8286259: Password cleanup after KeyStore.PasswordProtection in P11KeyStore

Reviewed-by: valeriep

Author: Hai-May Chao

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java

@@ -57,6 +57,7 @@
 import javax.crypto.SecretKey;
 import javax.crypto.interfaces.*;
 
+import javax.security.auth.DestroyFailedException;
 import javax.security.auth.x500.X500Principal;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.callback.Callback;
@@ -454,7 +455,18 @@ public synchronized void engineSetKeyEntry(String alias, Key key,
         } catch (NullPointerException | IllegalArgumentException e) {
             throw new KeyStoreException(e);
         }
-        engineSetEntry(alias, entry, new KeyStore.PasswordProtection(password));
+
+        KeyStore.PasswordProtection passwordProtection =
+                new KeyStore.PasswordProtection(password);
+        try {
+            engineSetEntry(alias, entry, passwordProtection);
+        } finally {
+            try {
+                passwordProtection.destroy();
+            } catch (DestroyFailedException dfe) {
+                // ignore
+            }
+        }
     }
 
     /**