Class PasswordReader

java.lang.Object
  PasswordReader

public class PasswordReader
extends java.lang.Object

Nested Class Summary

static class

PasswordReader.StreamMasker Masks an InputStream by overwriting blank chars to the PrintStream corresponding to its output.

Constructor Summary

PasswordReader()

Method Summary

static char[]	checkBuffer(char[] buffer, int offset) Checks if buffer is sufficiently large to store an element at an index == offset.
static void	eraseChars(char[] buffer) If buffer is not null, fills buffer with space (' ') chars.
static char[]	readConsoleSecure(java.lang.String prompt) Reads and returns some sensitive piece of information (e.g.
static char[]	readLineSecure(java.io.PushbackInputStream in) Reads chars from in until an end-of-line sequence (EOL) or end-of-file (EOF) is encountered, and then returns the data as a char[].

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordReader

public PasswordReader()

Method Detail

readConsoleSecure

public static final char[] readConsoleSecure(java.lang.String prompt)
                                      throws java.io.IOException,
                                             java.lang.InterruptedException

Reads and returns some sensitive piece of information (e.g. a password) from the console (i.e. System.in and System.out) in a secure manner.

For top security, all console input is masked out while the user types in the password. Once the user presses enter, the password is read via a call to readLineSecure(in), using a PushbackInputStream that wraps System.in.

This method never returns null.

Throws:

java.io.IOException - if an I/O problem occurs

java.lang.InterruptedException - if the calling thread is interrupted while it is waiting at some point This is taken from bbatman's post: The DEFINITIVE thread on secure password entry (console, gui, code reviews)

readLineSecure

public static final char[] readLineSecure(java.io.PushbackInputStream in)
                                   throws java.lang.IllegalArgumentException,
                                          java.io.IOException

Reads chars from in until an end-of-line sequence (EOL) or end-of-file (EOF) is encountered, and then returns the data as a char[].

The EOL sequence may be any of the standard formats: '\n' (unix), '\r' (mac), "\r\n" (dos). The EOL sequence is always completely read off the stream but is never included in the result. Note: this means that the result will never contain the chars '\n' or '\r'. In order to guarantee reading thru but not beyond the EOL sequence for all formats (unix, mac, dos), this method requires that a PushbackInputStream and not a more general InputStream be supplied.

The code is secure: no Strings are used, only char arrays, and all such arrays other than the result are guaranteed to be blanked out after last use to ensure privacy. Thus, this method is suitable for reading in sensitive information such as passwords.

This method never returns null; if no data before the EOL or EOF is read, a zero-length char[] is returned.

Throws:

java.lang.IllegalArgumentException - if in == null

java.io.IOException - if an I/O problem occurs

See Also:

Password based encryption code examples from JCE documentation

checkBuffer

public static final char[] checkBuffer(char[] buffer,
                                       int offset)
                                throws java.lang.IllegalArgumentException

Checks if buffer is sufficiently large to store an element at an index == offset. If it is, then buffer is simply returned. If it is not, then a new char[] of more than sufficient size is created and initialized with buffer's current elements and returned; the original supplied buffer is guaranteed to be blanked out upon method return in this case.

Throws:

java.lang.IllegalArgumentException - if buffer == null; offset < 0

eraseChars

public static final void eraseChars(char[] buffer)

If buffer is not null, fills buffer with space (' ') chars.