8297505: Declare fields in some sun.security.pkcs11 classes as final

Reviewed-by: valeriep

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java

@@ -88,7 +88,7 @@ final class Config {
     private static final boolean DEBUG = false;
 
     // file name containing this configuration
-    private String filename;
+    private final String filename;
 
     // Reader and StringTokenizer used during parsing
     private Reader reader;

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java

@@ -110,9 +110,9 @@ final class P11AEADCipher extends CipherSpi {
     private SecureRandom random = JCAUtil.getSecureRandom();
 
     // dataBuffer is cleared upon doFinal calls
-    private ByteArrayOutputStream dataBuffer = new ByteArrayOutputStream();
+    private final ByteArrayOutputStream dataBuffer = new ByteArrayOutputStream();
     // aadBuffer is cleared upon successful init calls
-    private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
+    private final ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
     private boolean updateCalled = false;
 
     private boolean requireReinit = false;

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java

@@ -1321,7 +1321,7 @@ final class NativeKeyHolder {
     private long keyID;
 
     // phantom reference notification clean up for session keys
-    private SessionKeyRef ref;
+    private final SessionKeyRef ref;
 
     private int refCount;
 

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyWrapCipher.java

@@ -117,7 +117,7 @@ final class P11KeyWrapCipher extends CipherSpi {
     private SecureRandom random = JCAUtil.getSecureRandom();
 
     // dataBuffer for storing enc/dec data; cleared upon doFinal calls
-    private ByteArrayOutputStream dataBuffer = new ByteArrayOutputStream();
+    private final ByteArrayOutputStream dataBuffer = new ByteArrayOutputStream();
 
     P11KeyWrapCipher(Token token, String algorithm, long mechanism)
             throws PKCS11Exception, NoSuchAlgorithmException {

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSACipher.java

@@ -625,7 +625,7 @@ final class ConstructKeys {
      *
      * @return a public key constructed from the encodedKey.
      */
-    private static final PublicKey constructPublicKey(byte[] encodedKey,
+    private static PublicKey constructPublicKey(byte[] encodedKey,
             String encodedKeyAlgorithm)
             throws InvalidKeyException, NoSuchAlgorithmException {
         try {
@@ -652,7 +652,7 @@ final class ConstructKeys {
      *
      * @return a private key constructed from the encodedKey.
      */
-    private static final PrivateKey constructPrivateKey(byte[] encodedKey,
+    private static PrivateKey constructPrivateKey(byte[] encodedKey,
             String encodedKeyAlgorithm) throws InvalidKeyException,
             NoSuchAlgorithmException {
         try {
@@ -679,12 +679,12 @@ final class ConstructKeys {
      *
      * @return a secret key constructed from the encodedKey.
      */
-    private static final SecretKey constructSecretKey(byte[] encodedKey,
+    private static SecretKey constructSecretKey(byte[] encodedKey,
             String encodedKeyAlgorithm) {
         return new SecretKeySpec(encodedKey, encodedKeyAlgorithm);
     }
 
-    static final Key constructKey(byte[] encoding, String keyAlgorithm,
+    static Key constructKey(byte[] encoding, String keyAlgorithm,
             int keyType) throws InvalidKeyException, NoSuchAlgorithmException {
         return switch (keyType) {
             case Cipher.SECRET_KEY -> constructSecretKey(encoding, keyAlgorithm);

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java

@@ -55,7 +55,7 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
     private final String algorithm;
 
     // mechanism id
-    private long mechanism;
+    private final long mechanism;
 
     @SuppressWarnings("deprecation")
     private TlsRsaPremasterSecretParameterSpec spec;

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java

@@ -43,7 +43,7 @@ public final class P11Util {
     // A cleaner, shared within this module.
     public static final Cleaner cleaner = Cleaner.create();
 
-    private static Object LOCK = new Object();
+    private static final Object LOCK = new Object();
 
     private static volatile Provider sun, sunRsaSign, sunJce;
 

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Session.java

@@ -135,7 +135,7 @@ final class Session implements Comparable<Session> {
     static boolean drainRefQueue() {
         boolean found = false;
         SessionRef next;
-        while ((next = (SessionRef) SessionRef.refQueue.poll())!= null) {
+        while ((next = (SessionRef) SessionRef.REF_QUEUE.poll())!= null) {
             found = true;
             next.dispose();
         }
@@ -150,24 +150,24 @@ final class Session implements Comparable<Session> {
 final class SessionRef extends PhantomReference<Session>
         implements Comparable<SessionRef> {
 
-    static ReferenceQueue<Session> refQueue = new ReferenceQueue<>();
+    static final ReferenceQueue<Session> REF_QUEUE = new ReferenceQueue<>();
 
-    private static Set<SessionRef> refList =
+    private static final Set<SessionRef> REF_LIST =
         Collections.synchronizedSortedSet(new TreeSet<>());
 
     // handle to the native session
-    private long id;
+    private final long id;
-    private Token token;
+    private final Token token;
 
     SessionRef(Session session, long id, Token token) {
-        super(session, refQueue);
+        super(session, REF_QUEUE);
         this.id = id;
         this.token = token;
-        refList.add(this);
+        REF_LIST.add(this);
     }
 
     void dispose() {
-        refList.remove(this);
+        REF_LIST.remove(this);
         try {
             if (token.isPresent(id)) {
                 token.p11.C_CloseSession(id);

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SessionManager.java

@@ -78,7 +78,7 @@ final class SessionManager {
     private final int maxSessions;
 
     // total number of active sessions
-    private AtomicInteger activeSessions = new AtomicInteger();
+    private final AtomicInteger activeSessions = new AtomicInteger();
 
     // pool of available object sessions
     private final Pool objSessions;
@@ -88,7 +88,7 @@ final class SessionManager {
 
     // maximum number of active sessions during this invocation, for debugging
     private int maxActiveSessions;
-    private Object maxActiveSessionsLock;
+    private final Object maxActiveSessionsLock;
 
     // flags to use in the C_OpenSession() call
     private final long openSessionFlags;
@@ -112,9 +112,9 @@ final class SessionManager {
         this.token = token;
         this.objSessions = new Pool(this, true);
         this.opSessions = new Pool(this, false);
-        if (debug != null) {
+        this.maxActiveSessionsLock = (debug != null)
-            maxActiveSessionsLock = new Object();
+                ? new Object()
-        }
+                : null;
     }
 
     // returns whether only a fairly low number of sessions are

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java

@@ -46,7 +46,7 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.RV.*;
  * @author  Andreas Sterbenz
  * @since   1.5
  */
-class Token implements Serializable {
+final class Token implements Serializable {
 
     // need to be serializable to allow SecureRandom to be serialized
     @Serial