8284910: Buffer clean in PasswordCallback

Reviewed-by: mbalao, andrew
Backport-of: 89fd6d34f859d61d9cf5a1edf9419eee7c338390

Author: Yuri Nesterenko

jdk/src/share/classes/javax/security/auth/callback/PasswordCallback.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
 
 package javax.security.auth.callback;
 
+import java.util.Arrays;
+import sun.misc.Cleaner;
+
 /**
  * <p> Underlying security services instantiate and pass a
  * {@code PasswordCallback} to the {@code handle}
@@ -40,18 +43,22 @@ public class PasswordCallback implements Callback, java.io.Serializable {
      * @serial
      * @since 1.4
      */
-    private String prompt;
+    private final String prompt;
+
     /**
      * @serial
      * @since 1.4
      */
-    private boolean echoOn;
+    private final boolean echoOn;
+
     /**
      * @serial
      * @since 1.4
      */
     private char[] inputPassword;
 
+    private transient Cleaner cleaner;
+
     /**
      * Construct a {@code PasswordCallback} with a prompt
      * and a boolean specifying whether the password should be displayed
@@ -112,7 +119,18 @@ public boolean isEchoOn() {
      * @see #getPassword
      */
     public void setPassword(char[] password) {
+        // Cleanup the last buffered password copy.
+        if (cleaner != null) {
+            cleaner.clean();
+            cleaner = null;
+        }
+
+        // Set the retrieved password.
         this.inputPassword = (password == null ? null : password.clone());
+
+        if (this.inputPassword != null) {
+            cleaner = Cleaner.create(this, cleanerFor(inputPassword));
+        }
     }
 
     /**
@@ -134,9 +152,17 @@ public char[] getPassword() {
      * Clear the retrieved password.
      */
     public void clearPassword() {
-        if (inputPassword != null) {
-            for (int i = 0; i < inputPassword.length; i++)
-                inputPassword[i] = ' ';
+        // Cleanup the last retrieved password copy.
+        if (cleaner != null) {
+            cleaner.clean();
+            cleaner = null;
         }
     }
+
+    private static Runnable cleanerFor(char[] password) {
+        return () -> {
+            Arrays.fill(password, ' ');
+        };
+    }
+
 }

jdk/test/javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2022 THL A29 Limited, a Tencent company. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8284910
+ * @summary Check that the cleaner is not bound to the PasswordCallback object
+ */
+
+import javax.security.auth.callback.PasswordCallback;
+import java.util.WeakHashMap;
+
+public final class CheckCleanerBound {
+    private final static WeakHashMap<PasswordCallback, ?> weakHashMap =
+            new WeakHashMap<>();
+
+    public static void main(String[] args) throws Exception {
+        // Create an object
+        PasswordCallback passwordCallback =
+                new PasswordCallback("Password: ", false);
+        passwordCallback.setPassword("ThisIsAPassword".toCharArray());
+
+        weakHashMap.put(passwordCallback, null);
+        passwordCallback = null;
+
+        // Check if the PasswordCallback object could be collected.
+        // Wait to trigger the cleanup.
+        for (int i = 0; i < 10 && weakHashMap.size() != 0; i++) {
+            System.gc();
+        }
+
+        // Check if the object has been collected.  The collection will not
+        // happen if the cleaner implementation in PasswordCallback is bound
+        // to the PasswordCallback object.
+        if (weakHashMap.size() > 0) {
+            throw new RuntimeException(
+                "PasswordCallback object is not released");
+        }
+    }
+}
+

jdk/test/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2022 THL A29 Limited, a Tencent company. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8284910
+ * @summary Check that PasswordCallback.clearPassword() clears the password
+ */
+
+import javax.security.auth.callback.PasswordCallback;
+import java.util.Arrays;
+
+public final class PasswordCleanup {
+    public static void main(String[] args) throws Exception {
+        // Create an object
+        PasswordCallback passwordCallback =
+                new PasswordCallback("Password: ", false);
+        passwordCallback.setPassword("ThisIsAPassword".toCharArray());
+        char[] originPassword = passwordCallback.getPassword();
+
+        // Use password clear method.
+        passwordCallback.clearPassword();
+
+        // Check that the password is cleared.
+        char[] clearedPassword = passwordCallback.getPassword();
+        if (Arrays.equals(originPassword, clearedPassword)) {
+            throw new RuntimeException(
+                "PasswordCallback.clearPassword() does not clear passwords");
+        }
+    }
+}
+