RFR: 8208583: Better management of internal KeyStore buffers
Weijun Wang
weijun.wang at oracle.com
Thu Aug 2 16:05:41 UTC 2018
KeyProtector.java:
113 pbeKeySpec.clearPassword();
You can also put this into the finally block.
189 Arrays.fill(plain, (byte) 0x00);
Can this be in finally?
JavaKeyStore.java:
149 Arrays.fill(passwordBytes, (byte) 0x00);
In other cases, you call it in a finally block. Unnecessary here?
(Oops, every comment is about finally.)
KeyProtector.java:
123 public KeyProtector(byte[] password)
How about just "public KeyProtector(byte[] passwordBytes)"?
> On Aug 2, 2018, at 7:38 PM, Seán Coffey <sean.coffey at oracle.com> wrote:
>
> No - no problem at all. Some extra exception handling but probably best for the long run.
I wonder why DestroyedFailedException was a checked exception, what can we do if it's thrown?
Thanks
Max
>
> http://cr.openjdk.java.net/~coffeys/webrev.8208583.v3/webrev/index.html
>
> regards,
> Sean.
>
> On 02/08/2018 02:13, Weijun Wang wrote:
>>> 1.
>>>
>>> I wasn't able to rename to destroy since that method is reserved for the Destroyable interface. I've gone with destroyKey.
>>>
>> Sorry I wasn't clear but this is exactly what I meant. SecretKey implements Destroyable so you don't need to define sKey as PBEKey. Does it make any problem?
>>
>>
>
More information about the security-dev
mailing list