Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8236671

NullPointerException in JKS keystore



    • b06
    • 12
    • b21
    • generic
    • generic



        NullPointerException happens in JKS keystore if we don't set any password for key entries. This is a regression from task JDK-8208583. Previously, JDK were throwing IllegalArgumentException with proper message during this scenario, after the fix of JDK-8208583, JDK throws NullPointerException.
        IllegalArgumentException were throwing from KeyProtector.java by below statement in the constructor "throw new IllegalArgumentException("password can't be null");" But now code flow is got changed by below part of code during the fix of JDK-8208583 :

        - keyProtector = new KeyProtector(password);
        + passwordBytes = convertToBytes(password);
        + keyProtector = new KeyProtector(passwordBytes);

        Now convertToBytes() is getting invoked before invoking KeyProtector() constructor. The convertToBytes() doesn't check the password is null, directly try to get password.length, that results in NPE.

        How to reproduce:
        Attached a reproducible test case.
        Since pkcs12 is the default key store in JDK 9 and above execute test with "JKS" as parameter in JDK 9 and above.
        Eg: java TestKeyStore JKS

        Reproducibility in different JDK version:
        JDK 15 build 4: Fail
        JDK 14 build 30: Fail
        JDK12 build 6 : Fail
        JDK 12 build 5: Pass
        JDK11.0.2 build b02: Fail
        JDK11.0.2 build b01: Pass
        JDK 8u201 b01: Fail
        JDK8u191 - Pass
        Actual Behaviour : NullPointerException
        Exception in thread "main" java.lang.NullPointerException
        at java.base/sun.security.provider.JavaKeyStore.convertToBytes(JavaKeyStore.java:827)
        at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:274)
        at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
        at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1167)
        at TestKeyStore.main(TestKeyStore.java:45)

        Expected Behaviour : java.lang.IllegalArgumentException: password can't be null
        Exception in thread "main" java.lang.IllegalArgumentException: password can't be null
        at java.base/sun.security.provider.KeyProtector.<init>(KeyProtector.java:136)
        at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267)
        at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
        at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
        at TestKeyStore.main(TestKeyStore.java:45)


          Issue Links



                coffeys Sean Coffey
                akolarkunnu Abdul Kolarkunnu
                0 Vote for this issue
                4 Start watching this issue