[jboss-jira] [JBoss JIRA] (AS7-5275) Vault shared key is displaying the byte[] address

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Wed Aug 1 11:12:07 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-5275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709194#comment-12709194 ] 

Stefan Guilhen commented on AS7-5275:
-------------------------------------

This is odd, at first I would think the two things are not related. I'll try applying your patch and see what I get here.
                
> Vault shared key is displaying the byte[] address
> -------------------------------------------------
>
>                 Key: AS7-5275
>                 URL: https://issues.jboss.org/browse/AS7-5275
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Security
>         Environment: AS7 trunk branch
>            Reporter: Jeff Mesnil
>            Assignee: Stefan Guilhen
>            Priority: Critical
>
> I added a secured attribute with vault.sh but the shared key looked suspicious:
> {noformat}
> ********************************************
> Vault Block:HQ
> Attribute Name:thePass
> Shared Key:[B at 52621f0c
> Configuration should be done as follows:
> VAULT::HQ::thePass::[B at 52621f0c
> ********************************************
> {noformat}
> Looking at VaultSession#attributeCreatedDisplay(), the byte[] handshakeKey is displayed by calling toString() => this displays its address, not a textual representation of the bytes.
> When the shared key is read in RuntimeVaultReader, we call String.getBytes() to get back the byte[].
> A simple fix is to display the handshakeKey with new String(handshakeKey).
> However this will work only if the default charset is the same on machines that store the secured attribute and read from it.
> It'd be safe to use always the same Charset (e.g. US-ASCII or UTF-8).
> I've raised the priority to critical since it is not possible to use any secured attribute if the handshake is not properly displayed

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list