RFR: 8236671: NullPointerException in JKS keystore [v2]

Will Sargent will.sargent at gmail.com
Fri Apr 30 16:54:25 UTC 2021

> KeyStore specification will be tightened up via another bug record

This would be super helpful, as one thing that confuses me is what the
relationship is between a key entry and a key alias -- in particular, the
existence alias doesn't seem to guarantee a valid entry that can be

In JDK 11 it's possible to create a private key with a keystore using pkcs12
.setKeyEntry() (see link below):


and then have a null pointer exception when retrieving the entry from the
alias because the certificate chain is null (see commented out "testSystem"
use case):


I can write this up into a formal bug if that helps.

On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey <coffeys at openjdk.java.net>

> On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> >> Trivial enough change. Improved the exception thrown from JceKeyStore
> also.
> >
> > Sean Coffey has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev excludes the unrelated changes
> brought in by the merge/rebase. The pull request contains four additional
> commits since the last revision:
> >
> >  - Check for null before try block
> >  - Merge branch 'master' of https://github.com/openjdk/jdk into
> JDK-8236671-NPE
> >  - Fix white space
> >  - 8236671: NullPointerException in JKS keystore
> KeyStore specification will be tightened up via another bug record:
> https://bugs.openjdk.java.net/browse/JDK-8266351
> -------------
> PR: https://git.openjdk.java.net/jdk/pull/3588
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20210430/0bea5475/attachment.htm>

More information about the security-dev mailing list