On Wed, 19 Feb 2025 10:27:26 GMT, Konanki Sreenath <d...@openjdk.org> wrote:
>> Earlier code will trigger NPE if the certificate does not contain the >> extensions or if the requested extensions does not exist. The better >> approach for hardening **getExtensionValue** here is to to check for NULL >> explicitly before calling **getExtensionValue()** and avoding try-catch >> block which ensures the readability and maintainability. >> >> After scanning in multiple places where invokng getExtensions on the >> X509CertInfo reference, the check for NULL is added in the **getKeyUsage()** >> as well while calling before **getExtensionValue()** >> >> The associated tests are written and added in test class >> **CertificateExtensions**. Which will ensure to validate the >> **getExtensionValue()** and **getKeyUsage()** methods in **X509CertImpl** >> class. > > Konanki Sreenath has updated the pull request incrementally with one > additional commit since the last revision: > > JDK-8346094 : Harden X509CertImpl.getExtensionValue for NPE cases Only a small nit. Copyright year for `TestHostnameChecker.java` should also be updated. ------------- PR Comment: https://git.openjdk.org/jdk/pull/23315#issuecomment-2668815018
