JDK-8158689 : java.security.KeyPair should implement Destroyable
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8,9
  • Priority: P3
  • Status: Resolved
  • Resolution: Won't Fix
  • OS: generic
  • CPU: generic
  • Submitted: 2016-06-05
  • Updated: 2021-10-27
  • Resolved: 2021-10-27
Related Reports
CSR :  
JDK-8275823 - java.security.KeyPair should implement Destroyable
Relates :  
JDK-8228414 - KeyStore.PrivateKeyEntry and KeyStore.SecretKeyEntry should implement Destroyable
Relates :  
JDK-6263419 - No way to clean the memory for a java.security.Key
Sub Tasks
JDK-8275826 :  
Release Note: java.security.KeyPair is now Destroyable - Resolved
Description
It contains a Destroyable field but does not itself implement Destroyable which seems like an oversight.

private fields could/should also be final.

Probably too late but the constructor should have used Objects.requireNonNull on args.
Comments
After discussions we have decided to close this as will-no-fix. Keys in a multithreaded situations, could have catastrophic consequences f the key is being used elsewhere. IllegalStateException is also suppose to be thrown on a Destroyable object, that would be a new exception requirement for KeyPair.getPrivate() which would be a compatibility concern.
27-10-2021
Adding Destroyable and 'final' are good. I think it's less safe to require non-null and am not implementing that.
22-10-2021
PrivateKey was changed to extend Destroyable in JDK 8 (see JDK-6263419). Agree this looks like an oversight.
08-06-2016
@Override public boolean isDestroyed() { return null != privateKey ? true : privateKey.isDestroyed(); } @Override public void destroy() throws DestroyFailedException { if (privateKey != null) privateKey.destroy(); }
05-06-2016