On Thu, 30 Oct 2025 17:15:53 GMT, Sean Mullan <[email protected]> wrote:
>> Kirill Shirokov has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains three additional
>> commits since the last revision:
>>
>> - Merge branch 'master' into JDK-8366522-fix-npe-codeSourceGetCodeSigners
>> - Merge branch 'master' into JDK-8366522-fix-npe-codeSourceGetCodeSigners
>> - 8366522: CodeSource.getCodeSigners() throws NPE within empty certs
>
> src/java.base/share/classes/java/security/CodeSource.java line 241:
>
>> 239: // Convert the certs to code signers
>> 240: signers = convertCertArrayToSignerArray(certs);
>> 241: if (signers != null) {
>
> I think this should return an empty array, and not null. This would make it
> consistent with `CodeSource.getCertificates()` which returns an empty array
> when a `CodeSource` object is constructed with an empty array of `CodeSigner`.
I agree, considering the statement from line 666:
private CodeSigner[] convertCertArrayToSignerArray(
...
if (signers.isEmpty()) {
return null;
}
This would make getCodeSigners() return value more consistent for the following
corner cases:
new CodeSource(certificates=null): getCertificates()=null; getCodeSigners()=null
new CodeSource(certificates=[]): getCertificates()=[]; getCodeSigners()=[]
new CodeSource(certificates=[NON-X509-CERT]): getCertificates()=[];
getCodeSigners()=[]
new CodeSource(codeSigners=null): getCertificates()=null; getCodeSigners()=null
new CodeSource(codeSigners=[]): getCertificates()=[]; getCodeSigners()=[]
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27105#discussion_r2652139979
