From 3bd757820d295d1bf98c2dccbae18421f8b47a0b Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 15 Jun 2011 21:54:27 +0000
Subject: [PATCH] Fix OPENDJ-202: All bind request APIs should take byte or char arrays for passwords

---
 opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/GSSAPISASLBindRequest.java |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/GSSAPISASLBindRequest.java b/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/GSSAPISASLBindRequest.java
index a981e7f..9a1df37 100644
--- a/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/GSSAPISASLBindRequest.java
+++ b/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/GSSAPISASLBindRequest.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2010 Sun Microsystems, Inc.
+ *      Portions copyright 2011 ForgeRock AS
  */
 
 package org.forgerock.opendj.ldap.requests;
@@ -35,7 +36,6 @@
 import javax.security.auth.Subject;
 
 import org.forgerock.i18n.LocalizedIllegalArgumentException;
-import org.forgerock.opendj.ldap.ByteString;
 import org.forgerock.opendj.ldap.DecodeException;
 import org.forgerock.opendj.ldap.DecodeOptions;
 import org.forgerock.opendj.ldap.ErrorResultException;
@@ -270,11 +270,15 @@
   /**
    * Returns the password of the user that the client wishes to bind as.
    * <p>
+   * Unless otherwise indicated, implementations will store a reference to the
+   * returned password byte array, allowing applications to overwrite the
+   * password after it has been used.
+   * <p>
    * <b>NOTE</b>: this will not be used if a {@code Subject} is specified.
    *
    * @return The password of the user that the client wishes to bind as.
    */
-  ByteString getPassword();
+  byte[] getPassword();
 
 
 
@@ -431,6 +435,10 @@
   /**
    * Sets the password of the user that the client wishes to bind as.
    * <p>
+   * Unless otherwise indicated, implementations will store a reference to the
+   * provided password byte array, allowing applications to overwrite the
+   * password after it has been used.
+   * <p>
    * <b>NOTE</b>: this will not be used if a {@code Subject} is specified.
    *
    * @param password
@@ -442,7 +450,7 @@
    * @throws NullPointerException
    *           If {@code password} was {@code null}.
    */
-  GSSAPISASLBindRequest setPassword(ByteString password)
+  GSSAPISASLBindRequest setPassword(byte[] password)
       throws UnsupportedOperationException, NullPointerException;
 
 

--
Gitblit v1.10.0