Mercurial > hg > openjdk > jdk6 > jdk
changeset 1801:0ed664b26a02
8182362: Update CipherOutputStream Usage
Summary: Clarify spec of CipherOutputStream in Javadoc comments
Reviewed-by: ascarpino
| author | apetcher |
|---|---|
| date | Tue, 16 Jan 2018 13:27:03 +0530 |
| parents | ffa10f8080d0 |
| children | 72ead60050ac |
| files | src/share/classes/javax/crypto/CipherOutputStream.java |
| diffstat | 1 files changed, 10 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/javax/crypto/CipherOutputStream.java Mon Jan 15 13:17:33 2018 +0000 +++ b/src/share/classes/javax/crypto/CipherOutputStream.java Tue Jan 16 13:27:03 2018 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,15 @@ * java.io.OutputStream and java.io.FilterOutputStream. This class * has exactly those methods specified in its ancestor classes, and * overrides them all. Moreover, this class catches all exceptions - * that are not thrown by its ancestor classes. + * that are not thrown by its ancestor classes. In particular, this + * class catches BadPaddingException and other exceptions thrown by + * failed integrity checks during decryption. These exceptions are not + * re-thrown, so the client will not be informed that integrity checks + * failed. Because of this behavior, this class may not be suitable + * for use with decryption in an authenticated mode of operation (e.g. GCM) + * if the application requires explicit notification when authentication + * fails. Such an application can use the Cipher API directly as an + * alternative to using this class. * * <p> It is crucial for a programmer using this class not to use * methods that are not defined or overriden in this class (such as a