < chainLen; i++) {
>>>>>>>
>>>>>>>
>>>>>>> On 5/4/2015 6:08 PM, Vincent Ryan wrote:
>>>>>>>> Which line?
>>>>>>>>
>>>>>>>>> On 2 May 2015, at 02:22, Weijun Wang <weijun.wang at oracle.com
>>>>>>>>> <mailto:weijun.wang at oracle.com>
>>>>>>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>>>>>>>
>>>>>>>>> Is it safe to just run for-each on certs (if it's not null)?
>>>>>>>>>
>>>>>>>>> --Max
>>>>>>>>>
>>>>>>>>> On 5/2/2015 6:39 AM, Vincent Ryan wrote:
>>>>>>>>>> Please review this fix to correct the PKCS12 encoding when a
>>>>>>>>>> secret key is being stored in one keystore entry and a
>>>>>>>>>> certificate in another.
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8079129
>>>>>>>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8079129/webrev.00/
>>>>>>>>>>
>>>>>>>>
>>>>>>
>>>>
>>
>
More information about the security-dev
mailing list