Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8236671

NullPointerException in JKS keystore

XMLWordPrintable

    • b06
    • 12
    • b21
    • generic
    • generic

        NullPointerException happens in JKS keystore if we don't set any password for key entries. This is a regression from task JDK-8208583. Previously, JDK were throwing IllegalArgumentException with proper message during this scenario, after the fix of JDK-8208583, JDK throws NullPointerException.
        IllegalArgumentException were throwing from KeyProtector.java by below statement in the constructor "throw new IllegalArgumentException("password can't be null");" But now code flow is got changed by below part of code during the fix of JDK-8208583 :

        - keyProtector = new KeyProtector(password);
        + passwordBytes = convertToBytes(password);
        + keyProtector = new KeyProtector(passwordBytes);

        Now convertToBytes() is getting invoked before invoking KeyProtector() constructor. The convertToBytes() doesn't check the password is null, directly try to get password.length, that results in NPE.

        How to reproduce:
        Attached a reproducible test case.
        Since pkcs12 is the default key store in JDK 9 and above execute test with "JKS" as parameter in JDK 9 and above.
        Eg: java TestKeyStore JKS

        Reproducibility in different JDK version:
        JDK 15 build 4: Fail
        JDK 14 build 30: Fail
        JDK12 build 6 : Fail
        JDK 12 build 5: Pass
        JDK11.0.2 build b02: Fail
        JDK11.0.2 build b01: Pass
        JDK 8u201 b01: Fail
        JDK8u191 - Pass
         
        Actual Behaviour : NullPointerException
        Exception in thread "main" java.lang.NullPointerException
        at java.base/sun.security.provider.JavaKeyStore.convertToBytes(JavaKeyStore.java:827)
        at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:274)
        at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
        at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1167)
        at TestKeyStore.main(TestKeyStore.java:45)


        Expected Behaviour : java.lang.IllegalArgumentException: password can't be null
        Exception in thread "main" java.lang.IllegalArgumentException: password can't be null
        at java.base/sun.security.provider.KeyProtector.<init>(KeyProtector.java:136)
        at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267)
        at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
        at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
        at TestKeyStore.main(TestKeyStore.java:45)

              coffeys Sean Coffey
              akolarkunnu Abdul Kolarkunnu (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: