RFR: 8358451: SunJCE PBEKey impl should throw IllegalStateException when getEncoded() is called [v3]

[Sean Mullan]

On Fri, 27 Jun 2025 23:11:53 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Update the `PBEKey` class of the SunJCE provider which override the `javax.security.auth.Destroyable` interface to 
>> 
>> 1. throw `IllegalStateException` if `getEncoded()` is called after key is destroyed
>> 2. serialization of such destroyed `PBEKey` object will lead to exception. 
>>  
>> Also update the `PBEKeyFactory` class of the SunJCE provider to check for destroyed keys and throw exceptions per the method javadoc.
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Change "key" to "Key" in exception messages.

src/java.base/share/classes/javax/crypto/SecretKeyFactory.java line 375:

> 373:      * (e.g., the given key has an algorithm or format not supported by this
> 374:      * secret key factory).
> 375:      * @exception IllegalStateException if the given key is already destroyed.

This only checks if the key is destroyed when passed in. What if it is destroyed while the operation is in progress? It may or may not succeed depending on when the key is destroyed. I think we probably need to say something about that, maybe: "This exception may also be thrown if the given key is destroyed while this operation is in progress."

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25632#discussion_r2197881542