8358076: KeyFactory.getInstance("EdDSA").generatePublic(null) throws NPE

Anthony Scarpino · Anthony Scarpino · commit c9d6e01233fb · 2025-05-30T20:13:00.000Z
Reviewed-by: weijun
diff --git a/src/java.base/share/classes/sun/security/ec/ECKeyFactory.java b/src/java.base/share/classes/sun/security/ec/ECKeyFactory.java
@@ -219,6 +219,8 @@ private PublicKey implGeneratePublic(KeySpec keySpec)
                 }
                 yield new ECPublicKeyImpl(p8key.getPubKeyEncoded());
             }
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
             default ->
                 throw new InvalidKeySpecException(keySpec.getClass().getName() +
                     " not supported.");
@@ -239,6 +241,8 @@ private PrivateKey implGeneratePrivate(KeySpec keySpec)
             }
             case ECPrivateKeySpec e ->
                 new ECPrivateKeyImpl(e.getS(), e.getParams());
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
             default ->
                 throw new InvalidKeySpecException(keySpec.getClass().getName() +
                     " not supported.");
diff --git a/src/java.base/share/classes/sun/security/ec/XDHKeyFactory.java b/src/java.base/share/classes/sun/security/ec/XDHKeyFactory.java
@@ -144,64 +144,72 @@ protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
     private PublicKey generatePublicImpl(KeySpec keySpec)
         throws InvalidKeyException, InvalidKeySpecException {
 
-        if (keySpec instanceof X509EncodedKeySpec) {
-            X509EncodedKeySpec x509Spec = (X509EncodedKeySpec) keySpec;
-            XDHPublicKeyImpl result =
-                new XDHPublicKeyImpl(x509Spec.getEncoded());
-            checkLockedParams(InvalidKeySpecException::new,
-                result.getParams());
-            return result;
-        } else if (keySpec instanceof XECPublicKeySpec) {
-            XECPublicKeySpec publicKeySpec = (XECPublicKeySpec) keySpec;
-            XECParameters params = XECParameters.get(
-                InvalidKeySpecException::new, publicKeySpec.getParams());
-            checkLockedParams(InvalidKeySpecException::new, params);
-            return new XDHPublicKeyImpl(params, publicKeySpec.getU());
-        } else if (keySpec instanceof PKCS8EncodedKeySpec p8) {
-            PKCS8Key p8key = new XDHPrivateKeyImpl(p8.getEncoded());
-            if (!p8key.hasPublicKey()) {
-                throw new InvalidKeySpecException("No public key found.");
+        return switch (keySpec) {
+            case X509EncodedKeySpec x509Spec -> {
+                XDHPublicKeyImpl result =
+                    new XDHPublicKeyImpl(x509Spec.getEncoded());
+                checkLockedParams(InvalidKeySpecException::new,
+                    result.getParams());
+                yield result;
             }
-            XDHPublicKeyImpl result =
-                new XDHPublicKeyImpl(p8key.getPubKeyEncoded());
-            checkLockedParams(InvalidKeySpecException::new,
-                result.getParams());
-            return result;
-        } else {
-            throw new InvalidKeySpecException(keySpec.getClass().getName() +
-                " not supported.");
-        }
+            case XECPublicKeySpec publicKeySpec -> {
+                XECParameters params = XECParameters.get(
+                    InvalidKeySpecException::new, publicKeySpec.getParams());
+                checkLockedParams(InvalidKeySpecException::new, params);
+                yield new XDHPublicKeyImpl(params, publicKeySpec.getU());
+            }
+            case PKCS8EncodedKeySpec p8 -> {
+                PKCS8Key p8key = new XDHPrivateKeyImpl(p8.getEncoded());
+                if (!p8key.hasPublicKey()) {
+                    throw new InvalidKeySpecException("No public key found.");
+                }
+                XDHPublicKeyImpl result =
+                    new XDHPublicKeyImpl(p8key.getPubKeyEncoded());
+                checkLockedParams(InvalidKeySpecException::new,
+                    result.getParams());
+                yield result;
+            }
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
+            default ->
+                throw new InvalidKeySpecException(keySpec.getClass().getName() +
+                    " not supported.");
+        };
     }
 
     private PrivateKey generatePrivateImpl(KeySpec keySpec)
         throws InvalidKeyException, InvalidKeySpecException {
 
