JDK-8079129 : NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 8-pool,9
- Priority: P4
- Status: Closed
- Resolution: Fixed
- OS: windows_7
- CPU: x86_64
- Submitted: 2015-03-31
- Updated: 2017-12-21
- Resolved: 2015-05-05
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 | JDK 8 | JDK 9 | Other |
|---|---|---|---|
| 7u171Fixed | 8u60Fixed  |
9 b64Fixed |
openjdk7uFixed |
Description
FULL PRODUCT VERSION :
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) Client VM (build 25.20-b23, mixed mode)
Also in Java SE Embedded ejre1.8.0_06
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
The keystore save operation fails when the KeyStore contains only TrustedCertificateEntry or SecretKeyEntry entries.
java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
at java.security.KeyStore.store(KeyStore.java:1365)
In PKCS12KeyStore.java createEncryptedData function only checks PrivateKeyEntry and CertEntry instances. As "chainLen = 1" and "Certificate[] certs" is not populated it throws NullPointerException;
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a PKCS12 keystore with only one TrustedCertificateEntry and one SecretKeyEntry and try to save the file.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Keystore saved to given path
ACTUAL -
java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
at java.security.KeyStore.store(KeyStore.java:1365)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException
at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
at java.security.KeyStore.store(KeyStore.java:1365)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(null, null);
ks.setCertificateEntry("aaa", getTrustedCertificate());
ks.setKeyEntry("bbb", key, passwd, null);
ks.store(new FileOutputStream("deneme.p12", passwd);
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Store SecretKey and TrustedCertificates in different keystores
SUPPORT :
YES
Comments
|