Null-check-in-finally pattern in javax/security documentation

Sean Mullan sean.mullan at oracle.com
Fri Jun 17 11:58:49 PDT 2011


Bug has been filed. See: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7054969

--Sean

On 6/14/11 9:45 AM, Sean Mullan wrote:
> I was thinking the same thing. I'll file a bug to have this fixed in JDK 8.
>
> --Sean
>
> On 06/14/2011 08:43 AM, Chris Hegarty wrote:
>> In fact this looks like a good candidate for try-with-resources.
>>
>> -Chris.
>>
>> On 06/14/11 12:26 PM, Florian Weimer wrote:
>>> It seems to me this incorrect advice should be removed from the
>>> documentation, like this:
>>>
>>> diff -r 7a341c412ea9 -r 77b101812a2e
>>> src/share/classes/java/security/KeyStore.java
>>> --- a/src/share/classes/java/security/KeyStore.java Tue Jun 07
>>> 14:01:12 2011 -0700
>>> +++ b/src/share/classes/java/security/KeyStore.java Tue Jun 14
>>> 13:16:19 2011 +0200
>>> @@ -113,14 +113,11 @@
>>> * // get user password and file input stream
>>> * char[] password = getPassword();
>>> *
>>> - * java.io.FileInputStream fis = null;
>>> + * java.io.FileInputStream fis = new
>>> java.io.FileInputStream("keyStoreName");
>>> * try {
>>> - * fis = new java.io.FileInputStream("keyStoreName");
>>> * ks.load(fis, password);
>>> * } finally {
>>> - * if (fis != null) {
>>> - * fis.close();
>>> - * }
>>> + * fis.close();
>>> * }
>>> *</pre>
>>> *
>>> @@ -146,14 +143,11 @@
>>> * ks.setEntry("secretKeyAlias", skEntry, protParam);
>>> *
>>> * // store away the keystore
>>> - * java.io.FileOutputStream fos = null;
>>> + * java.io.FileOutputStream fos = new
>>> java.io.FileOutputStream("newKeyStoreName");
>>> * try {
>>> - * fos = new java.io.FileOutputStream("newKeyStoreName");
>>> * ks.store(fos, password);
>>> * } finally {
>>> - * if (fos != null) {
>>> - * fos.close();
>>> - * }
>>> + * fos.close();
>>> * }
>>> *</pre>
>>> *
>>> diff -r 7a341c412ea9 -r 77b101812a2e
>>> src/share/classes/java/security/cert/X509CRL.java
>>> --- a/src/share/classes/java/security/cert/X509CRL.java Tue Jun 07
>>> 14:01:12 2011 -0700
>>> +++ b/src/share/classes/java/security/cert/X509CRL.java Tue Jun 14
>>> 13:16:19 2011 +0200
>>> @@ -94,15 +94,12 @@
>>> * CRLs are instantiated using a certificate factory. The following is an
>>> * example of how to instantiate an X.509 CRL:
>>> *<pre><code>
>>> - * InputStream inStream = null;
>>> + * InputStream inStream = new FileInputStream("fileName-of-crl");
>>> * try {
>>> - * inStream = new FileInputStream("fileName-of-crl");
>>> * CertificateFactory cf = CertificateFactory.getInstance("X.509");
>>> * X509CRL crl = (X509CRL)cf.generateCRL(inStream);
>>> * } finally {
>>> - * if (inStream != null) {
>>> - * inStream.close();
>>> - * }
>>> + * inStream.close();
>>> * }
>>> *</code></pre>
>>> *
>>> diff -r 7a341c412ea9 -r 77b101812a2e
>>> src/share/classes/java/security/cert/X509Certificate.java
>>> --- a/src/share/classes/java/security/cert/X509Certificate.java Tue
>>> Jun 07 14:01:12 2011 -0700
>>> +++ b/src/share/classes/java/security/cert/X509Certificate.java Tue
>>> Jun 14 13:16:19 2011 +0200
>>> @@ -89,15 +89,12 @@
>>> * Certificates are instantiated using a certificate factory. The
>>> following is
>>> * an example of how to instantiate an X.509 certificate:
>>> *<pre>
>>> - * InputStream inStream = null;
>>> + * InputStream inStream = new FileInputStream("fileName-of-cert");
>>> * try {
>>> - * inStream = new FileInputStream("fileName-of-cert");
>>> * CertificateFactory cf = CertificateFactory.getInstance("X.509");
>>> * X509Certificate cert =
>>> (X509Certificate)cf.generateCertificate(inStream);
>>> * } finally {
>>> - * if (inStream != null) {
>>> - * inStream.close();
>>> - * }
>>> + * inStream.close();
>>> * }
>>> *</pre>
>>> *
>>>
>>> There are also instances in actual code (in
>>> javax/crypto/JceSecurity.java, for instance), but changing them is
>>> probably not worth it.
>>>
>



More information about the security-dev mailing list