On Wed, 11 May 2022 04:05:27 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> It's possible, more refactoring would be needed and not necessarily less >> lines of code. With your suggested change, the caller has to explicitly >> destroy the derived key after the cipher.engineInit() call. This would be >> repeated in all PKCS12 PBE cipher impl classes, but then there'd be no >> casting of the actual classes. I assume this is what you are referring to? >> Can code it out and see how it looks. > > If the returned key-and-iv class implements Closeable, then you can do a > try-with-resources to destroy the key, which saves you more lines. Yes, good point, will do so. ------------- PR: https://git.openjdk.java.net/jdk/pull/8521