From 3bd757820d295d1bf98c2dccbae18421f8b47a0b Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 15 Jun 2011 21:54:27 +0000
Subject: [PATCH] Fix OPENDJ-202: All bind request APIs should take byte or char arrays for passwords

---
 opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/SimpleBindRequest.java |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/SimpleBindRequest.java b/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/SimpleBindRequest.java
index ab91c96..f4ae287 100644
--- a/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/SimpleBindRequest.java
+++ b/opendj3/opendj-ldap-sdk/src/main/java/org/forgerock/opendj/ldap/requests/SimpleBindRequest.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2009-2010 Sun Microsystems, Inc.
+ *      Portions copyright 2011 ForgeRock AS
  */
 
 package org.forgerock.opendj.ldap.requests;
@@ -31,7 +32,6 @@
 
 import java.util.List;
 
-import org.forgerock.opendj.ldap.ByteString;
 import org.forgerock.opendj.ldap.DecodeException;
 import org.forgerock.opendj.ldap.DecodeOptions;
 import org.forgerock.opendj.ldap.ErrorResultException;
@@ -105,11 +105,15 @@
    * Returns the password of the Directory object that the client wishes to bind
    * as. The password may be empty (but never {@code null}) when used for of
    * anonymous or unauthenticated binds.
+   * <p>
+   * Unless otherwise indicated, implementations will store a reference to the
+   * returned password byte array, allowing applications to overwrite the
+   * password after it has been used.
    *
    * @return The password of the Directory object that the client wishes to bind
    *         as.
    */
-  ByteString getPassword();
+  byte[] getPassword();
 
 
 
@@ -142,6 +146,10 @@
    * Sets the password of the Directory object that the client wishes to bind
    * as. The password may be empty (but never {@code null}) when used for of
    * anonymous or unauthenticated binds.
+   * <p>
+   * Unless otherwise indicated, implementations will store a reference to the
+   * provided password byte array, allowing applications to overwrite the
+   * password after it has been used.
    *
    * @param password
    *          The password of the Directory object that the client wishes to
@@ -153,7 +161,7 @@
    * @throws NullPointerException
    *           If {@code password} was {@code null}.
    */
-  SimpleBindRequest setPassword(ByteString password)
+  SimpleBindRequest setPassword(byte[] password)
       throws UnsupportedOperationException, NullPointerException;
 
 

--
Gitblit v1.10.0