-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8236671: NullPointerException in JKS keystore #3588
Conversation
👋 Welcome back coffeys! A progress list of the required criteria for merging this PR into |
Webrevs
|
It looks like a public behavior change to me. Did you want to file a CSR and update the specification (KeyStore) as well? I think it would be nice if we could keep use the old exception, IllegalArgumentException, as described in the bug. |
@XueleiFan - The spec in question has been broken for almost 3 years with the throwing of NPE. One issue here is that Sun provider with JKS keystore will throw IllegalArgumentException in older JDK versions but the SunJCE provider and JCEKS keystore throws KeyStoreException when null password is encountered . There's a mismatch. To me, it looks like KeyStoreException is the correct exception in such scenarios (and according to API spec) I can file a CSR to have the implementation adhere to spec if that's desired. |
It makes sense to me. I think it would be good to have this stated in the spec in case more mismatch introduced in the future. |
@@ -287,6 +287,9 @@ public void engineSetKeyEntry(String alias, Key key, char[] password, | |||
entry.date = new Date(); | |||
|
|||
// Protect the encoding of the key | |||
if (password == null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could move this check earlier, before the try block.
/csr I'll log a CSR to highlight the behavioural difference/correction being made to the SUN JKS type keystore. |
@coffeys has indicated that a compatibility and specification (CSR) request is needed for this pull request. |
/csr unneeded |
KeyStore specification will be tightened up via another bug record: https://bugs.openjdk.java.net/browse/JDK-8266351 |
@coffeys This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 149 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
/integrate |
@coffeys Since your change was applied there have been 149 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit 276a1bf. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Mailing list message from Will Sargent on security-dev:
This would be super helpful, as one thing that confuses me is what the In JDK 11 it's possible to create a private key with a keystore using pkcs12 https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135 and then have a null pointer exception when retrieving the entry from the https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27 I can write this up into a formal bug if that helps. On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey <coffeys at openjdk.java.net> -------------- next part -------------- |
1 similar comment
Mailing list message from Will Sargent on security-dev:
This would be super helpful, as one thing that confuses me is what the In JDK 11 it's possible to create a private key with a keystore using pkcs12 https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135 and then have a null pointer exception when retrieving the entry from the https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27 I can write this up into a formal bug if that helps. On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey <coffeys at openjdk.java.net> -------------- next part -------------- |
Mailing list message from Se=c3=a1n Coffey on security-dev: Thanks for the feedback Will. It would be useful if you can provide a regards, On 30/04/2021 17:54, Will Sargent wrote: |
1 similar comment
Mailing list message from Se=c3=a1n Coffey on security-dev: Thanks for the feedback Will. It would be useful if you can provide a regards, On 30/04/2021 17:54, Will Sargent wrote: |
Mailing list message from Will Sargent on security-dev: I have tried to sign up to the bug tracking system (through reset password I have created a test case in Github: https://github.com/wsargent/jca-key-failure/ The stack trace shows the invalid key store entry after saving and loading https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java#L68 On Fri, Apr 30, 2021 at 12:40 PM Se?n Coffey <sean.coffey at oracle.com> wrote:
-------------- next part -------------- |
Mailing list message from Se=c3=a1n Coffey on security-dev: Thanks for the pointers Will. I've added your details to the JDK-8266351 bug report. regards, On 24/05/2021 18:53, Will Sargent wrote:
-------------- next part -------------- |
1 similar comment
Mailing list message from Se=c3=a1n Coffey on security-dev: Thanks for the pointers Will. I've added your details to the JDK-8266351 bug report. regards, On 24/05/2021 18:53, Will Sargent wrote:
-------------- next part -------------- |
Trivial enough change. Improved the exception thrown from JceKeyStore also.
Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/3588/head:pull/3588
$ git checkout pull/3588
Update a local copy of the PR:
$ git checkout pull/3588
$ git pull https://git.openjdk.java.net/jdk pull/3588/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 3588
View PR using the GUI difftool:
$ git pr show -t 3588
Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/3588.diff