RFR: 8346094: Harden X509CertImpl.getExtensionValue for NPE cases
Konanki Sreenath
duke at openjdk.org
Thu Feb 6 05:58:51 UTC 2025
Earlier code will trigger NPE if the certificate does not contain the extensions or if the requested extensions does not exist. The better approach for hardening **getExtensionValue** here is to to check for NULL explicitly before calling **getExtensionValue()** and avoding try-catch block which ensures the readability and maintainability.
After scanning in multiple places where invokng getExtensions on the X509CertInfo reference, the check for NULL is added in the **getKeyUsage()** as well while calling before **getExtensionValue()**
The associated tests are written and added in test class **CertificateExtensions**. Which will ensure to validate the
**getExtensionValue()** and **getKeyUsage()** methods in **X509CertImpl** class.
-------------
Commit messages:
- JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases
- JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases
- JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases
- JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases
- JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases
- JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases
Changes: https://git.openjdk.org/jdk/pull/23315/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=23315&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8346094
Stats: 229 lines in 2 files changed: 218 ins; 6 del; 5 mod
Patch: https://git.openjdk.org/jdk/pull/23315.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/23315/head:pull/23315
PR: https://git.openjdk.org/jdk/pull/23315
More information about the security-dev
mailing list