Package org.elasticsearch.common.settings

Class SecureString

org.elasticsearch.common.settings.SecureString
All Implemented Interfaces:
, ,
public final class SecureString extends implements ,
A String implementations which allows clearing the underlying char array.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecureString​(char[] chars)
    Constructs a new SecureString which controls the passed in char array.
     s)
    Deprecated.
    Only use for compatibility between deprecated string settings and new secure strings

  • Method Summary

    Modifier and Type
    Method
    Description
    char
    charAt​(int index)
     
    SecureString
    clone()
    Returns a new copy of this object that is backed by its own char array.
    void
    close()
    Closes the string by clearing the underlying char array.
    boolean
     o)
    Constant time equality to avoid potential timing attacks.
    char[]
    getChars()
    Returns the underlying char[].
    int
    hashCode()
     
    int
    length()
     
    SecureString
    subSequence​(int start, int end)
     
    toString()
    Convert to a .

    Methods inherited from class java.lang.

    , , , , , ,

    Methods inherited from interface java.lang.

    , ,

  • Constructor Details

    • SecureString

      public SecureString(char[] chars)
      Constructs a new SecureString which controls the passed in char array. Note: When this instance is closed, the array will be zeroed out.

    • SecureString

      public SecureString( s)
      Deprecated.
      Only use for compatibility between deprecated string settings and new secure strings
      Constructs a new SecureString from an existing String. NOTE: This is not actually secure, since the provided String cannot be deallocated, but this constructor allows for easy compatibility between new and old apis.

  • Method Details

    • equals

      public boolean equals( o)
      Constant time equality to avoid potential timing attacks.
      Overrides:
       in class 

    • hashCode

      public int hashCode()
      Overrides:
       in class 

    • length

      public int length()
      Specified by:
       in interface 

    • charAt

      public char charAt(int index)
      Specified by:
       in interface 

    • subSequence

      public SecureString subSequence(int start, int end)
      Specified by:
       in interface 

    • toString

      public  toString()
      Convert to a . This should only be used with APIs that do not take .
      Specified by:
       in interface 
      Overrides:
       in class 

    • close

      public void close()
      Closes the string by clearing the underlying char array.
      Specified by:
       in interface 
      Specified by:
       in interface 

    • clone

      public SecureString clone()
      Returns a new copy of this object that is backed by its own char array. Closing the new instance has no effect on the instance it was created from. This is useful for APIs which accept a char array and you want to be safe about the API potentially modifying the char array. For example: 
           try (SecureString copy = secureString.clone()) {
         // pass thee char[] to a external API
         PasswordAuthentication auth = new PasswordAuthentication(username, copy.getChars());
         ...
     }
      Overrides:
       in class 

    • getChars

      public char[] getChars()
      Returns the underlying char[]. This is a dangerous operation as the array may be modified while it is being used by other threads or a consumer may modify the values in the array. For safety, it is preferable to use clone() and pass its chars to the consumer when the chars are needed multiple times.