On Wed, 5 Feb 2025 03:55:18 GMT, Nibedita Jena <d...@openjdk.org> wrote:
>> Earlier code will trigger NPE if the certificate does not contain the
>> extensions or if the requested extensions does not exist. The better
>> approach for hardening **getExtensionValue** here is to to check for NULL
>> explicitly before calling **getExtensionValue()** and avoding try-catch
>> block which ensures the readability and maintainability.
>>
>> After scanning in multiple places where invokng getExtensions on the
>> X509CertInfo reference, the check for NULL is added in the **getKeyUsage()**
>> as well while calling before **getExtensionValue()**
>>
>> The associated tests are written and added in test class
>> **CertificateExtensions**. Which will ensure to validate the
>> **getExtensionValue()** and **getKeyUsage()** methods in **X509CertImpl**
>> class.
>
> test/jdk/java/security/cert/X509Certificate/CertificateExtensions.java line
> 136:
>
>> 134: public static sun.security.x509.CertificateExtensions
>> createCertificateExtensions(PublicKey publicKey) throws IOException,
>> NoSuchAlgorithmException {
>> 135: // Create Extensions
>> 136: sun.security.x509.CertificateExtensions certificateExtensions =
>> new sun.security.x509.CertificateExtensions();
>
> Same comment
addressed indentation
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23315#discussion_r1944142275
