RFR: 8284910: Buffer clean in PasswordCallback [v6]

[Sean Mullan]

On Tue, 26 Apr 2022 16:04:14 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Please review this password cleanup enhancement in the PasswordCallback implementation.  This is one of the effort to clean up the buffered passwords.
>> 
>> The PasswordCallback.setPassword() clones the password, but is not registered for cleanup. An application could call clearPassword() for the purpose, but it would be nice to cleanup the buffer as well if clearPassword() was not called in an application. And, if the setPassword() get called multiple times, the clearPassword() should also be called the same times if not relying on finalization. It could be fragile in practice.
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   rename and split the test case

test/jdk/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java line 27:

> 25:  * @test
> 26:  * @bug 8284910
> 27:  * @summary Buffer clean in PasswordCallback

Make the summary more specific, ex: "Check that PasswordCallback.clearPassword() clears the password."

test/jdk/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java line 55:

> 53:         }
> 54: 
> 55:         // Check if the PasswordCallback object could be collected.

Since you are already checking if the Cleaner works properly in the `CheckCleanerBound` test, I don't see a reason why you need to test that again.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8272