Thanks for the pointers Will.
I've added your details to the JDK-8266351 bug report.
https://bugs.openjdk.java.net/browse/JDK-8266351
regards,
Sean.
On 24/05/2021 18:53, Will Sargent wrote:
I have tried to sign up to the bug tracking system (through reset
password I think?) but I'm not getting an email out, so I can't add to
the bug.
I have created a test case in Github:
https://github.com/wsargent/jca-key-failure/
<https://urldefense.com/v3/__https://github.com/wsargent/jca-key-failure/__;!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeXM5lj3g$>
The stack trace shows the invalid key store entry after saving and
loading it again.
https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java#L68
<https://urldefense.com/v3/__https://github.com/wsargent/jca-key-failure/blob/main/src/main/java/com/tersesystems/jcakeyfailure/JcaKeyFailure.java*L68__;Iw!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeC27YT_w$>
On Fri, Apr 30, 2021 at 12:40 PM Seán Coffey <sean.cof...@oracle.com
<mailto:sean.cof...@oracle.com>> wrote:
Thanks for the feedback Will. It would be useful if you can
provide a testcase and/or add comments to JDK-8266351
<https://bugs.openjdk.java.net/browse/JDK-8266351> on your experience.
regards,
Sean.
On 30/04/2021 17:54, Will Sargent wrote:
> KeyStore specification will be tightened up via another bug record
This would be super helpful, as one thing that confuses me is
what the relationship is between a key entry and a key alias --
in particular, the existence alias doesn't seem to guarantee a
valid entry that can be retrieved.
In JDK 11 it's possible to create a private key with a keystore
using pkcs12.setKeyEntry() (see link below):
https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L135
<https://urldefense.com/v3/__https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java*L135__;Iw!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeUj8qrfw$>
and then have a null pointer exception when retrieving the entry
from the alias because the certificate chain is null (see
commented out "testSystem" use case):
https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java#L27
<https://urldefense.com/v3/__https://github.com/tersesystems/securitybuilder/blob/master/lib/src/test/java/com/tersesystems/securitybuilder/PrivateKeyStoreTest.java*L27__;Iw!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEwedESajqLA$>
I can write this up into a formal bug if that helps.
On Fri, Apr 30, 2021 at 2:30 AM Sean Coffey
<coff...@openjdk.java.net <mailto:coff...@openjdk.java.net>> wrote:
On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey
<coff...@openjdk.org <mailto:coff...@openjdk.org>> wrote:
>> Trivial enough change. Improved the exception thrown from
JceKeyStore also.
>
> Sean Coffey has updated the pull request with a new target
base due to a merge or a rebase. The incremental webrev
excludes the unrelated changes brought in by the
merge/rebase. The pull request contains four additional
commits since the last revision:
>
> - Check for null before try block
> - Merge branch 'master' of https://github.com/openjdk/jdk
<https://urldefense.com/v3/__https://github.com/openjdk/jdk__;!!GqivPVa7Brio!KZTaOe6TkXX8t-ZTaptDzm3RETFWZV4O6xj-7_iS2CF-NV4g7FxSSzYEweeOltfJww$>
into JDK-8236671-NPE
> - Fix white space
> - 8236671: NullPointerException in JKS keystore
KeyStore specification will be tightened up via another bug
record: https://bugs.openjdk.java.net/browse/JDK-8266351
<https://bugs.openjdk.java.net/browse/JDK-8266351>
-------------
PR: https://git.openjdk.java.net/jdk/pull/3588
<https://git.openjdk.java.net/jdk/pull/3588>