-        if (keySpec instanceof PKCS8EncodedKeySpec) {
-            PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec) keySpec;
-            byte[] encoded = pkcsSpec.getEncoded();
-            try {
-                XDHPrivateKeyImpl result = new XDHPrivateKeyImpl(encoded);
-                checkLockedParams(InvalidKeySpecException::new,
+        return switch (keySpec) {
+            case PKCS8EncodedKeySpec pkcsSpec -> {
+                byte[] encoded = pkcsSpec.getEncoded();
+                try {
+                    XDHPrivateKeyImpl result = new XDHPrivateKeyImpl(encoded);
+                    checkLockedParams(InvalidKeySpecException::new,
                         result.getParams());
-                return result;
-            } finally {
-                Arrays.fill(encoded, (byte) 0);
+                    yield result;
+                } finally {
+                    Arrays.fill(encoded, (byte) 0);
+                }
             }
-        } else if (keySpec instanceof XECPrivateKeySpec) {
-            XECPrivateKeySpec privateKeySpec = (XECPrivateKeySpec) keySpec;
-            XECParameters params = XECParameters.get(
-                InvalidKeySpecException::new, privateKeySpec.getParams());
-            checkLockedParams(InvalidKeySpecException::new, params);
-            byte[] scalar = privateKeySpec.getScalar();
-            try {
-                return new XDHPrivateKeyImpl(params, scalar);
-            } finally {
-                Arrays.fill(scalar, (byte)0);
+            case XECPrivateKeySpec privateKeySpec -> {
+                XECParameters params = XECParameters.get(
+                    InvalidKeySpecException::new, privateKeySpec.getParams());
+                checkLockedParams(InvalidKeySpecException::new, params);
+
+                byte[] scalar = privateKeySpec.getScalar();
+                try {
+                    yield new XDHPrivateKeyImpl(params, scalar);
+                } finally {
+                    Arrays.fill(scalar, (byte) 0);
+                }
             }
-        } else {
-            throw new InvalidKeySpecException(
-                "Only PKCS8EncodedKeySpec and XECPrivateKeySpec supported");
-        }
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
+            default ->
+                throw new InvalidKeySpecException(keySpec.getClass().getName() +
+                    " not supported.");
+        };
     }
 
     protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
diff --git a/src/java.base/share/classes/sun/security/ec/ed/EdDSAKeyFactory.java b/src/java.base/share/classes/sun/security/ec/ed/EdDSAKeyFactory.java
@@ -137,61 +137,68 @@ protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
     private PublicKey generatePublicImpl(KeySpec keySpec)
         throws InvalidKeyException, InvalidKeySpecException {
 
-        if (keySpec instanceof X509EncodedKeySpec) {
-            X509EncodedKeySpec x509Spec = (X509EncodedKeySpec) keySpec;
-            EdDSAPublicKeyImpl result =
-                new EdDSAPublicKeyImpl(x509Spec.getEncoded());
-            checkLockedParams(InvalidKeySpecException::new,
-                result.getParams());
-            return result;
-        } else if (keySpec instanceof EdECPublicKeySpec) {
-            EdECPublicKeySpec publicKeySpec = (EdECPublicKeySpec) keySpec;
-            EdDSAParameters params = EdDSAParameters.get(
-                InvalidKeySpecException::new, publicKeySpec.getParams());
-            checkLockedParams(InvalidKeySpecException::new, params);
-            return new EdDSAPublicKeyImpl(params, publicKeySpec.getPoint());
-        } else if (keySpec instanceof PKCS8EncodedKeySpec p8) {
-            PKCS8Key p8key = new EdDSAPrivateKeyImpl(p8.getEncoded());
-            if (!p8key.hasPublicKey()) {
-                throw new InvalidKeySpecException("No public key found.");
+        return switch (keySpec) {
+            case X509EncodedKeySpec x509Spec -> {
+                EdDSAPublicKeyImpl result =
+                    new EdDSAPublicKeyImpl(x509Spec.getEncoded());
+                checkLockedParams(InvalidKeySpecException::new,
+                    result.getParams());
+                yield result;
             }
-            return new EdDSAPublicKeyImpl(p8key.getPubKeyEncoded());
-        } else {
-            throw new InvalidKeySpecException(keySpec.getClass().getName() +
-                " not supported.");
-        }
+            case EdECPublicKeySpec publicKeySpec -> {
+                EdDSAParameters params = EdDSAParameters.get(
+                    InvalidKeySpecException::new, publicKeySpec.getParams());
+                checkLockedParams(InvalidKeySpecException::new, params);
+                yield new EdDSAPublicKeyImpl(params, publicKeySpec.getPoint());
+            }
+            case PKCS8EncodedKeySpec p8 -> {
+                PKCS8Key p8key = new EdDSAPrivateKeyImpl(p8.getEncoded());
+                if (!p8key.hasPublicKey()) {
+                    throw new InvalidKeySpecException("No public key found.");
+                }
+                yield new EdDSAPublicKeyImpl(p8key.getPubKeyEncoded());
+            }
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
+            default ->
+                throw new InvalidKeySpecException(keySpec.getClass().getName() +
+                    " not supported.");
+        };
     }
 
     private PrivateKey generatePrivateImpl(KeySpec keySpec)
         throws InvalidKeyException, InvalidKeySpecException {
 
