[jboss-jira] [JBoss JIRA] (AS7-5275) Vault shared key is displaying the byte[] address

Tomaz Cerar (JIRA) jira-events at lists.jboss.org
Fri Aug 17 06:29:14 EDT 2012 

     [ https://issues.jboss.org/browse/AS7-5275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomaz Cerar updated AS7-5275:
-----------------------------

        Fix Version/s: 7.2.0.Alpha1
     Git Pull Request: https://github.com/jbossas/jboss-as/pull/2770  (was: https://github.com/jbossas/jboss-as/pull/2770)
    Affects Version/s: 7.1.2.Final (EAP)

    
> Vault shared key is displaying the byte[] address
> -------------------------------------------------
>
>                 Key: AS7-5275
>                 URL: https://issues.jboss.org/browse/AS7-5275
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 7.1.2.Final (EAP)
>         Environment: AS7 trunk branch
>            Reporter: Jeff Mesnil
>            Assignee: Stefan Guilhen
>            Priority: Critical
>             Fix For: 7.2.0.Alpha1
>
>
> I added a secured attribute with vault.sh but the shared key looked suspicious:
> {noformat}
> ********************************************
> Vault Block:HQ
> Attribute Name:thePass
> Shared Key:[B at 52621f0c
> Configuration should be done as follows:
> VAULT::HQ::thePass::[B at 52621f0c
> ********************************************
> {noformat}
> Looking at VaultSession#attributeCreatedDisplay(), the byte[] handshakeKey is displayed by calling toString() => this displays its address, not a textual representation of the bytes.
> When the shared key is read in RuntimeVaultReader, we call String.getBytes() to get back the byte[].
> A simple fix is to display the handshakeKey with new String(handshakeKey).
> However this will work only if the default charset is the same on machines that store the secured attribute and read from it.
> It'd be safe to use always the same Charset (e.g. US-ASCII or UTF-8).
> I've raised the priority to critical since it is not possible to use any secured attribute if the handshake is not properly displayed

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list