--- old/src/share/classes/sun/security/x509/X509CertImpl.java	2013-06-24 14:06:17.074266611 +0100
+++ new/src/share/classes/sun/security/x509/X509CertImpl.java	2013-06-24 14:06:16.592560443 +0100
@@ -1074,9 +1074,14 @@
             if (aki != null) {
 
                 try {
-                    issuerKeyId = ((KeyIdentifier)
-                        aki.get(AuthorityKeyIdentifierExtension.KEY_ID))
-                            .getIdentifier();
+                    KeyIdentifier ki =
+                        ((KeyIdentifier) aki.get(
+                            AuthorityKeyIdentifierExtension.KEY_ID));
+                    if (ki != null) {
+                        issuerKeyId = ki.getIdentifier();
+                    } else {
+                        issuerKeyId = new byte[0]; // no hash-based AKID present
+                    }
                 } catch (IOException e) {
                     // should never happen (because KEY_ID attr is supported)
                 }
@@ -1199,9 +1204,14 @@
             if (ski != null) {
 
                 try {
-                    subjectKeyId = ((KeyIdentifier)
-                        ski.get(SubjectKeyIdentifierExtension.KEY_ID))
-                            .getIdentifier();
+                    KeyIdentifier ki =
+                        ((KeyIdentifier) ski.get(
+                            SubjectKeyIdentifierExtension.KEY_ID));
+                    if (ki != null) {
+                        subjectKeyId = id.getIdentifier();
+                    } else {
+                        subjectKeyId = new byte[0];// no hash-based SKID present
+                    }
                 } catch (IOException e) {
                     // should never happen (because KEY_ID attr is supported)
                 }