RFR: 8366522: CodeSource.getCodeSigners() throws NPE within empty certs
Sean Mullan
mullan at openjdk.org
Thu Oct 30 17:18:38 UTC 2025
On Thu, 4 Sep 2025 16:20:18 GMT, Kirill Shirokov <duke at openjdk.org> wrote:
> The new tests cover only NPE scenarios.
src/java.base/share/classes/java/security/CodeSource.java line 241:
> 239: // Convert the certs to code signers
> 240: signers = convertCertArrayToSignerArray(certs);
> 241: if (signers != null) {
I think this should return an empty array, and not null. This would make it consistent with `CodeSource.getCertificates()` which returns an empty array when a `CodeSource` object is constructed with an empty array of `CodeSigner`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27105#discussion_r2478909622
More information about the security-dev
mailing list