Package org.flasby.crypto
Class SecureString
java.lang.Object
org.flasby.crypto.SecureString
- All Implemented Interfaces:
AutoCloseable,CharSequence
This is not a string but a CharSequence that can be cleared of its memory. Important for handling
passwords. Represents text that should be kept confidential, such as by deleting it from memory
when no longer needed or garbaged collected.
Modified from an original post in stackoverflow by Melloware who modified something from OWASP.
-
Constructor Summary
ConstructorsConstructorDescriptionSecureString(int start, int end, CharSequence original) SecureString(CharSequence original) -
Method Summary
Modifier and TypeMethodDescriptionasString()Convert array back to String but not using toString().charcharAt(int i) voidclear()Manually clear the underlying array holding the charactersvoidclose()intlength()subSequence(int start, int end) toString()Protect against using this class in log statements.Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface java.lang.CharSequence
chars, codePoints, isEmpty
-
Constructor Details
-
SecureString
-
SecureString
-
-
Method Details
-
charAt
public char charAt(int i) - Specified by:
charAtin interfaceCharSequence
-
length
public int length()- Specified by:
lengthin interfaceCharSequence
-
subSequence
- Specified by:
subSequencein interfaceCharSequence
-
asString
Convert array back to String but not using toString(). See toString() docs below. Calling should be avoided as it leaves passwords in memory which can't be cleared. -
clear
public void clear()Manually clear the underlying array holding the characters -
toString
Protect against using this class in log statements.- Specified by:
toStringin interfaceCharSequence- Overrides:
toStringin classObject
-
close
public void close()- Specified by:
closein interfaceAutoCloseable
-