[jboss-jira] [JBoss JIRA] (ELY-1288) Elytron: OTP seed as byte array instead of String
Yeray Borges (JIRA)
issues at jboss.org
Fri Jul 14 09:38:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yeray Borges reassigned ELY-1288:
---------------------------------
Assignee: Yeray Borges (was: Darran Lofthouse)
> Elytron: OTP seed as byte array instead of String
> -------------------------------------------------
>
> Key: ELY-1288
> URL: https://issues.jboss.org/browse/ELY-1288
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Yeray Borges
>
> The {{org.wildfly.security.password.interfaces.OneTimePassword}} interface contains {{getSeed()}} method which is of type {{byte[]}}. The more proper type seems to be a {{String}} (or {{char[]}}).
> The {{OneTimePassword}} interface type description says:
> bq. A one-time password, used by the OTP SASL mechanism.
> The [OTP RFC 2289|https://tools.ietf.org/html/rfc2289] says
> {noformat}
> The seed MUST consist of purely alphanumeric characters and MUST be
> of one to 16 characters in length. The seed is a string of characters
> that MUST not contain any blanks and SHOULD consist of strictly
> alphanumeric characters from the ISO-646 Invariant Code Set. The
> seed MUST be case insensitive and MUST be internally converted to
> lower case before it is processed.
> {noformat}
> *Suggested fix:*
> Change the {{getSeed()}} method type to String.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list