<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Thanks for the pointers Will. <br>
</p>
<p>I've added your details to the JDK-8266351 bug report.<br>
<a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8266351">https://bugs.openjdk.java.net/browse/JDK-8266351</a></p>
<p>regards,<br>
Sean.<br>
</p>
<div class="moz-cite-prefix">On 24/05/2021 18:53, Will Sargent
wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAAvUidMBfzn8VmngYF6HkY-CeYOLVwnN9ioNbtkjAsFvkiL=OQ@mail.gmail.com">
<div dir="ltr">
<div>I have tried to sign up to the bug tracking system (through
reset password I think?) but I'm not getting an email out, so
I can't add to the bug.</div>
<div><br>
</div>
<div>I have created a test case in Github:<br>
</div>
<div><br>
</div>
<div><a href="https://urldefense.com/v3/__https://github.com/wsargent/jca-key-failure/__;!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeXM5lj3g$" moz-do-not-send="true">https://github.com/wsargent/jca-key-failure/</a></div>
<div><br>
</div>
<div>The stack trace shows the invalid key store entry after
saving and loading it again.<br>
</div>
<div><br>
</div>
<div><a href="https://urldefense.com/v3/__https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java*L68__;Iw!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeC27YT_w$" moz-do-not-send="true">https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java#L68</a></div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Apr 30, 2021 at 12:40
PM Seán Coffey <<a href="mailto:sean.coffey@oracle.com" moz-do-not-send="true">sean.coffey@oracle.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Thanks for the feedback Will. It would be useful if you
can provide a testcase and/or add comments to <a href="https://bugs.openjdk.java.net/browse/JDK-8266351" rel="noreferrer" target="_blank" moz-do-not-send="true">JDK-8266351</a>
on your experience.</p>
<p>regards,<br>
Sean.<br>
</p>
<div>On 30/04/2021 17:54, Will Sargent wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>> <span></span> KeyStore specification will be
tightened up via another bug record <br>
</div>
<div><br>
</div>
<div>This would be super helpful, as one thing that
confuses me is what the relationship is between a key
entry and a key alias -- in particular, the existence
alias doesn't seem to guarantee a valid entry that can
be retrieved.<br>
</div>
<div><br>
</div>
<div> In JDK 11 it's possible to create a private key
with a keystore using pkcs12<span>.</span>setKeyEntry()
(see link below):<br>
</div>
<div><br>
</div>
<div><a href="https://urldefense.com/v3/__https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java*L135__;Iw!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeUj8qrfw$" target="_blank" moz-do-not-send="true">https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135</a></div>
<div><br>
</div>
<div>and then have a null pointer exception when
retrieving the entry from the alias because the
certificate chain is null (see commented out
"testSystem" use case):<br>
</div>
<div><br>
</div>
<div>
<div><a href="https://urldefense.com/v3/__https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java*L27__;Iw!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEwedESajqLA$" target="_blank" moz-do-not-send="true">https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27</a></div>
</div>
<div><br>
</div>
<div>I can write this up into a formal bug if that
helps.<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Apr 30, 2021
at 2:30 AM Sean Coffey <<a href="mailto:coffeys@openjdk.java.net" target="_blank" moz-do-not-send="true">coffeys@openjdk.java.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">On Wed, 28 Apr 2021
12:39:42 GMT, Sean Coffey <<a href="mailto:coffeys@openjdk.org" target="_blank" moz-do-not-send="true">coffeys@openjdk.org</a>>
wrote:<br>
<br>
>> Trivial enough change. Improved the exception
thrown from JceKeyStore also.<br>
><br>
> Sean Coffey has updated the pull request with a
new target base due to a merge or a rebase. The
incremental webrev excludes the unrelated changes
brought in by the merge/rebase. The pull request
contains four additional commits since the last
revision:<br>
> <br>
> - Check for null before try block<br>
> - Merge branch 'master' of <a href="https://urldefense.com/v3/__https://github.com/openjdk/jdk__;!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeOltfJww$" rel="noreferrer" target="_blank" moz-do-not-send="true">https://github.com/openjdk/jdk</a>
into JDK-8236671-NPE<br>
> - Fix white space<br>
> - 8236671: NullPointerException in JKS keystore<br>
<br>
KeyStore specification will be tightened up via
another bug record: <a href="https://bugs.openjdk.java.net/browse/JDK-8266351" rel="noreferrer" target="_blank" moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8266351</a><br>
<br>
-------------<br>
<br>
PR: <a href="https://git.openjdk.java.net/jdk/pull/3588" rel="noreferrer" target="_blank" moz-do-not-send="true">https://git.openjdk.java.net/jdk/pull/3588</a><br>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>