On Thu, 21 Apr 2022 06:55:22 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> Please review this password cleanup enhancement in the PasswordCallback >> implementation. This is one of the effort to clean up the buffered >> passwords. >> >> The PasswordCallback.setPassword() clones the password, but is not >> registered for cleanup. An application could call clearPassword() for the >> purpose, but it would be nice to cleanup the buffer as well if >> clearPassword() was not called in an application. And, if the setPassword() >> get called multiple times, the clearPassword() should also be called the >> same times if not relying on finalization. It could be fragile in practice. > > Xue-Lei Andrew Fan has updated the pull request incrementally with one > additional commit since the last revision: > > Code clean up per feedback test/jdk/javax/security/auth/callback/PasswordCleanup.java line 58: > 56: } > 57: > 58: private static void clearWithMethod() throws Exception { This looks like the exact same test as `clearAtCollection`. test/jdk/javax/security/auth/callback/PasswordCleanup.java line 74: > 72: } > 73: > 74: private static void checkClearing() throws Exception { How is this test testing that the password is cleared? test/jdk/javax/security/auth/callback/PasswordCleanup.java line 83: > 81: // Check if the object has been collected. > 82: if (weakHashMap.size() > 0) { > 83: throw new RuntimeException("GSSName object is not released"); Did you mean to say "PasswordCallback object is not released"? ------------- PR: https://git.openjdk.java.net/jdk/pull/8272