<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Thanks for the feedback Will. It would be useful if you can
provide a testcase and/or add comments to <a href="https://bugs.openjdk.java.net/browse/JDK-8266351" rel="noreferrer" target="_blank">JDK-8266351</a> on your
experience.</p>
<p>regards,<br>
Sean.<br>
</p>
<div class="moz-cite-prefix">On 30/04/2021 17:54, Will Sargent
wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAAvUidP3=_9Rj63G+AtoE-_VBokTQQiHvYcQ1iTA1mpXnQqgaA@mail.gmail.com">
<div dir="ltr">
<div>> <span class="gmail-im"></span>
KeyStore specification will be tightened up via another bug
record <br>
</div>
<div><br>
</div>
<div>This would be super helpful, as one thing that confuses me
is what the relationship is between a key entry and a key
alias -- in particular, the existence alias doesn't seem to
guarantee a valid entry that can be retrieved.<br>
</div>
<div><br>
</div>
<div> In JDK 11 it's possible to create a private key with a
keystore using pkcs12<span class="gmail-pl-k">.</span>setKeyEntry()
(see link below):<br>
</div>
<div><br>
</div>
<div><a href="https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135" moz-do-not-send="true">https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135</a></div>
<div><br>
</div>
<div>and then have a null pointer exception when retrieving the
entry from the alias because the certificate chain is null
(see commented out "testSystem" use case):<br>
</div>
<div><br>
</div>
<div>
<div><a href="https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27" moz-do-not-send="true">https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27</a></div>
</div>
<div><br>
</div>
<div>I can write this up into a formal bug if that helps.<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Apr 30, 2021 at 2:30
AM Sean Coffey <<a href="mailto:coffeys@openjdk.java.net" moz-do-not-send="true">coffeys@openjdk.java.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On
Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey <<a href="mailto:coffeys@openjdk.org" target="_blank" moz-do-not-send="true">coffeys@openjdk.org</a>> wrote:<br>
<br>
>> Trivial enough change. Improved the exception thrown
from JceKeyStore also.<br>
><br>
> Sean Coffey has updated the pull request with a new
target base due to a merge or a rebase. The incremental webrev
excludes the unrelated changes brought in by the merge/rebase.
The pull request contains four additional commits since the
last revision:<br>
> <br>
> - Check for null before try block<br>
> - Merge branch 'master' of <a href="https://github.com/openjdk/jdk" rel="noreferrer" target="_blank" moz-do-not-send="true">https://github.com/openjdk/jdk</a>
into JDK-8236671-NPE<br>
> - Fix white space<br>
> - 8236671: NullPointerException in JKS keystore<br>
<br>
KeyStore specification will be tightened up via another bug
record: <a href="https://bugs.openjdk.java.net/browse/JDK-8266351" rel="noreferrer" target="_blank" moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8266351</a><br>
<br>
-------------<br>
<br>
PR: <a href="https://git.openjdk.java.net/jdk/pull/3588" rel="noreferrer" target="_blank" moz-do-not-send="true">https://git.openjdk.java.net/jdk/pull/3588</a><br>
</blockquote>
</div>
</blockquote>
</body>
</html>