RFR: 8158689: java.security.KeyPair should implement Destroyable
Weijun Wang
weijun at openjdk.java.net
Sat Oct 23 01:15:05 UTC 2021
On Fri, 22 Oct 2021 23:50:38 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
> Hi,
>
> I need a review of this change. It makes KeyPair implement Destroyable and implements the methods to call the underlying privateKey. It also sets the public and private key to 'final'.
>
> The bug includes a CSR and Release Notes
> CSR: https://bugs.openjdk.java.net/browse/JDK-8275823
> RN: https://bugs.openjdk.java.net/browse/JDK-8275826
I just think this is not worth doing. Plus, there are conventions for `Destroyable` that need to be followed. For example, after one call `destroy()` on a `KeyPair`, can `getPrivateKey()` still be called? Should it throw an `IllegalStateException`?
Also, `PrivateKey` has implemented `Destroyable `for quite some time and it looks like none of its implementations inside JDK has actually implemented this method. This seems a more valuable thing to do. There are other interfaces like `KeySpec` (or some of its children) that should also implement `Destroyable`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6089
More information about the security-dev
mailing list