Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8228429

Destroyed PBEKey behaves incorrectly

    XMLWordPrintable

    Details

      Description

      A DESCRIPTION OF THE PROBLEM :
      JDK-8208583 implemented the destruction of com.sun.crypto.provider.PBEKey, however this implementation is incomplete.

      Destroyable.destroy() says that IllegalStateExceptions should be thrown if a method would access the destroyed data. But currently NullPointerExceptions are thrown because the destroyed state is not checked.

      This also affects Java 8.

      Have for example a look at javax.security.auth.kerberos.KerberosTicket to see how destroyed objects can be handled.


      ---------- BEGIN SOURCE ----------
      import javax.crypto.SecretKey;
      import javax.crypto.SecretKeyFactory;
      import javax.crypto.spec.PBEKeySpec;

      public class PBEKeyDestructionTest {
          public static void main(String[] args) throws Exception {
              final SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
              final SecretKey pbeKey = factory.generateSecret(new PBEKeySpec("test".toCharArray()));
              pbeKey.destroy();
              // Expecting IllegalStateException as described by Destroyable.destroy()
              pbeKey.getEncoded();
              // Also affects other methods, e.g. hashCode()
          }
      }
      ---------- END SOURCE ----------

      FREQUENCY : always


        Attachments

          Issue Links

            Activity

              People

              Assignee:
              coffeys Sean Coffey
              Reporter:
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: