From ac42fb296a8b38a605737d8af94c5c9bf3a14a17 Mon Sep 17 00:00:00 2001
From: Marek Urbaniak <8502071+marekoid@users.noreply.github.com>
Date: Wed, 1 Apr 2020 17:39:20 +0100
Subject: [PATCH] Remove clear key revisit TODO

After reading a bit that seems the best sensible effort
feature that can be achieved in Java.
---
 .../com/pusher/client/crypto/nacl/SecretBoxOpener.java    | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/pusher/client/crypto/nacl/SecretBoxOpener.java b/src/main/java/com/pusher/client/crypto/nacl/SecretBoxOpener.java
index ed85944c..85ad6fe4 100644
--- a/src/main/java/com/pusher/client/crypto/nacl/SecretBoxOpener.java
+++ b/src/main/java/com/pusher/client/crypto/nacl/SecretBoxOpener.java
@@ -26,8 +26,7 @@ a copy of this software and associated documentation files (the "Software"),
 
 import static com.pusher.client.util.internal.Preconditions.checkArgument;
 import static com.pusher.client.util.internal.Preconditions.checkNotNull;
-
-import java.util.Arrays;
+import static java.util.Arrays.fill;
 
 public class SecretBoxOpener {
 
@@ -97,13 +96,12 @@ public byte[] open(byte[] box, byte[] nonce) throws AuthenticityException {
     }
 
     public void clearKey() {
-        Arrays.fill(key, (byte) 0);
+        fill(key, (byte) 0);
         if (key[0] != 0) {
+            // so that hopefully the optimiser won't remove the clearing code (best sensible effort)
             throw new SecurityException("key not cleared correctly");
         }
         key = null;
-        // TODO: ensure implemented securely (so that the clearing code
-        //  is not removed by compiler's optimisations)
     }
 
     // subKey = byte[32], counter = byte[16], nonce = byte[24], key = byte[32]