/** * Create a copy of the string. If this instance is read-only, * the copy will not be read-only. * @return A copy of the string. * @throws IllegalStateException If the string has been disposed */ public GuardedString copy() { checkNotDisposed(); byte [] encryptedBytes2 = new byte[_encryptedBytes.length]; System.arraycopy(_encryptedBytes, 0, encryptedBytes2, 0, _encryptedBytes.length); GuardedString rv = new GuardedString(); rv._encryptedBytes = encryptedBytes2; return rv; }
/** * Builds an {@linkplain OperationalAttributes operational attribute} that * represents the password of an object on a target system or application. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code Attribute} with the * {@linkplain OperationalAttributes#PASSWORD_NAME predefined name * for password}. */ public static Attribute buildPassword(final char[] password) { return buildPassword(new GuardedString(password)); }
/** * Builds an {@linkplain OperationalAttributes operational attribute} that * represents the password of an object on a target system or application. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code Attribute} with the * {@linkplain OperationalAttributes#PASSWORD_NAME predefined name * for password}. */ public static Attribute buildPassword(final char[] password) { return buildPassword(new GuardedString(password)); }
/** * Builds an {@linkplain AttributeDelta of operational attribute} that * represents the password of an object on a target system or application. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code AttributeDelta} with the * {@linkplain OperationalAttributes#PASSWORD_NAME predefined name * for password}. */ public static AttributeDelta buildPassword(final char[] password) { return buildPassword(new GuardedString(password)); }
/** * Builds an {@linkplain OperationalAttributes operational attribute} * that represents the password of an object on a target system or application. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code Attribute} with the * {@linkplain OperationalAttributes#PASSWORD_NAME * predefined name for password}. */ public static Attribute buildPassword(final char[] password) { return buildPassword(new GuardedString(password)); }
/** * Builds an {@linkplain AttributeDelta of operational attribute} that * represents the password of an object on a target system or application. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code AttributeDelta} with the * {@linkplain OperationalAttributes#PASSWORD_NAME predefined name * for password}. */ public static AttributeDelta buildPassword(final char[] password) { return buildPassword(new GuardedString(password)); }
/** * Create a copy of the string. * * If this instance is read-only, the copy will not be read-only. * * @return A copy of the string. * @throws IllegalStateException * If the string has been disposed */ public GuardedString copy() { checkNotDisposed(); byte[] encryptedBytes2 = new byte[encryptedBytes.length]; System.arraycopy(encryptedBytes, 0, encryptedBytes2, 0, encryptedBytes.length); GuardedString rv = new GuardedString(); rv.encryptedBytes = encryptedBytes2; return rv; }
/** * Create a copy of the string. * * If this instance is read-only, the copy will not be read-only. * * @return A copy of the string. * @throws IllegalStateException * If the string has been disposed */ public GuardedString copy() { checkNotDisposed(); byte[] encryptedBytes2 = new byte[encryptedBytes.length]; System.arraycopy(encryptedBytes, 0, encryptedBytes2, 0, encryptedBytes.length); GuardedString rv = new GuardedString(); rv.encryptedBytes = encryptedBytes2; return rv; }
/** * Builds an {@linkplain OperationalAttributes operational attribute} * that represents the current password of an object on a target system or application. * <p> * Passing the current password indicates the account owner (and not an administrator) * is changing the password. The use case is that an administrator password change may * not keep history or validate against policy. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code Attribute} with the * {@linkplain OperationalAttributes#CURRENT_PASSWORD_NAME * predefined name for current password}. */ public static Attribute buildCurrentPassword(final char[] password) { return buildCurrentPassword(new GuardedString(password)); }
/** * Builds an {@linkplain AttributeDelta of operational attribute} that * represents the current password of an object on a target system or * application. * <p> * Passing the current password indicates the account owner (and not an * administrator) is changing the password. The use case is that an * administrator password change may not keep history or validate against * policy. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code AttributeDelta} with the * {@linkplain OperationalAttributes#CURRENT_PASSWORD_NAME * predefined name for current password}. */ public static AttributeDelta buildCurrentPassword(final char[] password) { return buildCurrentPassword(new GuardedString(password)); }
