(JDK-8266351) Re: [External] : Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

[Seán Coffey]

Thanks for the pointers Will.

I've added your details to the JDK-8266351 bug report.
https://bugs.openjdk.java.net/browse/JDK-8266351

regards,
Sean.

On 24/05/2021 18:53, Will Sargent wrote:
I have tried to sign up to the bug tracking system (through reset 
password I think?) but I'm not getting an email out, so I can't add to 
the bug.


I have created a test case in Github:

https://github.com/wsargent/jca-key-failure/ 



The stack trace shows the invalid key store entry after saving and 
loading it again.


https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java#L68 



On Fri, Apr 30, 2021 at 12:40 PM Seán Coffey > wrote:


Thanks for the feedback Will. It would be useful if you can
provide a testcase and/or add comments to JDK-8266351
 on your experience.

regards,
Sean.

On 30/04/2021 17:54, Will Sargent wrote:

> KeyStore specification will be tightened up via another bug record

This would be super helpful, as one thing that confuses me is
what the relationship is between a key entry and a key alias --
in particular, the existence alias doesn't seem to guarantee a
valid entry that can be retrieved.

In JDK 11 it's possible to create a private key with a keystore
using pkcs12.setKeyEntry() (see link below):


https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135



and then have a null pointer exception when retrieving the entry
from the alias because the certificate chain is null (see
commented out "testSystem" use case):


https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27



I can write this up into a formal bug if that helps.

On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey
mailto:coff...@openjdk.java.net>> wrote:

On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey
mailto:coff...@openjdk.org>> wrote:

>> Trivial enough change. Improved the exception thrown from
JceKeyStore also.
>
> Sean Coffey has updated the pull request with a new target
base due to a merge or a rebase. The incremental webrev
excludes the unrelated changes brought in by the
merge/rebase. The pull request contains four additional
commits since the last revision:
>
>  - Check for null before try block
>  - Merge branch 'master' of https://github.com/openjdk/jdk


into JDK-8236671-NPE
>  - Fix white space
>  - 8236671: NullPointerException in JKS keystore

KeyStore specification will be tightened up via another bug
record: https://bugs.openjdk.java.net/browse/JDK-8266351


-

PR: https://git.openjdk.java.net/jdk/pull/3588

Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

[Will Sargent]

I have tried to sign up to the bug tracking system (through reset password
I think?) but I'm not getting an email out, so I can't add to the bug.

I have created a test case in Github:

https://github.com/wsargent/jca-key-failure/

The stack trace shows the invalid key store entry after saving and loading
it again.

https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java#L68

On Fri, Apr 30, 2021 at 12:40 PM Seán Coffey  wrote:

> Thanks for the feedback Will. It would be useful if you can provide a
> testcase and/or add comments to JDK-8266351
>  on your experience.
>
> regards,
> Sean.
> On 30/04/2021 17:54, Will Sargent wrote:
>
> > KeyStore specification will be tightened up via another bug record
>
> This would be super helpful, as one thing that confuses me is what the
> relationship is between a key entry and a key alias -- in particular, the
> existence alias doesn't seem to guarantee a valid entry that can be
> retrieved.
>
> In JDK 11 it's possible to create a private key with a keystore using
> pkcs12.setKeyEntry() (see link below):
>
>
> https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135
>
> and then have a null pointer exception when retrieving the entry from the
> alias because the certificate chain is null (see commented out "testSystem"
> use case):
>
>
> https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27
>
> I can write this up into a formal bug if that helps.
>
> On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey 
> wrote:
>
>> On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey 
>> wrote:
>>
>> >> Trivial enough change. Improved the exception thrown from JceKeyStore
>> also.
>> >
>> > Sean Coffey has updated the pull request with a new target base due to
>> a merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains four additional
>> commits since the last revision:
>> >
>> >  - Check for null before try block
>> >  - Merge branch 'master' of https://github.com/openjdk/jdk into
>> JDK-8236671-NPE
>> >  - Fix white space
>> >  - 8236671: NullPointerException in JKS keystore
>>
>> KeyStore specification will be tightened up via another bug record:
>> https://bugs.openjdk.java.net/browse/JDK-8266351
>>
>> -
>>
>> PR: https://git.openjdk.java.net/jdk/pull/3588
>>
>

Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

[Seán Coffey]

Thanks for the feedback Will. It would be useful if you can provide a 
testcase and/or add comments to JDK-8266351 
 on your experience.


regards,
Sean.

On 30/04/2021 17:54, Will Sargent wrote:

> KeyStore specification will be tightened up via another bug record

This would be super helpful, as one thing that confuses me is what the 
relationship is between a key entry and a key alias -- in particular, 
the existence alias doesn't seem to guarantee a valid entry that can 
be retrieved.


