RFR: 8236671: NullPointerException in JKS keystore
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Tue Apr 20 20:22:08 UTC 2021
On Tue, 20 Apr 2021 20:06:16 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> > It looks like a public behavior change to me. Did you want to file a CSR and update the specification (KeyStore) as well? I think it would be nice if we could keep use the old exception, IllegalArgumentException, as described in the bug.
>
> @XueleiFan - The spec in question has been broken for almost 3 years with the throwing of NPE.
>
> One issue here is that Sun provider with JKS keystore will throw IllegalArgumentException in older JDK versions but the SunJCE provider and JCEKS keystore throws KeyStoreException when null password is encountered . There's a mismatch. To me, it looks like KeyStoreException is the correct exception in such scenarios (and according to API spec)
>
> I can file a CSR to have the implementation adhere to spec if that's desired.
It makes sense to me. I think it would be good to have this stated in the spec in case more mismatch introduced in the future.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3588
More information about the security-dev
mailing list