Module ibm.crypto.hdwrcca
Package com.ibm.crypto.hdwrCCA.provider

Class IBMJCECCACleaner

java.lang.Object
com.ibm.crypto.hdwrCCA.provider.IBMJCECCACleaner
All Implemented Interfaces:
AutoCloseable
public class IBMJCECCACleaner extends Object implements AutoCloseable
This class replaces the deprecated finalize() method.

  • Constructor Summary

    Constructors
    Constructor
    Description
    IBMJCECCACleaner(byte[] sensitiveDataByte)
    Constructs an IBMJCECCACleaner object to securely manage sensitive byte data.
    IBMJCECCACleaner(char[] sensitiveData)
    Constructs an IBMJCECCACleaner object to securely manage sensitive character data.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    close()
    Closes this resource, clearing any sensitive data held and performing cleanup.
    Optional<char[]>
    sensitiveData()
    Retrieves a safe copy of the sensitive data (the char array) stored in this object.
    Optional<byte[]>
    sensitiveDataByte()
    Retrieves a safe copy of the sensitive data (the byte array) stored in this object.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • IBMJCECCACleaner

      public IBMJCECCACleaner(char[] sensitiveData)
      Constructs an IBMJCECCACleaner object to securely manage sensitive character data.

      This constructor takes an array of characters containing sensitive information and clones it to protect the integrity of the original data. It initializes a cleanup mechanism using a Runnable defined as a lambda expression that, when executed, will overwrite the cloned sensitive data with zeros, effectively clearing it from memory to minimize the risk of unauthorized access or data leakage.

      The cleaner function is registered for future execution, ensuring that the sensitive data can be securely erased when the IBMJCECCACleaner object is no longer in use or is eligible for garbage collection. This approach aids in maintaining data privacy and security throughout the lifecycle of the sensitive data.

      Parameters:
      sensitiveData - the character array containing the sensitive data to be managed and securely cleared when appropriate.

    • IBMJCECCACleaner

      public IBMJCECCACleaner(byte[] sensitiveDataByte)
      Constructs an IBMJCECCACleaner object to securely manage sensitive byte data.

      This constructor takes an array of bytes containing sensitive information and clones it to protect the integrity of the original data. It initializes a cleanup mechanism using a Runnable defined as a lambda expression that, when executed, will overwrite the cloned sensitive data with zeros, effectively clearing it from memory to minimize the risk of unauthorized access or data leakage.

      The cleaner function is registered for future execution, ensuring that the sensitive data can be securely erased when the IBMJCECCACleaner object is no longer in use or is eligible for garbage collection. This approach aids in maintaining data privacy and security throughout the lifecycle of the sensitive data.

      Parameters:
      sensitiveData - the byte array containing the sensitive data to be managed and securely cleared when appropriate.

  • Method Details

    • sensitiveData

      public Optional<char[]> sensitiveData()
      Retrieves a safe copy of the sensitive data (the char array) stored in this object.

      This method provides access to the sensitive data in a secure manner by returning an Optional that contains a clone of the internal character array. If the internal data is null, it returns an empty Optional instead. This approach ensures that any modifications to the returned data do not affect the original sensitive data stored within the object.

      Use this method to access the sensitive data when needed, and be mindful to handle the data securely to prevent any unauthorized access or data leaks.

      Returns:
      An Optional containing a clone of the sensitive data character array, or an empty Optional if the sensitive data is null.

    • sensitiveDataByte

      public Optional<byte[]> sensitiveDataByte()
      Retrieves a safe copy of the sensitive data (the byte array) stored in this object.

      This method provides access to the sensitive data in a secure manner by returning an Optional that contains a clone of the internal byte array. If the internal data is null, it returns an empty Optional instead. This approach ensures that any modifications to the returned data do not affect the original sensitive data stored within the object.

      Use this method to access the sensitive data when needed, and be mindful to handle the data securely to prevent any unauthorized access or data leaks.

      Returns:
      An Optional containing a clone of the sensitive data character array, or an empty Optional if the sensitive data is null.

    • close

      public void close()
      Closes this resource, clearing any sensitive data held and performing cleanup.

      This method sets any internal references to sensitive data to null to aid in their garbage collection and reduce the risk of sensitive data exposure. It also explicitly invokes the cleanup process on the cleanable resource associated with this object, which should contain logic to securely erase the sensitive data from memory.

      It's recommended to call this method when the instance is no longer needed to ensure that sensitive information is properly handled and memory resources are released in a timely manner. Failure to call this method could result in prolonged exposure of sensitive data in memory.

      Specified by:
      close in interface AutoCloseable