/** * Builds an {@linkplain OperationalAttributes operational attribute} that * represents the current password of an object on a target system or * application. * <p> * Passing the current password indicates the account owner (and not an * administrator) is changing the password. The use case is that an * administrator password change may not keep history or validate against * policy. * <p> * The caller is responsible for clearing out the array of characters. * * @param password * the characters that represent a password. * @return an {@code Attribute} with the * {@linkplain OperationalAttributes#CURRENT_PASSWORD_NAME * predefined name for current password}. */ public static Attribute buildCurrentPassword(final char[] password) { return buildCurrentPassword(new GuardedString(password)); }
public static GuardedString toGuardedString(ProtectedStringType ps, Protector protector, String propertyName) { if (ps == null) { return null; } if (!protector.isEncrypted(ps)) { if (ps.getClearValue() == null) { return null; } // LOGGER.warn("Using cleartext value for {}", propertyName); return new GuardedString(ps.getClearValue().toCharArray()); } try { return new GuardedString(protector.decryptString(ps).toCharArray()); } catch (EncryptionException e) { // LOGGER.error("Unable to decrypt value of element {}: {}", // new Object[] { propertyName, e.getMessage(), e }); throw new SystemException("Unable to decrypt value of element " + propertyName + ": " + e.getMessage(), e); } }
private ConnectorObject getFooConnectorObject() { ConnectorObjectBuilder builder = new ConnectorObjectBuilder(); builder.setUid("foo"); builder.addAttribute(Name.NAME, "foo"); builder.addAttribute(FAKE_ATTR_NAME, "fake foo"); GuardedString gs = new GuardedString("sup3rS3cr3tFak3".toCharArray()); builder.addAttribute(OperationalAttributes.PASSWORD_NAME,gs); builder.addAttribute(OperationalAttributes.ENABLE_NAME, true); return builder.build(); }
@Test public void testUnicode() { for (int i = 0; i < 0xFFFF; i++) { final int expected = i; char c = (char) i; GuardedString gs = new GuardedString(new char[] { c }); gs.access((char[] clearChars) -> { int v = (int) clearChars[0]; assertEquals(v, expected); }); } }
@Test public void testEquals() { GuardedString str1 = new GuardedString(); GuardedString str2 = new GuardedString(); assertEquals(str1, str2); str2.appendChar('2'); assertFalse(str1.equals(str2)); str1.appendChar('2'); assertEquals(str1, str2); }
@Override public Object deserialize(final ObjectDecoder decoder) { byte[] encryptedBytes = null; byte[] clearBytes = null; char[] clearChars = null; try { encryptedBytes = decoder.readByteArrayContents(); clearBytes = EncryptorFactory.getInstance().getDefaultEncryptor().decrypt(encryptedBytes); clearChars = SecurityUtil.bytesToChars(clearBytes); return new GuardedString(clearChars); } finally { SecurityUtil.clear(encryptedBytes); SecurityUtil.clear(clearBytes); SecurityUtil.clear(clearChars); } }
@Override public Object deserialize(final ObjectDecoder decoder) { byte[] encryptedBytes = null; byte[] clearBytes = null; char[] clearChars = null; try { encryptedBytes = decoder.readByteArrayContents(); clearBytes = EncryptorFactory.getInstance().getDefaultEncryptor().decrypt( encryptedBytes); clearChars = SecurityUtil.bytesToChars(clearBytes); return new GuardedString(clearChars); } finally { SecurityUtil.clear(encryptedBytes); SecurityUtil.clear(clearBytes); SecurityUtil.clear(clearChars); } }
@Override public Object deserialize(final ObjectDecoder decoder) { byte[] encryptedBytes = null; byte[] clearBytes = null; char[] clearChars = null; try { encryptedBytes = decoder.readByteArrayContents(); clearBytes = EncryptorFactory.getInstance().getDefaultEncryptor().decrypt( encryptedBytes); clearChars = SecurityUtil.bytesToChars(clearBytes); return new GuardedString(clearChars); } finally { SecurityUtil.clear(encryptedBytes); SecurityUtil.clear(clearBytes); SecurityUtil.clear(clearChars); } }
@Test public void testBasics() { GuardedString str = new GuardedString("foo".toCharArray()); assertEquals(decryptToString(str), "foo"); str.appendChar('2'); assertEquals(decryptToString(str), "foo2"); assertFalse(str.verifyBase64SHA1Hash(SecurityUtil .computeBase64SHA1Hash("foo".toCharArray()))); assertTrue(str.verifyBase64SHA1Hash(SecurityUtil .computeBase64SHA1Hash("foo2".toCharArray()))); }
@Test public void testReadOnly() { GuardedString str = new GuardedString("foo".toCharArray()); assertFalse(str.isReadOnly()); str.makeReadOnly(); assertTrue(str.isReadOnly()); assertEquals(decryptToString(str), "foo"); try { str.appendChar('2'); fail("expected exception"); } catch (IllegalStateException e) { /* ignore */ } str = str.copy(); assertEquals(decryptToString(str), "foo"); str.appendChar('2'); assertEquals(decryptToString(str), "foo2"); }