[jboss-jira] [JBoss JIRA] (ELY-1288) Elytron: OTP seed as byte array instead of String
Josef Cacek (JIRA)
issues at jboss.org
Fri Jul 14 08:44:00 EDT 2017
Josef Cacek created ELY-1288:
--------------------------------
Summary: Elytron: OTP seed as byte array instead of String
Key: ELY-1288
URL: https://issues.jboss.org/browse/ELY-1288
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
The {{org.wildfly.security.password.interfaces.OneTimePassword}} interface contains {{getSeed()}} method which is of type {{byte[]}}. The more proper type seems to be a {{String}} (or {{char[]}}).
The {{OneTimePassword}} interface type description says:
bq. A one-time password, used by the OTP SASL mechanism.
The [OTP RFC 2289|https://tools.ietf.org/html/rfc2289] says
{noformat}
The seed MUST consist of purely alphanumeric characters and MUST be
of one to 16 characters in length. The seed is a string of characters
that MUST not contain any blanks and SHOULD consist of strictly
alphanumeric characters from the ISO-646 Invariant Code Set. The
seed MUST be case insensitive and MUST be internally converted to
lower case before it is processed.
{noformat}
*Suggested fix:*
Change the {{getSeed()}} method type to String.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list