In JDK 11 it's possible to create a private key with a keystore using 
pkcs12.setKeyEntry() (see link below):


https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135 



and then have a null pointer exception when retrieving the entry from 
the alias because the certificate chain is null (see commented out 
"testSystem" use case):


https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27 



I can write this up into a formal bug if that helps.

On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey > wrote:


On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey mailto:coff...@openjdk.org>> wrote:

>> Trivial enough change. Improved the exception thrown from
JceKeyStore also.
>
> Sean Coffey has updated the pull request with a new target base
due to a merge or a rebase. The incremental webrev excludes the
unrelated changes brought in by the merge/rebase. The pull request
contains four additional commits since the last revision:
>
>  - Check for null before try block
>  - Merge branch 'master' of https://github.com/openjdk/jdk
 into JDK-8236671-NPE
>  - Fix white space
>  - 8236671: NullPointerException in JKS keystore

KeyStore specification will be tightened up via another bug
record: https://bugs.openjdk.java.net/browse/JDK-8266351


-

PR: https://git.openjdk.java.net/jdk/pull/3588

Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

[Will Sargent]

> KeyStore specification will be tightened up via another bug record

This would be super helpful, as one thing that confuses me is what the
relationship is between a key entry and a key alias -- in particular, the
existence alias doesn't seem to guarantee a valid entry that can be
retrieved.

In JDK 11 it's possible to create a private key with a keystore using pkcs12
.setKeyEntry() (see link below):

https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135

and then have a null pointer exception when retrieving the entry from the
alias because the certificate chain is null (see commented out "testSystem"
use case):

https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27

I can write this up into a formal bug if that helps.

On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey 
wrote:

> On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey  wrote:
>
> >> Trivial enough change. Improved the exception thrown from JceKeyStore
> also.
> >
> > Sean Coffey has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev excludes the unrelated changes
> brought in by the merge/rebase. The pull request contains four additional
> commits since the last revision:
> >
> >  - Check for null before try block
> >  - Merge branch 'master' of https://github.com/openjdk/jdk into
> JDK-8236671-NPE
> >  - Fix white space
> >  - 8236671: NullPointerException in JKS keystore
>
> KeyStore specification will be tightened up via another bug record:
> https://bugs.openjdk.java.net/browse/JDK-8266351
>
> -
>
> PR: https://git.openjdk.java.net/jdk/pull/3588
>

Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

[Sean Coffey]

On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey  wrote:

>> Trivial enough change. Improved the exception thrown from JceKeyStore also.
>
> Sean Coffey has updated the pull request with a new target base due to a 
> merge or a rebase. The incremental webrev excludes the unrelated changes 
> brought in by the merge/rebase. The pull request contains four additional 
> commits since the last revision:
> 
>  - Check for null before try block
>  - Merge branch 'master' of https://github.com/openjdk/jdk into 
> JDK-8236671-NPE
>  - Fix white space
>  - 8236671: NullPointerException in JKS keystore

KeyStore specification will be tightened up via another bug record: 
https://bugs.openjdk.java.net/browse/JDK-8266351

-

PR: https://git.openjdk.java.net/jdk/pull/3588

Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

[Xue-Lei Andrew Fan]

On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey  wrote:

>> Trivial enough change. Improved the exception thrown from JceKeyStore also.
>
> Sean Coffey has updated the pull request with a new target base due to a 
> merge or a rebase. The incremental webrev excludes the unrelated changes 
> brought in by the merge/rebase. The pull request contains four additional 
> commits since the last revision:
> 
>  - Check for null before try block
>  - Merge branch 'master' of https://github.com/openjdk/jdk into 
> JDK-8236671-NPE
>  - Fix white space
>  - 8236671: NullPointerException in JKS keystore

Marked as reviewed by xuelei (Reviewer).

-

PR: https://git.openjdk.java.net/jdk/pull/3588

Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

[Sean Coffey]

> Trivial enough change. Improved the exception thrown from JceKeyStore also.

Sean Coffey has updated the pull request with a new target base due to a merge 
or a rebase. The incremental webrev excludes the unrelated changes brought in 
by the merge/rebase. The pull request contains four additional commits since 
the last revision:

 - Check for null before try block
 - Merge branch 'master' of https://github.com/openjdk/jdk into JDK-8236671-NPE
 - Fix white space
 - 8236671: NullPointerException in JKS keystore

-

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/3588/files
  - new: https://git.openjdk.java.net/jdk/pull/3588/files/836ea7e7..54baaad7

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk=3588=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk=3588=00-01

  Stats: 42439 lines in 1504 files changed: 9588 ins; 28041 del; 4810 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3588.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3588/head:pull/3588

PR: https://git.openjdk.java.net/jdk/pull/3588