Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8236671

NullPointerException in JKS keystore


    • Type: Bug
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 8, 11, 14, 15
    • Fix Version/s: tbd
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Introduced In Build:
    • Introduced In Version:
    • CPU:
    • OS:


      NullPointerException happens in JKS keystore if we don't set any password for key entries. This is a regression from task JDK-8208583. Previously, JDK were throwing IllegalArgumentException with proper message during this scenario, after the fix of JDK-8208583, JDK throws NullPointerException.
      IllegalArgumentException were throwing from KeyProtector.java by below statement in the constructor "throw new IllegalArgumentException("password can't be null");" But now code flow is got changed by below part of code during the fix of JDK-8208583 :

      - keyProtector = new KeyProtector(password);
      + passwordBytes = convertToBytes(password);
      + keyProtector = new KeyProtector(passwordBytes);

      Now convertToBytes() is getting invoked before invoking KeyProtector() constructor. The convertToBytes() doesn't check the password is null, directly try to get password.length, that results in NPE.

      How to reproduce:
      Attached a reproducible test case.
      Since pkcs12 is the default key store in JDK 9 and above execute test with "JKS" as parameter in JDK 9 and above.
      Eg: java TestKeyStore JKS

      Reproducibility in different JDK version:
      JDK 15 build 4: Fail
      JDK 14 build 30: Fail
      JDK12 build 6 : Fail
      JDK 12 build 5: Pass
      JDK11.0.2 build b02: Fail
      JDK11.0.2 build b01: Pass
      JDK 8u201 b01: Fail
      JDK8u191 - Pass
      Actual Behaviour : NullPointerException
      Exception in thread "main" java.lang.NullPointerException
      at java.base/sun.security.provider.JavaKeyStore.convertToBytes(JavaKeyStore.java:827)
      at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:274)
      at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
      at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1167)
      at TestKeyStore.main(TestKeyStore.java:45)

      Expected Behaviour : java.lang.IllegalArgumentException: password can't be null
      Exception in thread "main" java.lang.IllegalArgumentException: password can't be null
      at java.base/sun.security.provider.KeyProtector.<init>(KeyProtector.java:136)
      at java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:267)
      at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
      at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
      at TestKeyStore.main(TestKeyStore.java:45)


          Issue Links



              • Assignee:
                coffeys Sean Coffey
                akolarkunnu Abdul Kolarkunnu
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created: