Wipe masterPassword on authentication & misc improvements.
This commit is contained in:
Maarten Billemont
@@ -77,7 +77,7 @@ public abstract class MPAlgorithm {
|
||||
* for the case where {@code resultType} is a {@link MPResultTypeClass#Stateful}.
|
||||
*/
|
||||
public abstract String siteResultFromState(byte[] masterKey, byte[] siteKey,
|
||||
MPResultType resultType, @Nullable String resultParam);
|
||||
MPResultType resultType, String resultParam);
|
||||
|
||||
/**
|
||||
* The result for {@link #siteResult(byte[], byte[], String, UnsignedInteger, MPKeyPurpose, String, MPResultType, String)}
|
||||
|
||||
@@ -44,13 +44,14 @@ public class MPMasterKey {
|
||||
|
||||
/**
|
||||
* @param masterPassword The characters of the user's master password.
|
||||
* Note: this array is held by reference and its contents invalidated on {@link #invalidate()}.
|
||||
* <b>Note: this method destroys the contents of the array.</b>
|
||||
*/
|
||||
@SuppressWarnings("AssignmentToCollectionOrArrayFieldFromParameter")
|
||||
public MPMasterKey(final String fullName, final char[] masterPassword) {
|
||||
|
||||
this.fullName = fullName;
|
||||
this.masterPassword = masterPassword;
|
||||
this.masterPassword = masterPassword.clone();
|
||||
Arrays.fill( masterPassword, (char) 0 );
|
||||
}
|
||||
|
||||
@Nonnull
|
||||
@@ -162,7 +163,7 @@ public class MPMasterKey {
|
||||
*/
|
||||
public String siteState(final String siteName, final MPAlgorithm algorithm, final UnsignedInteger siteCounter,
|
||||
final MPKeyPurpose keyPurpose, @Nullable final String keyContext,
|
||||
final MPResultType resultType, @Nullable final String resultParam)
|
||||
final MPResultType resultType, final String resultParam)
|
||||
throws MPKeyUnavailableException {
|
||||
|
||||
Preconditions.checkNotNull( resultParam );
|
||||
|
||||
@@ -125,7 +125,7 @@ public class MPAlgorithmV0 extends MPAlgorithm {
|
||||
case Template:
|
||||
return siteResultFromTemplate( masterKey, siteKey, resultType, resultParam );
|
||||
case Stateful:
|
||||
return siteResultFromState( masterKey, siteKey, resultType, resultParam );
|
||||
return siteResultFromState( masterKey, siteKey, resultType, Preconditions.checkNotNull( resultParam ) );
|
||||
case Derive:
|
||||
return siteResultFromDerive( masterKey, siteKey, resultType, resultParam );
|
||||
}
|
||||
@@ -170,7 +170,7 @@ public class MPAlgorithmV0 extends MPAlgorithm {
|
||||
|
||||
@Override
|
||||
public String siteResultFromState(final byte[] masterKey, final byte[] siteKey,
|
||||
final MPResultType resultType, @Nullable final String resultParam) {
|
||||
final MPResultType resultType, final String resultParam) {
|
||||
|
||||
Preconditions.checkNotNull( resultParam );
|
||||
Preconditions.checkArgument( !resultParam.isEmpty() );
|
||||
|
||||
@@ -57,6 +57,7 @@ public interface MPUser<S extends MPSite<?>> extends Comparable<MPUser<?>> {
|
||||
* Note: If a keyID is not set, authentication will always succeed and the keyID will be set to match the given master password.
|
||||
*
|
||||
* @param masterPassword The password to authenticate with.
|
||||
* You cannot re-use this array after passing it in, authentication will destroy its contents.
|
||||
*
|
||||
* @throws MPIncorrectMasterPasswordException If authentication fails due to the given master password not matching the user's keyID.
|
||||
*/
|
||||
|
||||
@@ -123,7 +123,7 @@ public abstract class MPBasicSite<Q extends MPQuestion> implements MPSite<Q> {
|
||||
}
|
||||
|
||||
protected String getState(final MPKeyPurpose keyPurpose, @Nullable final String keyContext,
|
||||
@Nullable final UnsignedInteger counter, final MPResultType type, @Nullable final String state)
|
||||
@Nullable final UnsignedInteger counter, final MPResultType type, final String state)
|
||||
throws MPKeyUnavailableException {
|
||||
|
||||
return getUser().getMasterKey().siteState(
|
||||
|
||||
Reference in New Issue
Block a user