public class PasswordMasker
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static class |
PasswordMasker.StreamMasker
Masks an InputStream by overwriting blank characters to the PrintStream
corresponding to its output.
|
Constructor and Description |
---|
PasswordMasker() |
Modifier and Type | Method and Description |
---|---|
protected static char[] |
checkBuffer(char[] buffer,
int offset)
Checks if buffer is sufficiently large to store an element at an index == offset.
|
static void |
eraseChars(char[] buffer)
If buffer is not null, fills buffer with space (' ') chars.
|
static void |
main(java.lang.String[] args) |
static char[] |
readConsoleSecure(java.lang.String prompt)
Reads and returns some sensitive piece of information (e.g. a password)
from the console (i.e.
|
protected static char[] |
readLineSecure(java.io.PushbackInputStream in)
Reads chars from in until an end-of-line sequence (EOL) or end-of-file (EOF) is encountered,
and then returns the data as a char[].
|
public static void main(java.lang.String[] args) throws java.lang.Exception
java.lang.Exception
public static final char[] readConsoleSecure(java.lang.String prompt) throws java.io.IOException, java.lang.InterruptedException
For top security, all console input is masked out while the user types in the password.
Once the user presses enter, the password is read via a call to readLineSecure(in)
,
using a PushbackInputStream that wraps System.in.
This method never returns null.
java.io.IOException
- if an I/O problem occursjava.lang.InterruptedException
- if the calling thread is interrupted while it is waiting at some pointprotected static final char[] readLineSecure(java.io.PushbackInputStream in) throws java.lang.IllegalArgumentException, java.io.IOException
The EOL sequence may be any of the standard formats: '\n' (unix), '\r' (mac), "\r\n" (dos). The EOL sequence is always completely read off the stream but is never included in the result. Note: this means that the result will never contain the chars '\n' or '\r'. In order to guarantee reading thru but not beyond the EOL sequence for all formats (unix, mac, dos), this method requires that a PushbackInputStream and not a more general InputStream be supplied.
The code is secure: no Strings are used, only char arrays, and all such arrays other than the result are guaranteed to be blanked out after last use to ensure privacy. Thus, this method is suitable for reading in sensitive information such as passwords.
This method never returns null; if no data before the EOL or EOF is read, a zero-length char[] is returned.
java.lang.IllegalArgumentException
- if in == nulljava.io.IOException
- if an I/O problem occursprotected static final char[] checkBuffer(char[] buffer, int offset) throws java.lang.IllegalArgumentException
java.lang.IllegalArgumentException
- if buffer == null; offset < 0public static final void eraseChars(char[] buffer)