-
Bug
-
Resolution: Fixed
-
P3
-
8, 11, 14, 15
-
b06
-
b21
-
generic
-
generic
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8268257 | 11.0.13-oracle | Sean Coffey | P3 | Resolved | Fixed | b01 |
JDK-8271022 | 11.0.13 | Martin Doerr | P3 | Resolved | Fixed | b01 |
NullPointerException happens in JKS keystore if we don't set any password for key entries. This is a regression from task JDK-8208583. Previously, JDK were throwing IllegalArgumentException with proper message during this scenario, after the fix of JDK-8208583, JDK throws NullPointerException.
IllegalArgumentException were throwing from KeyProtector.java by below statement in the constructor "throw new IllegalArgumentException("password can't be null");" But now code flow is got changed by below part of code during the fix ofJDK-8208583 :
- keyProtector = new KeyProtector(password);
+ passwordBytes = convertToBytes(password);
+ keyProtector = new KeyProtector(passwordBytes);
Now convertToBytes() is getting invoked before invoking KeyProtector() constructor. The convertToBytes() doesn't check the password is null, directly try to get password.length, that results in NPE.
How to reproduce:
Attached a reproducible test case.
Since pkcs12 is the default key store in JDK 9 and above execute test with "JKS" as parameter in JDK 9 and above.
Eg: java TestKeyStore JKS
Reproducibility in different JDK version:
JDK 15 build 4: Fail
JDK 14 build 30: Fail
JDK12 build 6 : Fail
JDK 12 build 5: Pass
JDK11.0.2 build b02: Fail
JDK11.0.2 build b01: Pass
JDK 8u201 b01: Fail
JDK8u191 - Pass
Actual Behaviour : NullPointerException
Exception in thread "main" java.lang.NullPointerException
at java.base/sun.security.provider.JavaKeyStore.convertToBytes(JavaKeyStore.java:827)
at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:274)
at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1167)
at TestKeyStore.main(TestKeyStore.java:45)
Expected Behaviour : java.lang.IllegalArgumentException: password can't be null
Exception in thread "main" java.lang.IllegalArgumentException: password can't be null
at java.base/sun.security.provider.KeyProtector.<init>(KeyProtector.java:136)
at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267)
at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
at TestKeyStore.main(TestKeyStore.java:45)
IllegalArgumentException were throwing from KeyProtector.java by below statement in the constructor "throw new IllegalArgumentException("password can't be null");" But now code flow is got changed by below part of code during the fix of
- keyProtector = new KeyProtector(password);
+ passwordBytes = convertToBytes(password);
+ keyProtector = new KeyProtector(passwordBytes);
Now convertToBytes() is getting invoked before invoking KeyProtector() constructor. The convertToBytes() doesn't check the password is null, directly try to get password.length, that results in NPE.
How to reproduce:
Attached a reproducible test case.
Since pkcs12 is the default key store in JDK 9 and above execute test with "JKS" as parameter in JDK 9 and above.
Eg: java TestKeyStore JKS
Reproducibility in different JDK version:
JDK 15 build 4: Fail
JDK 14 build 30: Fail
JDK12 build 6 : Fail
JDK 12 build 5: Pass
JDK11.0.2 build b02: Fail
JDK11.0.2 build b01: Pass
JDK 8u201 b01: Fail
JDK8u191 - Pass
Actual Behaviour : NullPointerException
Exception in thread "main" java.lang.NullPointerException
at java.base/sun.security.provider.JavaKeyStore.convertToBytes(JavaKeyStore.java:827)
at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:274)
at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1167)
at TestKeyStore.main(TestKeyStore.java:45)
Expected Behaviour : java.lang.IllegalArgumentException: password can't be null
Exception in thread "main" java.lang.IllegalArgumentException: password can't be null
at java.base/sun.security.provider.KeyProtector.<init>(KeyProtector.java:136)
at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267)
at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
at TestKeyStore.main(TestKeyStore.java:45)
- backported by
-
JDK-8268257 NullPointerException in JKS keystore
- Resolved
-
JDK-8271022 NullPointerException in JKS keystore
- Resolved
- relates to
-
JDK-8266351 Improve specification in java.security.KeyStore
- Open
-
JDK-8208583 Better management of internal KeyStore buffers
- Closed
- links to
-
Commit openjdk/jdk11u-dev/44ef6fef
-
Commit openjdk/jdk/276a1bf7
-
Review openjdk/jdk11u-dev/144
-
Review openjdk/jdk/3588
(3 links to)