JDK-8205720 : KeyFactory#getKeySpec and translateKey throws NullPointerException with Invalid key
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 11
- Priority: P2
- Status: Closed
- Resolution: Fixed
- Submitted: 2018-06-26
- Updated: 2020-06-09
- Resolved: 2018-06-30
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 12 | JDK 8 | Other |
|---|---|---|---|
11 b21Fixed  |
12Fixed |
8u251Fixed |
openjdk8u252Fixed |
Related Reports
|
Relates :
|
Description
��� KeyFactory#getKeySpec(Key,Class)
Specification states that
InvalidKeySpecException if the requested key specification is
inappropriate for the given key, or the given key cannot be processed
(e.g., the given key has an unrecognized algorithm or format).
My understanding is that if I provide an invalid key to this method, I expect InvalidKeyException
but for ���RSASSA-PSS��� algorithm, the KeyFactory throws ���NullPointerException���
Code:
class InvalidKey implements Key{
@Override
public String getAlgorithm() {
return null;
}
@Override
public String getFormat() {
return null;
}
@Override
public byte[] getEncoded() {
return null;
}
}
KeyFactory keyFactory = KeyFactory.getInstance(���RSASSA-PSS���);
keyFactory.getKeySpec(new InvalidKey(),X509EncodedKeySpec.class); //throws NPE instead of InvalidKeyException
=========
Output:
Exception java.lang.NullPointerException
at RSAKeyFactory.checkKeyAlgo (RSAKeyFactory.java:103)
at RSAKeyFactory.engineTranslateKey (RSAKeyFactory.java:212)
at RSAKeyFactory.engineGetKeySpec (RSAKeyFactory.java:399)
��� KeyFactory#translateKey(Key):
Specification states that InvalidKeyException if the given key cannot be processed by this key factory.
My understanding is that if I provide an invalid key to this method, I expect InvalidKeyException but for
���RSASSA-PSS��� algorithm, the KeyFactory throws ���NullPointerException���
Code:
class InvalidKey implements Key{
@Override
public String getAlgorithm() {
return null;
}
@Override
public String getFormat() {
return null;
}
@Override
public byte[] getEncoded() {
return null;
}
}
KeyFactory keyFactory = KeyFactory.getInstance(���RSASSA-PSS���);
keyFactory.translateKey(new InvalidKey()); // Throw NPE instead of InvalidKeyException.
=======
Output:
Exception java.lang.NullPointerException
at RSAKeyFactory.checkKeyAlgo (RSAKeyFactory.java:103)
at RSAKeyFactory.engineTranslateKey (RSAKeyFactory.java:212)
at KeyFactory.translateKey (KeyFactory.java:470)
===================================================
I have checked with other algorithm, it throws "InvalidKeyException"
For e.g.
jshell> KeyFactory keyFactory = KeyFactory.getInstance("XDH");
keyFactory ==> java.security.KeyFactory@77167fb7
jshell> keyFactory.getKeySpec(new InvalidKey(),X509EncodedKeySpec.class)
| Exception java.security.spec.InvalidKeySpecException: Unsupported key type
| at XDHKeyFactory.engineGetKeySpec (XDHKeyFactory.java:226)
| at KeyFactory.getKeySpec (KeyFactory.java:439)
| at (#46:1)
jshell> keyFactory.translateKey(new InvalidKey())
| Exception java.security.InvalidKeyException: Unsupported key type or format
| at XDHKeyFactory.engineTranslateKey (XDHKeyFactory.java:94)
| at KeyFactory.translateKey (KeyFactory.java:470)
| at (#47:1)
Comments
|