Earlier code will trigger NPE if the certificate does not contain the extensions or if the requested extensions does not exist. The better approach for hardening **getExtensionValue** here is to to check for NULL explicitly before calling **getExtensionValue()** and avoding try-catch block which ensures the readability and maintainability.
After scanning in multiple places where invokng getExtensions on the X509CertInfo reference, the check for NULL is added in the **getKeyUsage()** as well while calling before **getExtensionValue()** The associated tests are written and added in test class **CertificateExtensions**. Which will ensure to validate the **getExtensionValue()** and **getKeyUsage()** methods in **X509CertImpl** class. ------------- Commit messages: - JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases - JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases - JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases - JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases - JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases - JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases Changes: https://git.openjdk.org/jdk/pull/23315/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=23315&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8346094 Stats: 229 lines in 2 files changed: 218 ins; 6 del; 5 mod Patch: https://git.openjdk.org/jdk/pull/23315.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/23315/head:pull/23315 PR: https://git.openjdk.org/jdk/pull/23315
