[9] request for review 8079129: NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java

Weijun Wang weijun.wang at oracle.com
Tue May 5 14:52:32 UTC 2015


That's good, but there is no need to assign null in

        Certificate[] certs = null;

Or, maybe you can add "if (certs != null)" around the loop, but you 
might not like an extra indentation.

--Max

On 5/5/2015 10:44 PM, Vincent Ryan wrote:
> OK. How about this?
>
> --- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
> +++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
> @@ -1,5 +1,5 @@
>   /*
> - * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights
> reserved.
>    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>    *
>    * This code is free software; you can redistribute it and/or modify it
> @@ -1642,23 +1642,22 @@
>               Entry entry = entries.get(alias);
>
>
>               // certificate chain
> -            int chainLen = 1;
>               Certificate[] certs = null;
>
>
>               if (entry instanceof PrivateKeyEntry) {
>                   PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
> -                    if (keyEntry.chain == null) {
> -                        chainLen = 0;
> -                    } else {
> -                        chainLen = keyEntry.chain.length;
> -                    }
> -                certs = keyEntry.chain;
> -
> +                if (keyEntry.chain != null) {
> +                    certs = keyEntry.chain;
> +                } else {
> +                    certs = new Certificate[0];
> +                }
>               } else if (entry instanceof CertEntry) {
> -               certs = new Certificate[]{((CertEntry) entry).cert};
> +                certs = new Certificate[]{((CertEntry) entry).cert};
> +            } else {
> +                certs = new Certificate[0];
>               }
>
>
> -            for (int i = 0; i < chainLen; i++) {
> +            for (int i = 0; i < certs.length; i++) {
>                   // create SafeBag of Type CertBag
>                   DerOutputStream safeBag = new DerOutputStream();
>                   safeBag.putOID(CertBag_OID);
>
>
>
>> On 5 May 2015, at 15:10, Weijun Wang <weijun.wang at oracle.com
>> <mailto:weijun.wang at oracle.com>> wrote:
>>
>> Anyway it looks redundant and error-prone to maintain the length of an
>> array in a separate variable.
>>
>> --Max
>>
>> On 5/5/2015 8:32 PM, Vincent Ryan wrote:
>>> Replacing the for loop below with a for-each loop on certs would be
>>> fine except that certs can be null.
>>> I could initialize certs with an empty array on each iteration of the
>>> outer loop but it doesn’t seem to gain much overall.
>>>
>>>
>>>> On 4 May 2015, at 13:10, Weijun Wang <weijun.wang at oracle.com
>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>>
>>>> 1662             for (int i = 0; i < chainLen; i++) {
>>>>
>>>>
>>>> On 5/4/2015 6:08 PM, Vincent Ryan wrote:
>>>>> Which line?
>>>>>
>>>>>> On 2 May 2015, at 02:22, Weijun Wang <weijun.wang at oracle.com
>>>>>> <mailto:weijun.wang at oracle.com>> wrote:
>>>>>>
>>>>>> Is it safe to just run for-each on certs (if it's not null)?
>>>>>>
>>>>>> --Max
>>>>>>
>>>>>> On 5/2/2015 6:39 AM, Vincent Ryan wrote:
>>>>>>> Please review this fix to correct the PKCS12 encoding when a
>>>>>>> secret key is being stored in one keystore entry and a
>>>>>>> certificate in another.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>>
>>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8079129
>>>>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8079129/webrev.00/
>>>>>>>
>>>>>
>>>
>


More information about the security-dev mailing list