[jboss-jira] [JBoss JIRA] (AS7-5275) Vault shared key is displaying the byte[] address
Jeff Mesnil (JIRA)
jira-events at lists.jboss.org
Tue Jul 31 06:02:06 EDT 2012
Jeff Mesnil created AS7-5275:
--------------------------------
Summary: Vault shared key is displaying the byte[] address
Key: AS7-5275
URL: https://issues.jboss.org/browse/AS7-5275
Project: Application Server 7
Issue Type: Bug
Components: Security
Environment: AS7 trunk branch
Reporter: Jeff Mesnil
Assignee: Anil Saldhana
Priority: Critical
I added a secured attribute with vault.sh but the shared key looked suspicious:
{noformat}
********************************************
Vault Block:HQ
Attribute Name:thePass
Shared Key:[B at 52621f0c
Configuration should be done as follows:
VAULT::HQ::thePass::[B at 52621f0c
********************************************
{noformat}
Looking at VaultSession#attributeCreatedDisplay(), the byte[] handshakeKey is displayed by calling toString() => this displays its address, not a textual representation of the bytes.
When the shared key is read in RuntimeVaultReader, we call String.getBytes() to get back the byte[].
A simple fix is to display the handshakeKey with new String(handshakeKey).
However this will work only if the default charset is the same on machines that store the secured attribute and read from it.
It'd be safe to use always the same Charset (e.g. US-ASCII or UTF-8).
I've raised the priority to critical since it is not possible to use any secured attribute if the handshake is not properly displayed
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list