JDK-8079129 : NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8-pool,9
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_7
  • CPU: x86_64
  • Submitted: 2015-03-31
  • Updated: 2017-12-21
  • Resolved: 2015-05-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 JDK 9 Other
7u171Fixed 8u60Fixed 9 b64Fixed openjdk7uFixed
Description
FULL PRODUCT VERSION :
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) Client VM (build 25.20-b23, mixed mode)

Also in Java SE Embedded ejre1.8.0_06

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
The keystore save operation fails when the KeyStore contains only TrustedCertificateEntry or SecretKeyEntry entries.


java.lang.NullPointerException
	at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
	at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
	at java.security.KeyStore.store(KeyStore.java:1365)


In PKCS12KeyStore.java createEncryptedData function only checks PrivateKeyEntry and CertEntry instances. As "chainLen = 1" and "Certificate[] certs" is not populated it throws NullPointerException;

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a PKCS12 keystore with only one TrustedCertificateEntry and one SecretKeyEntry and try to save the file.



EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Keystore saved to given path
ACTUAL -
java.lang.NullPointerException

	at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
	at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
	at java.security.KeyStore.store(KeyStore.java:1365)

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException

	at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
	at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
	at java.security.KeyStore.store(KeyStore.java:1365)

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(null, null);
ks.setCertificateEntry("aaa", getTrustedCertificate());
ks.setKeyEntry("bbb", key, passwd, null);
ks.store(new FileOutputStream("deneme.p12", passwd);
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Store SecretKey and TrustedCertificates in different keystores

SUPPORT :
YES


Comments
Steps to reproduce this issue: ************************************************************************************************************************************* Use the attached files, (KeyStoreTest.java) and the test certificate (test.cer) 1. In the first step, create a new pkcs12 keystore with the following command (run from specific JDK version you are trying to check for):: # keytool -keystore test.p12 -storepass 123456 -importcert -file test.cer -alias test -storetype pkcs12 This will generate a pkcs12 certificate file (test.p12). 2. Thereafter run the attached test case (KeyStoreTest.java) Note: Checked this issue for JDK 8, 8u40, 8u45, 8u60 ea b12, and 9 ea b60 on Windows 7 and Linux (64-bit). Make usre to generate fresh pkcs12 certificate with each JDK versioon. 3. The test failed with all the above mentioned JDK versions with NullPointerException error. --------------------------------------------------------------------------------------------------------------------------------------- Output with 8u45: # java KeyStoreTest java.lang.NullPointerException at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1630) at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1156) at java.security.KeyStore.store(KeyStore.java:1377) at KeyStoreTest.main(KeyStoreTest.java:45) ***************************************************************************************************************************************************
30-04-2015