RFR: 8358451: SunJCE PBEKey impl should throw IllegalStateException when getEncoded() is called
Valerie Peng
valeriep at openjdk.org
Fri Jun 6 21:28:52 UTC 2025
On Wed, 4 Jun 2025 15:11:48 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Update the `PBEKey` class of the SunJCE provider which override the `javax.security.auth.Destroyable` interface to
>>
>> 1. throw `IllegalStateException` if `getEncoded()` is called after key is destroyed
>> 2. serialization of such destroyed `PBEKey` object will lead to exception.
>>
>> Also update the `PBEKeyFactory` class of the SunJCE provider to check for destroyed keys and throw exceptions per the method javadoc.
>
> src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java line 1:
>
>> 1: /*
>
> Shall we also throw ISE when `getFormat` and `getAlgorithm` are called? Calling these methods after the key is destroyed looks suspicious and may reveal a coding error.
Well, I see that throw `IllegalStateException` for almost all methods seems to be the style for the `Destroyable` impl classes under the `javax.security.auth.kerberos` package. But I am not sure if this would be too "noisy" for Key objects. At a minimum, we should throw `IllegalStateException` for method which trying to use the sensitive info which has been cleared out. However, if we throw `IllegalStateException` for all methods such as `getAlgorithm()`, then it may lead to even more `IllegalStateException` being thrown unexpectedly and may make troubleshooting harder.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25632#discussion_r2132926205
More information about the security-dev
mailing list