changeset 6468:a568c4ab0973

8014805: NPE is thrown during certpath validation if certificate does not have AuthorityKeyIdentifier extension Reviewed-by: mullan, xuelei
author vinnie
date Fri, 12 Jul 2013 03:20:36 -0700
parents 886d46986b72
children 67ba888dc67b
files src/share/classes/sun/security/x509/X509CertImpl.java
diffstat 1 files changed, 27 insertions(+), 34 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/x509/X509CertImpl.java	Thu Jul 11 14:16:57 2013 -0700
+++ b/src/share/classes/sun/security/x509/X509CertImpl.java	Fri Jul 12 03:20:36 2013 -0700
@@ -174,12 +174,6 @@
      */
     private boolean verificationResult;
 
-    // Cached SKID
-    private byte[] subjectKeyId = null;
-
-    // Cached AKID
-    private byte[] issuerKeyId = null;
-
     /**
      * Default constructor.
      */
@@ -1068,25 +1062,25 @@
      */
     public byte[] getIssuerKeyIdentifier()
     {
-        if (issuerKeyId == null) {
-            AuthorityKeyIdentifierExtension aki =
-                getAuthorityKeyIdentifierExtension();
-            if (aki != null) {
+        byte[] issuerKeyId = null;
+        AuthorityKeyIdentifierExtension aki =
+            getAuthorityKeyIdentifierExtension();
 
-                try {
-                    issuerKeyId = ((KeyIdentifier)
-                        aki.get(AuthorityKeyIdentifierExtension.KEY_ID))
-                            .getIdentifier();
-                } catch (IOException e) {
-                    // should never happen (because KEY_ID attr is supported)
+        if (aki != null) {
+
+            try {
+                KeyIdentifier ki =
+                    ((KeyIdentifier) aki.get(
+                        AuthorityKeyIdentifierExtension.KEY_ID));
+                if (ki != null) {
+                    issuerKeyId = ki.getIdentifier();
                 }
-
-            } else {
-                issuerKeyId = new byte[0]; // no AKID present
+            } catch (IOException e) {
+                // should never happen (because KEY_ID attr is supported)
             }
         }
 
-        return issuerKeyId.length != 0 ? issuerKeyId : null;
+        return issuerKeyId;
     }
 
     /**
@@ -1193,25 +1187,24 @@
      */
     public byte[] getSubjectKeyIdentifier()
     {
-        if (subjectKeyId == null) {
-            SubjectKeyIdentifierExtension ski =
-                getSubjectKeyIdentifierExtension();
-            if (ski != null) {
+        byte[] subjectKeyId = null;
+        SubjectKeyIdentifierExtension ski = getSubjectKeyIdentifierExtension();
 
-                try {
-                    subjectKeyId = ((KeyIdentifier)
-                        ski.get(SubjectKeyIdentifierExtension.KEY_ID))
-                            .getIdentifier();
-                } catch (IOException e) {
-                    // should never happen (because KEY_ID attr is supported)
+        if (ski != null) {
+
+            try {
+                KeyIdentifier ki =
+                    ((KeyIdentifier) ski.get(
+                        SubjectKeyIdentifierExtension.KEY_ID));
+                if (ki != null) {
+                    subjectKeyId = ki.getIdentifier();
                 }
-
-            } else {
-                subjectKeyId = new byte[0]; // no SKID present
+            } catch (IOException e) {
+                // should never happen (because KEY_ID attr is supported)
             }
         }
 
-        return subjectKeyId.length != 0 ? subjectKeyId : null;
+        return subjectKeyId;
     }
 
     /**