X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FDigestUtils.java;h=f6a237bcc0e4e355dd464af70c180c49bfeb45ff;hb=a5459b7f0a4ce0463b950efd5c776368fe169256;hp=d8f8ce9d5d87d018a79684507448d157adcabbd3;hpb=6ecc30c54a64fb658aa7949349b05d655ff386a8;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/DigestUtils.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/DigestUtils.java
index d8f8ce9d5..f6a237bcc 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/DigestUtils.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/DigestUtils.java
@@ -1,7 +1,12 @@
 package org.argeo.osgi.useradmin;
 
+import java.nio.ByteBuffer;
+import java.nio.CharBuffer;
+import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
+import java.util.Arrays;
 
+/** Utilities around digests, mostly those related to passwords. */
 class DigestUtils {
 	static byte[] sha1(byte[] bytes) {
 		try {
@@ -14,6 +19,29 @@ class DigestUtils {
 		}
 	}
 
+	static char[] bytesToChars(Object obj) {
+		if (obj instanceof char[])
+			return (char[]) obj;
+		if (!(obj instanceof byte[]))
+			throw new IllegalArgumentException(obj.getClass() + " is not a byte array");
+		ByteBuffer fromBuffer = ByteBuffer.wrap((byte[]) obj);
+		CharBuffer toBuffer = StandardCharsets.UTF_8.decode(fromBuffer);
+		char[] res = Arrays.copyOfRange(toBuffer.array(), toBuffer.position(), toBuffer.limit());
+		// Arrays.fill(fromBuffer.array(), (byte) 0); // clear sensitive data
+		// Arrays.fill((byte[]) obj, (byte) 0); // clear sensitive data
+		// Arrays.fill(toBuffer.array(), '\u0000'); // clear sensitive data
+		return res;
+	}
+
+	static byte[] charsToBytes(char[] chars) {
+		CharBuffer charBuffer = CharBuffer.wrap(chars);
+		ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
+		byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
+		// Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
+		// Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
+		return bytes;
+	}
+
 	private DigestUtils() {
 	}