> Earlier code will trigger NPE if the certificate does not contain the > extensions or if the requested extensions does not exist. The better approach > for hardening **getExtensionValue** here is to to check for NULL explicitly > before calling **getExtensionValue()** and avoding try-catch block which > ensures the readability and maintainability. > > After scanning in multiple places where invokng getExtensions on the > X509CertInfo reference, the check for NULL is added in the **getKeyUsage()** > as well while calling before **getExtensionValue()** > > The associated tests are written and added in test class > **CertificateExtensions**. Which will ensure to validate the > **getExtensionValue()** and **getKeyUsage()** methods in **X509CertImpl** > class.
Konanki Sreenath has updated the pull request incrementally with one additional commit since the last revision: JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases ------------- Changes: - all: https://git.openjdk.org/jdk/pull/23315/files - new: https://git.openjdk.org/jdk/pull/23315/files/0e288ec5..672d7b7e Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=23315&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=23315&range=01-02 Stats: 50 lines in 3 files changed: 4 ins; 44 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/23315.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/23315/head:pull/23315 PR: https://git.openjdk.org/jdk/pull/23315
