RFR: 8346094: Harden X509CertImpl.getExtensionValue for NPE cases [v4]
Konanki Sreenath
duke at openjdk.org
Tue Feb 18 11:45:57 UTC 2025
> Earlier code will trigger NPE if the certificate does not contain the extensions or if the requested extensions does not exist. The better approach for hardening **getExtensionValue** here is to to check for NULL explicitly before calling **getExtensionValue()** and avoding try-catch block which ensures the readability and maintainability.
>
> After scanning in multiple places where invokng getExtensions on the X509CertInfo reference, the check for NULL is added in the **getKeyUsage()** as well while calling before **getExtensionValue()**
>
> The associated tests are written and added in test class **CertificateExtensions**. Which will ensure to validate the
> **getExtensionValue()** and **getKeyUsage()** methods in **X509CertImpl** class.
Konanki Sreenath has updated the pull request incrementally with one additional commit since the last revision:
JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/23315/files
- new: https://git.openjdk.org/jdk/pull/23315/files/672d7b7e..87a1c164
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=23315&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=23315&range=02-03
Stats: 3 lines in 1 file changed: 0 ins; 2 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/23315.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/23315/head:pull/23315
PR: https://git.openjdk.org/jdk/pull/23315
More information about the security-dev
mailing list