Class Password

java.lang.Object
org.mozilla.jss.util.Password
All Implemented Interfaces:
Serializable, Cloneable, PasswordCallback

public class Password extends Object implements PasswordCallback, Cloneable, Serializable
Stores a password. clear should be called when the password is no longer needed so that the sensitive information is not left in memory.

A Password can be used as a hard-coded PasswordCallback.

See Also:
  • Nested Class Summary

    Nested classes/interfaces inherited from interface org.mozilla.jss.util.PasswordCallback

    PasswordCallback.GiveUpException
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private boolean
     
    static org.slf4j.Logger
     
    private char[]
     
    private static final long
     
     
  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    private
    Don't use this if you aren't Password.
     
    Password(char[] pw)
    Creates a Password from a char array, then wipes the char array.
  • Method Summary

    Modifier and Type
    Method
    Description
    static byte[]
    charToByte(char[] charArray)
    Converts a char array to a null-terminated byte array using a standard encoding, which is currently UTF8.
    void
    Clears the password so that sensitive data is no longer present in memory.
    Clones the password.
    boolean
    Compares this password to another and returns true if they are the same.
    protected void
    Deprecated.
    finalize() in Object has been deprecated
    (package private) byte[]
    Returns a null-terminated byte array that is the byte-encoding of this password.
    char[]
    Returns a char array that is a copy of the password.
    char[]
    Returns the char array underlying this password.
    An implementation of PasswordCallback.getPasswordAgain.
    An implementation of PasswordCallback.getPasswordFirstAttempt.
    int
     
    static Password
    Reads a password from the console with echo disabled.
    static void
    wipeBytes(byte[] byteArray)
    Wipes a byte array by setting all its elements to zero.
    static void
    wipeChars(char[] charArray)
    Wipes a char array by setting all its elements to zero.

    Methods inherited from class java.lang.Object

    getClass, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      See Also:
    • logger

      public static org.slf4j.Logger logger
    • stackTrace

      private StackTraceElement[] stackTrace
    • password

      private char[] password
    • cleared

      private boolean cleared
  • Constructor Details

    • Password

      private Password()
      Don't use this if you aren't Password.
    • Password

      public Password(char[] pw)
      Creates a Password from a char array, then wipes the char array.
      Parameters:
      pw - A char[] containing the password. This array will be cleared (set to zeroes) by the constructor.
  • Method Details

    • getPasswordFirstAttempt

      public Password getPasswordFirstAttempt(PasswordCallbackInfo info) throws PasswordCallback.GiveUpException
      An implementation of PasswordCallback.getPasswordFirstAttempt. This allows a Password object to be treated as a PasswordCallback. This method simply returns a clone of the password.
      Specified by:
      getPasswordFirstAttempt in interface PasswordCallback
      Parameters:
      info - Information about the token that is being logged into.
      Returns:
      A copy of the password. The caller is responsible for clearing this copy.
      Throws:
      PasswordCallback.GiveUpException - If the callback does not want to supply a password.
    • equals

      public boolean equals(Object obj)
      Compares this password to another and returns true if they are the same.
      Overrides:
      equals in class Object
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • getPasswordAgain

      public Password getPasswordAgain(PasswordCallbackInfo info) throws PasswordCallback.GiveUpException
      An implementation of PasswordCallback.getPasswordAgain. This allows a Password object to be used as a PasswordCallback. This method is only called after a call to getPasswordFirstAttempt returned the wrong password. This means the password is incorrect and there's no sense returning it again, so a GiveUpException is thrown.
      Specified by:
      getPasswordAgain in interface PasswordCallback
      Parameters:
      info - Information about the token that is being logged into.
      Returns:
      The password. This password object is owned by and will be cleared by the caller.
      Throws:
      PasswordCallback.GiveUpException - If the callback does not want to supply a password. This may often be the case if the first attempt failed.
    • getChars

      public char[] getChars()
      Returns the char array underlying this password. It must not be modified in any way.
    • getCharCopy

      public char[] getCharCopy()
      Returns a char array that is a copy of the password. The caller is responsible for wiping the returned array, for example using wipeChars.
    • getByteCopy

      byte[] getByteCopy()
      Returns a null-terminated byte array that is the byte-encoding of this password. The returned array is a copy of the password. The caller is responsible for wiping the returned array, for example using wipeChars.
    • clear

      public void clear()
      Clears the password so that sensitive data is no longer present in memory. This should be called as soon as the password is no longer needed.
    • clone

      public Object clone()
      Clones the password. The resulting clone will be completely independent of the parent, which means it will have to be separately cleared.
      Overrides:
      clone in class Object
    • finalize

      @Deprecated protected void finalize() throws Throwable
      Deprecated.
      finalize() in Object has been deprecated
      The finalizer clears the sensitive information before releasing it to the garbage collector, but it should have been cleared manually before this point anyway.
      Overrides:
      finalize in class Object
      Throws:
      Throwable
    • charToByte

      public static byte[] charToByte(char[] charArray)
      Converts a char array to a null-terminated byte array using a standard encoding, which is currently UTF8. The caller is responsible for clearing the copy (with wipeBytes, for example).
      Parameters:
      charArray - A character array, which should not be null. It will be wiped with zeroes.
      Returns:
      A copy of the charArray, converted from Unicode to UTF8. It is the responsibility of the caller to clear the output byte array; wipeBytes is ideal for this purpose.
      See Also:
    • wipeBytes

      public static void wipeBytes(byte[] byteArray)
      Wipes a byte array by setting all its elements to zero. null must not be passed in.
    • wipeChars

      public static void wipeChars(char[] charArray)
      Wipes a char array by setting all its elements to zero. null must not be passed in.
    • readPasswordFromConsole

      public static Password readPasswordFromConsole() throws PasswordCallback.GiveUpException
      Reads a password from the console with echo disabled. This is a blocking call which will return after the user types a newline. It only works with ASCII password characters. The call is synchronized because it alters terminal settings in a way that is not thread-safe.
      Returns:
      The password the user entered at the command line.
      Throws:
      PasswordCallback.GiveUpException - If the user enters no password (just hits <enter>).