On Mon, 27 Jan 2025 12:39:45 GMT, Konanki Sreenath <d...@openjdk.org> wrote:
> Earlier code will trigger NPE if the certificate does not contain the > extensions or if the requested extensions does not exist. The better approach > for hardening **getExtensionValue** here is to to check for NULL explicitly > before calling **getExtensionValue()** and avoding try-catch block which > ensures the readability and maintainability. > > After scanning in multiple places where invokng getExtensions on the > X509CertInfo reference, the check for NULL is added in the **getKeyUsage()** > as well while calling before **getExtensionValue()** > > The associated tests are written and added in test class > **CertificateExtensions**. Which will ensure to validate the > **getExtensionValue()** and **getKeyUsage()** methods in **X509CertImpl** > class. Please don't integrate until someone from the Security Group reviews this PR. Thanks. @jnimeh Can you please review this PR? ------------- PR Comment: https://git.openjdk.org/jdk/pull/23315#issuecomment-2639896749 PR Comment: https://git.openjdk.org/jdk/pull/23315#issuecomment-2639898463
