diff --git a/cli/src/main/java/com/schibsted/security/strongbox/cli/viewmodel/SecretModel.java b/cli/src/main/java/com/schibsted/security/strongbox/cli/viewmodel/SecretModel.java index 6f24fb6..dd59a57 100644 --- a/cli/src/main/java/com/schibsted/security/strongbox/cli/viewmodel/SecretModel.java +++ b/cli/src/main/java/com/schibsted/security/strongbox/cli/viewmodel/SecretModel.java @@ -144,7 +144,7 @@ private byte[] fromStdin() { if (secretValue == null) { throw new IllegalArgumentException("A secret value must be specified"); } - return asBytes(secretValue); + return SecretValueConverter.asBytes(secretValue); } else { // Piped in return IOUtils.toByteArray(inputStream); @@ -164,15 +164,6 @@ private static byte[] extractValueFromFile(String valueFile) { } } - private byte[] asBytes(char[] chars) { - CharBuffer charBuffer = CharBuffer.wrap(chars); - ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer); - - BestEffortShredder.shred(chars); - - return byteBuffer.array(); - } - private static int booleanIfExists(String value) { return (value != null) ? 1 : 0; } diff --git a/sdk/src/main/java/com/schibsted/security/strongbox/sdk/internal/converter/SecretValueConverter.java b/sdk/src/main/java/com/schibsted/security/strongbox/sdk/internal/converter/SecretValueConverter.java index eaa825c..eb518dd 100644 --- a/sdk/src/main/java/com/schibsted/security/strongbox/sdk/internal/converter/SecretValueConverter.java +++ b/sdk/src/main/java/com/schibsted/security/strongbox/sdk/internal/converter/SecretValueConverter.java @@ -8,6 +8,9 @@ import com.schibsted.security.strongbox.sdk.types.SecretType; import com.schibsted.security.strongbox.sdk.types.SecretValue; +import java.nio.ByteBuffer; +import java.nio.CharBuffer; +import java.nio.charset.Charset; import java.util.Arrays; /** @@ -28,4 +31,15 @@ public static SecretValue inferEncoding(byte[] value, SecretType secretType) { return new SecretValue(value, secretType); } } + + public static byte[] asBytes(char[] chars) { + CharBuffer charBuffer = CharBuffer.wrap(chars); + ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer); + byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit()); + + BestEffortShredder.shred(charBuffer.array()); + BestEffortShredder.shred(byteBuffer.array()); + + return bytes; + } } diff --git a/sdk/src/test/java/com/schibsted/security/strongbox/sdk/SecretValueConverterTest.java b/sdk/src/test/java/com/schibsted/security/strongbox/sdk/SecretValueConverterTest.java new file mode 100644 index 0000000..18cc95f --- /dev/null +++ b/sdk/src/test/java/com/schibsted/security/strongbox/sdk/SecretValueConverterTest.java @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2018 Schibsted Products & Technology AS. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + */ + +package com.schibsted.security.strongbox.sdk; + +import com.schibsted.security.strongbox.sdk.internal.converter.SecretValueConverter; +import org.testng.annotations.Test; + +import java.nio.charset.Charset; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.core.Is.is; + +/** + * @author jwarlander + */ +public class SecretValueConverterTest { + @Test + public void chars_to_bytes() { + String str = "beeboopfoobarblahblahthisisalongstringyeah"; + char[] charsFromString = str.toCharArray(); + byte[] bytesFromString = str.getBytes(Charset.forName("UTF-8")); + assertThat(SecretValueConverter.asBytes(charsFromString), is(bytesFromString)); + + // Our initial char array above should be shredded now; eg. only nulls + char[] emptyCharArray = new char[bytesFromString.length]; + assertThat(charsFromString, is(emptyCharArray)); + } +}