Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove NUL padding when reading secrets from stdin (#76)
* Respect the limit when converting a ByteBuffer to an array * Explicitly make use of 'position' + clean up intermediate storage * Don't clear wrapped char array twice * Move 'asBytes()' to 'SecretValueConverter' + add tests
- Loading branch information
1 parent
f251a8f
commit 1ad8392
Showing
3 changed files
with
45 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
30 changes: 30 additions & 0 deletions
30
sdk/src/test/java/com/schibsted/security/strongbox/sdk/SecretValueConverterTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
/* | ||
* Copyright (c) 2018 Schibsted Products & Technology AS. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. | ||
*/ | ||
|
||
package com.schibsted.security.strongbox.sdk; | ||
|
||
import com.schibsted.security.strongbox.sdk.internal.converter.SecretValueConverter; | ||
import org.testng.annotations.Test; | ||
|
||
import java.nio.charset.Charset; | ||
|
||
import static org.hamcrest.MatcherAssert.assertThat; | ||
import static org.hamcrest.core.Is.is; | ||
|
||
/** | ||
* @author jwarlander | ||
*/ | ||
public class SecretValueConverterTest { | ||
@Test | ||
public void chars_to_bytes() { | ||
String str = "beeboopfoobarblahblahthisisalongstringyeah"; | ||
char[] charsFromString = str.toCharArray(); | ||
byte[] bytesFromString = str.getBytes(Charset.forName("UTF-8")); | ||
assertThat(SecretValueConverter.asBytes(charsFromString), is(bytesFromString)); | ||
|
||
// Our initial char array above should be shredded now; eg. only nulls | ||
char[] emptyCharArray = new char[bytesFromString.length]; | ||
assertThat(charsFromString, is(emptyCharArray)); | ||
} | ||
} |