FULL PRODUCT VERSION : java version "1.8.0_20" Java(TM) SE Runtime Environment (build 1.8.0_20-b26) Java HotSpot(TM) Client VM (build 25.20-b23, mixed mode) Also in Java SE Embedded ejre1.8.0_06 ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.1.7601] A DESCRIPTION OF THE PROBLEM : The keystore save operation fails when the KeyStore contains only TrustedCertificateEntry or SecretKeyEntry entries. java.lang.NullPointerException at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620) at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151) at java.security.KeyStore.store(KeyStore.java:1365) In PKCS12KeyStore.java createEncryptedData function only checks PrivateKeyEntry and CertEntry instances. As "chainLen = 1" and "Certificate[] certs" is not populated it throws NullPointerException; STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Create a PKCS12 keystore with only one TrustedCertificateEntry and one SecretKeyEntry and try to save the file. EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Keystore saved to given path ACTUAL - java.lang.NullPointerException at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620) at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151) at java.security.KeyStore.store(KeyStore.java:1365) ERROR MESSAGES/STACK TRACES THAT OCCUR : java.lang.NullPointerException at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620) at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151) at java.security.KeyStore.store(KeyStore.java:1365) REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(null, null); ks.setCertificateEntry("aaa", getTrustedCertificate()); ks.setKeyEntry("bbb", key, passwd, null); ks.store(new FileOutputStream("deneme.p12", passwd); ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : Store SecretKey and TrustedCertificates in different keystores SUPPORT : YES
|