RFR: 8284910: Buffer clean in PasswordCallback [v4]
Sean Mullan
mullan at openjdk.java.net
Tue Apr 26 15:22:53 UTC 2022
On Tue, 26 Apr 2022 04:27:37 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> test/jdk/javax/security/auth/callback/PasswordCleanup.java line 74:
>>
>>> 72: }
>>> 73:
>>> 74: private static void checkClearing() throws Exception {
>>
>> How is this test testing that the password is cleared?
>
> The test case is used to check that the Cleaner used is not bind to 'this' object, and the cleaner during finalization could work. Unfortunately, as the cleaner behavior is not visible, I don't find a way to automated test that the password is really cleared during finalization.
Ok, then I would suggest changing the name of the test as it is misleading. I suggest creating a directory named "PasswordCallback" and then adding a test named perhaps "CheckCleanerNotBoundToThis" or something like that. I would change the name of the `checkClearing` method as you are not checking if passwords are cleared. Also update the @summary to describe what it is actually testing. Use code comments if you need to explain it further.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8272
More information about the security-dev
mailing list