<div dir="ltr"><div>I have tried to sign up to the bug tracking system (through reset password I think?) but I'm not getting an email out, so I can't add to the bug.</div><div><br></div><div>I have created a test case in Github:<br></div><div><br></div><div><a href="https://github.com/wsargent/jca-key-failure/">https://github.com/wsargent/jca-key-failure/</a></div><div><br></div><div>The stack trace shows the invalid key store entry after saving and loading it again.<br></div><div><br></div><div><a href="https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java#L68">https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java#L68</a></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 30, 2021 at 12:40 PM Seán Coffey <<a href="mailto:sean.coffey@oracle.com">sean.coffey@oracle.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

  <div>

    <p>Thanks for the feedback Will. It would be useful if you can

      provide a testcase and/or add comments to <a href="https://bugs.openjdk.java.net/browse/JDK-8266351" rel="noreferrer" target="_blank">JDK-8266351</a> on your

      experience.</p>

    <p>regards,<br>

      Sean.<br>

    </p>

    <div>On 30/04/2021 17:54, Will Sargent

      wrote:<br>

    </div>

    <blockquote type="cite">

      <div dir="ltr">

        <div>> <span></span>

          KeyStore specification will be tightened up via another bug

          record <br>

        </div>

        <div><br>

        </div>

        <div>This would be super helpful, as one thing that confuses me

          is what the relationship is between a key entry and a key

          alias -- in particular, the existence alias doesn't seem to

          guarantee a valid entry that can be retrieved.<br>

        </div>

        <div><br>

        </div>

        <div> In JDK 11 it's possible to create a private key with a

          keystore using pkcs12<span>.</span>setKeyEntry()

          (see link below):<br>

        </div>

        <div><br>

        </div>

        <div><a href="https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135" target="_blank">https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135</a></div>

        <div><br>

        </div>

        <div>and then have a null pointer exception when retrieving the

          entry from the alias because the certificate chain is null

          (see commented out "testSystem" use case):<br>

        </div>

        <div><br>

        </div>

        <div>

          <div><a href="https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27" target="_blank">https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27</a></div>

        </div>

        <div><br>

        </div>

        <div>I can write this up into a formal bug if that helps.<br>

        </div>

      </div>

      <br>

      <div class="gmail_quote">

        <div dir="ltr" class="gmail_attr">On Fri, Apr 30, 2021 at 2:30

          AM Sean Coffey <<a href="mailto:coffeys@openjdk.java.net" target="_blank">coffeys@openjdk.java.net</a>>

          wrote:<br>

        </div>

        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On

          Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey <<a href="mailto:coffeys@openjdk.org" target="_blank">coffeys@openjdk.org</a>> wrote:<br>

          <br>

          >> Trivial enough change. Improved the exception thrown

          from JceKeyStore also.<br>

          ><br>

          > Sean Coffey has updated the pull request with a new

          target base due to a merge or a rebase. The incremental webrev

          excludes the unrelated changes brought in by the merge/rebase.

          The pull request contains four additional commits since the

          last revision:<br>

          > <br>

          >  - Check for null before try block<br>

          >  - Merge branch 'master' of <a href="https://github.com/openjdk/jdk" rel="noreferrer" target="_blank">https://github.com/openjdk/jdk</a>

          into JDK-8236671-NPE<br>

          >  - Fix white space<br>

          >  - 8236671: NullPointerException in JKS keystore<br>

          <br>

          KeyStore specification will be tightened up via another bug

          record: <a href="https://bugs.openjdk.java.net/browse/JDK-8266351" rel="noreferrer" target="_blank">https://bugs.openjdk.java.net/browse/JDK-8266351</a><br>

          <br>

          -------------<br>

          <br>

          PR: <a href="https://git.openjdk.java.net/jdk/pull/3588" rel="noreferrer" target="_blank">https://git.openjdk.java.net/jdk/pull/3588</a><br>

        </blockquote>

      </div>

    </blockquote>

  </div>

</blockquote></div>