RFR: 8284910: Buffer clean in PasswordCallback [v4]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Tue Apr 26 15:48:51 UTC 2022
On Tue, 26 Apr 2022 15:19:30 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> The test case is used to check that the Cleaner used is not bind to 'this' object, and the cleaner during finalization could work. Unfortunately, as the cleaner behavior is not visible, I don't find a way to automated test that the password is really cleared during finalization.
>
> Ok, then I would suggest changing the name of the test as it is misleading. I suggest creating a directory named "PasswordCallback" and then adding a test named perhaps "CheckCleanerNotBoundToThis" or something like that. I would change the name of the `checkClearing` method as you are not checking if passwords are cleared. Also update the @summary to describe what it is actually testing. Use code comments if you need to explain it further.
The test has two case now. One is used to check the PasswordCallback object collection at finalization. The other one is check the password clearing for clearPassword() method. Is it better to split into two test files so that the class name could be better fit the purpose?
-------------
PR: https://git.openjdk.java.net/jdk/pull/8272
More information about the security-dev
mailing list