Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8228429

Destroyed PBEKey behaves incorrectly

XMLWordPrintable

      A DESCRIPTION OF THE PROBLEM :
      JDK-8208583 implemented the destruction of com.sun.crypto.provider.PBEKey, however this implementation is incomplete.

      Destroyable.destroy() says that IllegalStateExceptions should be thrown if a method would access the destroyed data. But currently NullPointerExceptions are thrown because the destroyed state is not checked.

      This also affects Java 8.

      Have for example a look at javax.security.auth.kerberos.KerberosTicket to see how destroyed objects can be handled.


      ---------- BEGIN SOURCE ----------
      import javax.crypto.SecretKey;
      import javax.crypto.SecretKeyFactory;
      import javax.crypto.spec.PBEKeySpec;

      public class PBEKeyDestructionTest {
          public static void main(String[] args) throws Exception {
              final SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
              final SecretKey pbeKey = factory.generateSecret(new PBEKeySpec("test".toCharArray()));
              pbeKey.destroy();
              // Expecting IllegalStateException as described by Destroyable.destroy()
              pbeKey.getEncoded();
              // Also affects other methods, e.g. hashCode()
          }
      }
      ---------- END SOURCE ----------

      FREQUENCY : always


            coffeys Sean Coffey
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: