Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8079129

NullPointerException in PKCS#12 Keystore in PKCS12KeyStore.java

    Details

    • Subcomponent:
    • Resolved In Build:
      b64
    • CPU:
      x86_64
    • OS:
      windows_7
    • Verification:
      Verified

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.8.0_20"
        Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
        Java HotSpot(TM) Client VM (build 25.20-b23, mixed mode)

        Also in Java SE Embedded ejre1.8.0_06

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.1.7601]

        A DESCRIPTION OF THE PROBLEM :
        The keystore save operation fails when the KeyStore contains only TrustedCertificateEntry or SecretKeyEntry entries.


        java.lang.NullPointerException
        at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
        at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
        at java.security.KeyStore.store(KeyStore.java:1365)


        In PKCS12KeyStore.java createEncryptedData function only checks PrivateKeyEntry and CertEntry instances. As "chainLen = 1" and "Certificate[] certs" is not populated it throws NullPointerException;

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Create a PKCS12 keystore with only one TrustedCertificateEntry and one SecretKeyEntry and try to save the file.



        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        Keystore saved to given path
        ACTUAL -
        java.lang.NullPointerException

        at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
        at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
        at java.security.KeyStore.store(KeyStore.java:1365)

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        java.lang.NullPointerException

        at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1620)
        at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1151)
        at java.security.KeyStore.store(KeyStore.java:1365)

        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        KeyStore ks = KeyStore.getInstance("pkcs12");
        ks.load(null, null);
        ks.setCertificateEntry("aaa", getTrustedCertificate());
        ks.setKeyEntry("bbb", key, passwd, null);
        ks.store(new FileOutputStream("deneme.p12", passwd);
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Store SecretKey and TrustedCertificates in different keystores

        SUPPORT :
        YES

        1. KeyStoreTest.java
          2 kB
          Pardeep Sharma
        2. test.cer
          1 kB
          Pardeep Sharma

          Activity

          Hide
          pardesha Pardeep Sharma added a comment -
          Steps to reproduce this issue:
          *************************************************************************************************************************************
          Use the attached files, (KeyStoreTest.java) and the test certificate (test.cer)

          1. In the first step, create a new pkcs12 keystore with the following command (run from specific JDK version you are trying to check for)::
          # keytool -keystore test.p12 -storepass 123456 -importcert -file test.cer -alias test -storetype pkcs12
          This will generate a pkcs12 certificate file (test.p12).

          2. Thereafter run the attached test case (KeyStoreTest.java)
          Note: Checked this issue for JDK 8, 8u40, 8u45, 8u60 ea b12, and 9 ea b60 on Windows 7 and Linux (64-bit). Make usre to generate fresh pkcs12 certificate with each JDK versioon.

          3. The test failed with all the above mentioned JDK versions with NullPointerException error.
          ---------------------------------------------------------------------------------------------------------------------------------------
          Output with 8u45:
          # java KeyStoreTest
          java.lang.NullPointerException
                  at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1630)
                  at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1156)
                  at java.security.KeyStore.store(KeyStore.java:1377)
                  at KeyStoreTest.main(KeyStoreTest.java:45)
          ***************************************************************************************************************************************************
          Show
          pardesha Pardeep Sharma added a comment - Steps to reproduce this issue: ************************************************************************************************************************************* Use the attached files, (KeyStoreTest.java) and the test certificate (test.cer) 1. In the first step, create a new pkcs12 keystore with the following command (run from specific JDK version you are trying to check for):: # keytool -keystore test.p12 -storepass 123456 -importcert -file test.cer -alias test -storetype pkcs12 This will generate a pkcs12 certificate file (test.p12). 2. Thereafter run the attached test case (KeyStoreTest.java) Note: Checked this issue for JDK 8, 8u40, 8u45, 8u60 ea b12, and 9 ea b60 on Windows 7 and Linux (64-bit). Make usre to generate fresh pkcs12 certificate with each JDK versioon. 3. The test failed with all the above mentioned JDK versions with NullPointerException error. --------------------------------------------------------------------------------------------------------------------------------------- Output with 8u45: # java KeyStoreTest java.lang.NullPointerException         at sun.security.pkcs12.PKCS12KeyStore.createEncryptedData(PKCS12KeyStore.java:1630)         at sun.security.pkcs12.PKCS12KeyStore.engineStore(PKCS12KeyStore.java:1156)         at java.security.KeyStore.store(KeyStore.java:1377)         at KeyStoreTest.main(KeyStoreTest.java:45) ***************************************************************************************************************************************************
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/207c1b0356ea
          User: vinnie
          Date: 2015-05-05 16:52:35 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/207c1b0356ea User: vinnie Date: 2015-05-05 16:52:35 +0000
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/207c1b0356ea
          User: lana
          Date: 2015-05-13 21:19:45 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/207c1b0356ea User: lana Date: 2015-05-13 21:19:45 +0000

            People

            • Assignee:
              vinnie Vincent Ryan
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: