/** * Builds an {@linkplain OperationalAttributes operational attribute} that * represents the password of an object on a target system or application. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code Attribute} with the * {@linkplain OperationalAttributes#PASSWORD_NAME predefined name * for password}. */ public static Attribute buildPassword(final char[] password) { return buildPassword(new GuardedString(password)); }
protected String getString(GuardedString guardedString) { if (guardedString == null) { return null; } final String[] passwdArray = { null }; guardedString.access(new Accessor() { @Override public void access(char[] passwdChars) { String password = new String(passwdChars); checkPasswordPolicies(password); passwdArray[0] = password; } }); return passwdArray[0]; }
/** * Create a copy of the string. If this instance is read-only, * the copy will not be read-only. * @return A copy of the string. * @throws IllegalStateException If the string has been disposed */ public GuardedString copy() { checkNotDisposed(); byte [] encryptedBytes2 = new byte[_encryptedBytes.length]; System.arraycopy(_encryptedBytes, 0, encryptedBytes2, 0, _encryptedBytes.length); GuardedString rv = new GuardedString(); rv._encryptedBytes = encryptedBytes2; return rv; }
/** * Appends a single clear-text character to the secure string. * The in-memory data will be decrypted, the character will be * appended, and then it will be re-encrypted. * @param c The character to append. * @throws IllegalStateException If the string is read-only * @throws IllegalStateException If the string has been disposed */ public void appendChar(char c) { checkNotDisposed(); checkWriteable(); char [] clearChars = null; char [] clearChars2 = null; try { clearChars = decryptChars(); clearChars2 = new char[clearChars.length+1]; System.arraycopy(clearChars, 0, clearChars2, 0, clearChars.length); clearChars2[clearChars2.length-1] = c; encryptChars(clearChars2); } finally { SecurityUtil.clear(clearChars); SecurityUtil.clear(clearChars2); } }
/** * Provides access to the clear-text value of the string in a controlled fashion. * The clear-text characters will only be available for the duration of the call * and automatically zeroed out following the call. * * <p> * <b>NOTE:</b> Callers are encouraged to use {@link #verifyBase64SHA1Hash(String)} * where possible if the intended use is merely to verify the contents of * the string match an expected hash value. * @param accessor Accessor callback. * @throws IllegalStateException If the string has been disposed */ public void access(Accessor accessor) { checkNotDisposed(); char [] clearChars = null; try { clearChars = decryptChars(); accessor.access(clearChars); } finally { SecurityUtil.clear(clearChars); } }
@Test public void testUnicode() { for (int i = 0; i < 0xFFFF; i++) { final int expected = i; char c = (char) i; GuardedString gs = new GuardedString(new char[] { c }); gs.access((char[] clearChars) -> { int v = (int) clearChars[0]; assertEquals(v, expected); }); } }
@Test public void testDispose() { GuardedString str = new GuardedString("foo".toCharArray()); str.dispose(); try { decryptToString(str); str.isReadOnly(); fail("expected exception"); } catch (IllegalStateException e) { str.appendChar('c'); fail("expected exception"); } catch (IllegalStateException e) { str.copy(); fail("expected exception"); } catch (IllegalStateException e) { str.verifyBase64SHA1Hash("foo"); fail("expected exception"); } catch (IllegalStateException e) {
@Test public void testEquals() { GuardedString str1 = new GuardedString(); GuardedString str2 = new GuardedString(); assertEquals(str1, str2); str2.appendChar('2'); assertFalse(str1.equals(str2)); str1.appendChar('2'); assertEquals(str1, str2); }
@Test public void testBasics() { GuardedString str = new GuardedString("foo".toCharArray()); assertEquals(decryptToString(str), "foo"); str.appendChar('2'); assertEquals(decryptToString(str), "foo2"); assertFalse(str.verifyBase64SHA1Hash(SecurityUtil .computeBase64SHA1Hash("foo".toCharArray()))); assertTrue(str.verifyBase64SHA1Hash(SecurityUtil .computeBase64SHA1Hash("foo2".toCharArray()))); }
@Test public void testReadOnly() { GuardedString str = new GuardedString("foo".toCharArray()); assertFalse(str.isReadOnly()); str.makeReadOnly(); assertTrue(str.isReadOnly()); assertEquals(decryptToString(str), "foo"); try { str.appendChar('2'); fail("expected exception"); } catch (IllegalStateException e) { /* ignore */ } str = str.copy(); assertEquals(decryptToString(str), "foo"); str.appendChar('2'); assertEquals(decryptToString(str), "foo2"); }
authorized = key.verifyBase64SHA1Hash(connectorServer.getKeyHash()); } finally { key.dispose();
/** * Returns true if this string has been marked read-only. * * @return true if this string has been marked read-only. * @throws IllegalStateException * If the string has been disposed */ public boolean isReadOnly() { checkNotDisposed(); return readOnly; }
/** * {@inheritDoc} */ @Override public boolean equals(Object o) { if (o instanceof RemoteFrameworkConnectionInfo) { RemoteFrameworkConnectionInfo other = (RemoteFrameworkConnectionInfo) o; if (!getHost().equals(other.getHost())) { return false; } if (getPort() != other.getPort()) { return false; } if (getUseSSL() != other.getUseSSL()) { return false; } if (!getTrustManagers().equals(other.getTrustManagers())) { return false; } if (!getKey().equals(other.getKey())) { return false; } if (getTimeout() != other.getTimeout()) { return false; } return true; } return false; }
final String origString = "Shiver me timbers"; GuardedString guardedString = new GuardedString(origString.toCharArray()); guardedString.access(new GuardedString.Accessor() { @Override public void access(char[] decryptedChars) {
/** * Appends a single clear-text character to the secure string. * * The in-memory data will be decrypted, the character will be appended, and * then it will be re-encrypted. * * @param c * The character to append. * @throws IllegalStateException * If the string is read-only * @throws IllegalStateException * If the string has been disposed */ public void appendChar(char c) { checkNotDisposed(); checkWriteable(); char[] clearChars = null; char[] clearChars2 = null; try { clearChars = decryptChars(); clearChars2 = new char[clearChars.length + 1]; System.arraycopy(clearChars, 0, clearChars2, 0, clearChars.length); clearChars2[clearChars2.length - 1] = c; encryptChars(clearChars2); } finally { SecurityUtil.clear(clearChars); SecurityUtil.clear(clearChars2); } }
authorized = key.verifyBase64SHA1Hash(connectorServer.getKeyHash()); } finally { key.dispose();
/** * Provides access to the clear-text value of the string in a controlled * fashion. * * The clear-text characters will only be available for the duration of the * call and automatically zeroed out following the call. * <p> * <b>NOTE:</b> Callers are encouraged to use * {@link #verifyBase64SHA1Hash(String)} where possible if the intended use * is merely to verify the contents of the string match an expected hash * value. * * @param accessor * Accessor callback. * @throws IllegalStateException * If the string has been disposed */ public void access(Accessor accessor) { checkNotDisposed(); char[] clearChars = null; try { clearChars = decryptChars(); accessor.access(clearChars); } finally { SecurityUtil.clear(clearChars); } }
/** * Mark this string as read-only. * * @throws IllegalStateException * If the string has been disposed */ public void makeReadOnly() { checkNotDisposed(); readOnly = true; }
return false; if (!getKey().equals(other.getKey())) { return false;
/** * Builds an {@linkplain AttributeDelta of operational attribute} that * represents the password of an object on a target system or application. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code AttributeDelta} with the * {@linkplain OperationalAttributes#PASSWORD_NAME predefined name * for password}. */ public static AttributeDelta buildPassword(final char[] password) { return buildPassword(new GuardedString(password)); }