-        if (keySpec instanceof PKCS8EncodedKeySpec) {
-            PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec) keySpec;
-            byte[] encoded = pkcsSpec.getEncoded();
-            try {
-                EdDSAPrivateKeyImpl result =
+        return switch (keySpec) {
+            case PKCS8EncodedKeySpec pkcsSpec -> {
+                byte[] encoded = pkcsSpec.getEncoded();
+                try {
+                    EdDSAPrivateKeyImpl result =
                         new EdDSAPrivateKeyImpl(encoded);
-                checkLockedParams(InvalidKeySpecException::new,
+                    checkLockedParams(InvalidKeySpecException::new,
                         result.getParams());
-                return result;
-            } finally {
-                Arrays.fill(encoded, (byte) 0);
+                    yield result;
+                } finally {
+                    Arrays.fill(encoded, (byte) 0);
+                }
             }
-        } else if (keySpec instanceof EdECPrivateKeySpec) {
-            EdECPrivateKeySpec privateKeySpec = (EdECPrivateKeySpec) keySpec;
-            EdDSAParameters params = EdDSAParameters.get(
-                InvalidKeySpecException::new, privateKeySpec.getParams());
-            checkLockedParams(InvalidKeySpecException::new, params);
-            byte[] bytes = privateKeySpec.getBytes();
-            try {
-                return new EdDSAPrivateKeyImpl(params, bytes);
-            } finally {
-                Arrays.fill(bytes, (byte)0);
+            case EdECPrivateKeySpec privateKeySpec -> {
+                EdDSAParameters params = EdDSAParameters.get(
+                    InvalidKeySpecException::new, privateKeySpec.getParams());
+                checkLockedParams(InvalidKeySpecException::new, params);
+                byte[] bytes = privateKeySpec.getBytes();
+                try {
+                    yield new EdDSAPrivateKeyImpl(params, bytes);
+                } finally {
+                    Arrays.fill(bytes, (byte) 0);
+                }
             }
-        } else {
-            throw new InvalidKeySpecException(
-                "Only PKCS8EncodedKeySpec and EdECPrivateKeySpec supported");
-        }
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
+            default ->
+                throw new InvalidKeySpecException(keySpec.getClass().getName() +
+                    " not supported.");
+        };
     }
 
     protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
diff --git a/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java b/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java
@@ -320,71 +320,83 @@ private PrivateKey translatePrivateKey(PrivateKey key)
     // internal implementation of generatePublic. See JCA doc
     private PublicKey generatePublic(KeySpec keySpec)
             throws GeneralSecurityException {
-        if (keySpec instanceof X509EncodedKeySpec) {
-            return RSAPublicKeyImpl.newKey(type, "X.509",
-                    ((X509EncodedKeySpec)keySpec).getEncoded());
-        } else if (keySpec instanceof RSAPublicKeySpec rsaSpec) {
-            try {
-                return new RSAPublicKeyImpl(
-                    type, rsaSpec.getParams(),
-                    rsaSpec.getModulus(),
-                    rsaSpec.getPublicExponent()
-                );
-            } catch (ProviderException e) {
-                throw new InvalidKeySpecException(e);
+        return switch (keySpec) {
+            case X509EncodedKeySpec x509 ->
+                RSAPublicKeyImpl.newKey(type, "X.509", x509.getEncoded());
+
+            case RSAPublicKeySpec rsaSpec -> {
+                try {
+                    yield new RSAPublicKeyImpl(
+                        type, rsaSpec.getParams(),
+                        rsaSpec.getModulus(),
+                        rsaSpec.getPublicExponent()
+                    );
+                } catch (ProviderException e) {
+                    throw new InvalidKeySpecException(e);
+                }
             }
-        } else if (keySpec instanceof PKCS8EncodedKeySpec p8) {
-            PKCS8Key p8key = new PKCS8Key(p8.getEncoded());
-            if (!p8key.hasPublicKey()) {
-                throw new InvalidKeySpecException("No public key found.");
+            case PKCS8EncodedKeySpec p8 -> {
+                PKCS8Key p8key = new PKCS8Key(p8.getEncoded());
+                if (!p8key.hasPublicKey()) {
+                    throw new InvalidKeySpecException("No public key found.");
+                }
+                yield RSAPublicKeyImpl.newKey(type, "X.509",
+                    p8key.getPubKeyEncoded());
             }
-            return RSAPublicKeyImpl.newKey(type, "X.509",
-                p8key.getPubKeyEncoded());
-        } else {
-            throw new InvalidKeySpecException(keySpec.getClass().getName() + " not supported.");
-        }
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
+            default ->
+                throw new InvalidKeySpecException(keySpec.getClass().getName() +
+                    " not supported.");
+        };
     }
 
