RFR: 8346094: Harden X509CertImpl.getExtensionValue for NPE cases [v2]
Konanki Sreenath
duke at openjdk.org
Thu Feb 13 07:07:21 UTC 2025
On Mon, 10 Feb 2025 13:37:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> I take back my word about `extensions` -- it can be null. However, `X509CertImpl` should never have a null `info`. I’d prefer to add `Objects.requireNonNull` in its constructor. Your approach of returning null instead of throwing an exception when `info == null` actually hides this problem. If there are other places when `info == null` is checked, please remove them.
Yes, as you suggested, this approach to the code change is much clearer. I will remove the null check on info and adding Objects.requireNonNull in the constructor of the X509CertImpl class. This will result in modifications to one of the test class to accommodate the new changes. Additionally, I will move the newly added (in this commit) CertificateExtensions class to the internal package to facilitate testing of the internal methods."
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23315#issuecomment-2655700863
More information about the security-dev
mailing list