[9] request for review 8079129: NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java

Vincent Ryan vincent.x.ryan at oracle.com
Tue May 5 14:44:20 UTC 2015


OK. How about this?

--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1642,23 +1642,22 @@
             Entry entry = entries.get(alias);
 
             // certificate chain
-            int chainLen = 1;
             Certificate[] certs = null;
 
             if (entry instanceof PrivateKeyEntry) {
                 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
-                    if (keyEntry.chain == null) {
-                        chainLen = 0;
-                    } else {
-                        chainLen = keyEntry.chain.length;
-                    }
-                certs = keyEntry.chain;
-
+                if (keyEntry.chain != null) {
+                    certs = keyEntry.chain;
+                } else {
+                    certs = new Certificate[0];
+                }
             } else if (entry instanceof CertEntry) {
-               certs = new Certificate[]{((CertEntry) entry).cert};
+                certs = new Certificate[]{((CertEntry) entry).cert};
+            } else {
+                certs = new Certificate[0];
             }
 
-            for (int i = 0; i < chainLen; i++) {
+            for (int i = 0; i < certs.length; i++) {
                 // create SafeBag of Type CertBag
                 DerOutputStream safeBag = new DerOutputStream();
                 safeBag.putOID(CertBag_OID);



> On 5 May 2015, at 15:10, Weijun Wang <weijun.wang at oracle.com> wrote:
> 
> Anyway it looks redundant and error-prone to maintain the length of an array in a separate variable.
> 
> --Max
> 
> On 5/5/2015 8:32 PM, Vincent Ryan wrote:
>> Replacing the for loop below with a for-each loop on certs would be fine except that certs can be null.
>> I could initialize certs with an empty array on each iteration of the outer loop but it doesn’t seem to gain much overall.
>> 
>> 
>>> On 4 May 2015, at 13:10, Weijun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> 1662             for (int i = 0; i < chainLen; i++) {
>>> 
>>> 
>>> On 5/4/2015 6:08 PM, Vincent Ryan wrote:
>>>> Which line?
>>>> 
>>>>> On 2 May 2015, at 02:22, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>> 
>>>>> Is it safe to just run for-each on certs (if it's not null)?
>>>>> 
>>>>> --Max
>>>>> 
>>>>> On 5/2/2015 6:39 AM, Vincent Ryan wrote:
>>>>>> Please review this fix to correct the PKCS12 encoding when a secret key is being stored in one keystore entry and a certificate in another.
>>>>>> 
>>>>>> Thanks.
>>>>>> 
>>>>>> 
>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8079129
>>>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8079129/webrev.00/
>>>>>> 
>>>> 
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20150505/2b4dec98/attachment-0001.html>


More information about the security-dev mailing list