Null-check-in-finally pattern in javax/security documentation

Florian Weimer fweimer at bfk.de
Tue Jun 14 04:26:58 PDT 2011


It seems to me this incorrect advice should be removed from the
documentation, like this:

diff -r 7a341c412ea9 -r 77b101812a2e src/share/classes/java/security/KeyStore.java
--- a/src/share/classes/java/security/KeyStore.java	Tue Jun 07 14:01:12 2011 -0700
+++ b/src/share/classes/java/security/KeyStore.java	Tue Jun 14 13:16:19 2011 +0200
@@ -113,14 +113,11 @@
  *    // get user password and file input stream
  *    char[] password = getPassword();
  *
- *    java.io.FileInputStream fis = null;
+ *    java.io.FileInputStream fis = new java.io.FileInputStream("keyStoreName");
  *    try {
- *        fis = new java.io.FileInputStream("keyStoreName");
  *        ks.load(fis, password);
  *    } finally {
- *        if (fis != null) {
- *            fis.close();
- *        }
+ *        fis.close();
  *    }
  * </pre>
  *
@@ -146,14 +143,11 @@
  *    ks.setEntry("secretKeyAlias", skEntry, protParam);
  *
  *    // store away the keystore
- *    java.io.FileOutputStream fos = null;
+ *    java.io.FileOutputStream fos = new java.io.FileOutputStream("newKeyStoreName");
  *    try {
- *        fos = new java.io.FileOutputStream("newKeyStoreName");
  *        ks.store(fos, password);
  *    } finally {
- *        if (fos != null) {
- *            fos.close();
- *        }
+ *        fos.close();
  *    }
  * </pre>
  *
diff -r 7a341c412ea9 -r 77b101812a2e src/share/classes/java/security/cert/X509CRL.java
--- a/src/share/classes/java/security/cert/X509CRL.java	Tue Jun 07 14:01:12 2011 -0700
+++ b/src/share/classes/java/security/cert/X509CRL.java	Tue Jun 14 13:16:19 2011 +0200
@@ -94,15 +94,12 @@
  * CRLs are instantiated using a certificate factory. The following is an
  * example of how to instantiate an X.509 CRL:
  * <pre><code>
- * InputStream inStream = null;
+ * InputStream inStream = new FileInputStream("fileName-of-crl");
  * try {
- *     inStream = new FileInputStream("fileName-of-crl");
  *     CertificateFactory cf = CertificateFactory.getInstance("X.509");
  *     X509CRL crl = (X509CRL)cf.generateCRL(inStream);
  * } finally {
- *     if (inStream != null) {
- *         inStream.close();
- *     }
+ *     inStream.close();
  * }
  * </code></pre>
  *
diff -r 7a341c412ea9 -r 77b101812a2e src/share/classes/java/security/cert/X509Certificate.java
--- a/src/share/classes/java/security/cert/X509Certificate.java	Tue Jun 07 14:01:12 2011 -0700
+++ b/src/share/classes/java/security/cert/X509Certificate.java	Tue Jun 14 13:16:19 2011 +0200
@@ -89,15 +89,12 @@
  * Certificates are instantiated using a certificate factory. The following is
  * an example of how to instantiate an X.509 certificate:
  * <pre>
- * InputStream inStream = null;
+ * InputStream inStream = new FileInputStream("fileName-of-cert");
  * try {
- *     inStream = new FileInputStream("fileName-of-cert");
  *     CertificateFactory cf = CertificateFactory.getInstance("X.509");
  *     X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
  * } finally {
- *     if (inStream != null) {
- *         inStream.close();
- *     }
+ *     inStream.close();
  * }
  * </pre>
  *

There are also instances in actual code (in
javax/crypto/JceSecurity.java, for instance), but changing them is
probably not worth it.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99



More information about the security-dev mailing list