8286259: Password cleanup after KeyStore.PasswordProtection in P11KeyStore

Reviewed-by: valeriep
2022-06-27 23:15:13 +00:00 · 2022-06-27 23:15:13 +00:00 · ca78f7bd76
commit ca78f7bd76
parent e322e77e95
1 changed files with 13 additions and 1 deletions
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
@ -57,6 +57,7 @@ import java.security.spec.*;
 import javax.crypto.SecretKey;
 import javax.crypto.interfaces.*;

+import javax.security.auth.DestroyFailedException;
 import javax.security.auth.x500.X500Principal;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.callback.Callback;
@ -454,7 +455,18 @@ final class P11KeyStore extends KeyStoreSpi {
        } catch (NullPointerException | IllegalArgumentException e) {
            throw new KeyStoreException(e);
        }
-        engineSetEntry(alias, entry, new KeyStore.PasswordProtection(password));
+
+        KeyStore.PasswordProtection passwordProtection =
+                new KeyStore.PasswordProtection(password);
+        try {
+            engineSetEntry(alias, entry, passwordProtection);
+        } finally {
+            try {
+                passwordProtection.destroy();
+            } catch (DestroyFailedException dfe) {
+                // ignore
+            }
+        }
    }

    /**