CertPathValidator throws NPE if trusted certificate does not have AuthorityKeyIdentifier extension:
certpath: PolicyChecker.checkPolicy() certificate policies verified
certpath: -checker5 validation succeeded
certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker]
certpath: ---checking timestamp:Fri May 17 17:42:50 MSK 2013...
certpath: timestamp verified.
certpath: ---checking subject/issuer name chaining...
certpath: subject/issuer name chaining verified.
certpath: ---checking signature...
certpath: signature verified.
certpath: BasicChecker.updateState issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; subject: CN=Oracle Root CA, OU=VeriSign Trust Network, O=Oracle Corporation, C=US; serial#: 100662332940862603838457626880723060860
certpath: -checker6 validation succeeded
certpath: -Using checker7 ... [sun.security.provider.certpath.OCSPChecker]
Exception in thread "main" java.lang.NullPointerException
at sun.security.x509.X509CertImpl.getIssuerKeyIdentifier(X509CertImpl.java:1077)
at sun.security.provider.certpath.OCSPChecker.check(OCSPChecker.java:251)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)