Coverage Summary for Class: PasswordUtils (com.acciente.oacc.sql.internal)

Class	Class, %	Method, %	Line, %
PasswordUtils	100% (1/ 1)	66.7% (2/ 3)	91.7% (11/ 12)
1 /*
2  * Copyright 2009-2018, Acciente LLC
3  *
4  * Acciente LLC licenses this file to you under the
5  * Apache License, Version 2.0 (the "License"); you
6  * may not use this file except in compliance with the
7  * License. You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in
12  * writing, software distributed under the License is
13  * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
14  * OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing
16  * permissions and limitations under the License.
17  */
18 package com.acciente.oacc.sql.internal;
19 
20 import com.acciente.oacc.Resource;
21 
22 public class PasswordUtils {
23    /**
24     * Computes a password string that is bound to the resource with which the password is
25     * associated. As a result of this binding, if the encrypted password of resource A
26     * were used to overwrite the encrypted password of a resource B, it would still not be
27     * possible to authenticate as resource B using the password for resource A.
28     * @param resource
29     * @param password
30     * @return
31     */
32    public static char[] computeBoundPassword(Resource resource, char[] password) {
33       final char[] resIdAsCharArray = String.valueOf(resource.getId()).toCharArray();
34       final int tailLength = password.length - password.length / 2;
35       char[] boundPassword = new char[password.length + resIdAsCharArray.length + tailLength];
36 
37       System.arraycopy(password, 0, boundPassword, 0, password.length);
38       System.arraycopy(resIdAsCharArray, 0, boundPassword, password.length, resIdAsCharArray.length);
39       System.arraycopy(password, password.length / 2, boundPassword, password.length + resIdAsCharArray.length, tailLength);
40 
41       return boundPassword;
42    }
43 
44    /**
45     * This method zeroes out all the elements of the passed in character array
46     * @param password a char array containing a password
47     */
48    public static void cleanPassword(char[] password) {
49       if (password != null) {
50          for (int i = 0; i < password.length; i++) {
51             password[i] = 0;
52          }
53       }
54    }
55 }