     // internal implementation of generatePrivate. See JCA doc
     private PrivateKey generatePrivate(KeySpec keySpec)
             throws GeneralSecurityException {
-        if (keySpec instanceof PKCS8EncodedKeySpec) {
-            byte[] encoded = ((PKCS8EncodedKeySpec)keySpec).getEncoded();
-            try {
-                return RSAPrivateCrtKeyImpl.newKey(type, "PKCS#8", encoded);
-            } finally {
-                Arrays.fill(encoded, (byte)0);
+        return switch (keySpec) {
+            case PKCS8EncodedKeySpec p8 -> {
+                byte[] encoded = p8.getEncoded();
+                try {
+                    yield RSAPrivateCrtKeyImpl.newKey(type, "PKCS#8", encoded);
+                } finally {
+                    Arrays.fill(encoded, (byte) 0);
+                }
             }
-        } else if (keySpec instanceof RSAPrivateCrtKeySpec rsaSpec) {
-            try {
-                return new RSAPrivateCrtKeyImpl(
-                    type, rsaSpec.getParams(),
-                    rsaSpec.getModulus(),
-                    rsaSpec.getPublicExponent(),
-                    rsaSpec.getPrivateExponent(),
-                    rsaSpec.getPrimeP(),
-                    rsaSpec.getPrimeQ(),
-                    rsaSpec.getPrimeExponentP(),
-                    rsaSpec.getPrimeExponentQ(),
-                    rsaSpec.getCrtCoefficient()
-                );
-            } catch (ProviderException e) {
-                throw new InvalidKeySpecException(e);
+            case RSAPrivateCrtKeySpec rsaSpec -> {
+                try {
+                    yield new RSAPrivateCrtKeyImpl(
+                        type, rsaSpec.getParams(),
+                        rsaSpec.getModulus(),
+                        rsaSpec.getPublicExponent(),
+                        rsaSpec.getPrivateExponent(),
+                        rsaSpec.getPrimeP(),
+                        rsaSpec.getPrimeQ(),
+                        rsaSpec.getPrimeExponentP(),
+                        rsaSpec.getPrimeExponentQ(),
+                        rsaSpec.getCrtCoefficient()
+                    );
+                } catch (ProviderException e) {
+                    throw new InvalidKeySpecException(e);
+                }
             }
-        } else if (keySpec instanceof RSAPrivateKeySpec rsaSpec) {
-            try {
-                return new RSAPrivateKeyImpl(
-                    type, rsaSpec.getParams(),
-                    rsaSpec.getModulus(),
-                    rsaSpec.getPrivateExponent()
-                );
-            } catch (ProviderException e) {
-                throw new InvalidKeySpecException(e);
+            case RSAPrivateKeySpec rsaSpec -> {
+                try {
+                    yield new RSAPrivateKeyImpl(
+                        type, rsaSpec.getParams(),
+                        rsaSpec.getModulus(),
+                        rsaSpec.getPrivateExponent()
+                    );
+                } catch (ProviderException e) {
+                    throw new InvalidKeySpecException(e);
+                }
             }
-        } else {
-            throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec "
-                + "and PKCS8EncodedKeySpec supported for RSA private keys");
-        }
+            case null -> throw new InvalidKeySpecException(
+                "keySpec must not be null");
+            default ->
+                throw new InvalidKeySpecException(keySpec.getClass().getName() +
+                    " not supported.");
+        };
     }
 
     protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)

Original file line number	Diff line number	Diff line change
`@@ -219,6 +219,8 @@ private PublicKey implGeneratePublic(KeySpec keySpec)`
`219`	`219`	`}`
`220`	`220`	`yield new ECPublicKeyImpl(p8key.getPubKeyEncoded());`
`221`	`221`	`}`
	`222`	`+ case null -> throw new InvalidKeySpecException(`
	`223`	`+ "keySpec must not be null");`
`222`	`224`	`default ->`
`223`	`225`	`throw new InvalidKeySpecException(keySpec.getClass().getName() +`
`224`	`226`	`" not supported.");`
`@@ -239,6 +241,8 @@ private PrivateKey implGeneratePrivate(KeySpec keySpec)`
`239`	`241`	`}`
`240`	`242`	`case ECPrivateKeySpec e ->`
`241`	`243`	`new ECPrivateKeyImpl(e.getS(), e.getParams());`
	`244`	`+ case null -> throw new InvalidKeySpecException(`
	`245`	`+ "keySpec must not be null");`
`242`	`246`	`default ->`
`243`	`247`	`throw new InvalidKeySpecException(keySpec.getClass().getName() +`
`244`	`248`	`" not supported.");`