[OPENAM-5660] NPE when the keyalias does not exist or does not contain a certificate Created: 13/Mar/15  Updated: 20/Nov/16  Resolved: 31/Mar/15

Status: Resolved
Project: OpenAM
Component/s: authentication, rest
Affects Version/s: 12.0.0
Fix Version/s: 11.0.4, 12.0.1, 13.0.0

Type: Bug Priority: Minor
Reporter: Quentin CASTEL [X] (Inactive) Assignee: Quentin CASTEL [X] (Inactive)
Resolution: Fixed Votes: 1
Labels: release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is related to OPENAM-4370 NPE when trying to authenticate via t... Resolved
Support Ticket IDs:


when the keyalias does not exist or does not contain a certificate, the certificate can't be found and therefore, the getCertificate return null:

X509Certificate cert = (X509Certificate) ks.getCertificate(keyAlias);

Javadoc of getCertificate:
     * @return the certificate, or null if the given alias does not exist or
     * does not contain a certificate.

The null condition should be tested before trying to access the "cert" instance.


            X509Certificate cert = (X509Certificate) ks.getCertificate(keyAlias);
            pkey = cert.getPublicKey();


            X509Certificate cert = (X509Certificate) ks.getCertificate(keyAlias);
            if (cert == null) {
                logger.error("the given alias '" + keyAlias + "' does not exist or does not contain a certificate.");
                return null;
            pkey = cert.getPublicKey();

Comment by Andrew Dunn [X] (Inactive) [ 27/Mar/15 ]

This can happen when a user creates a new keystore and key alias (i.e. not 'test'), is using XUI and does not update:
Configuration > Authentication > Core > Security > Organization Authentication Certificate Alias

As an improvement , the UI could also check for the existence of the key alias when entered, to avoid mistakes. Similar to when you add a signing key alias when configuring SAML2 entities.

Comment by Quentin CASTEL [X] (Inactive) [ 31/Mar/15 ]

Fixed in 13.0.0 r13250
Fixed in 12.0.1 r13251
Fixed in 11.0.4 r13252

Generated at Wed Oct 21 09:41:17 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.