From 803d4171bf24e82612c526d65de77aa580c8a62f Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Sat, 4 Apr 2020 19:43:35 +0200 Subject: Delete password from memory in AuthenticationManager Zero out the password to remove it from memory after use. This is only a first step, implementing it for one method: `AuthenticationManager.authenticate(String, char[], String)`. --- src/main/java/com/gitblit/utils/StringUtils.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/main/java/com/gitblit/utils/StringUtils.java') diff --git a/src/main/java/com/gitblit/utils/StringUtils.java b/src/main/java/com/gitblit/utils/StringUtils.java index b192c80b..442acbbf 100644 --- a/src/main/java/com/gitblit/utils/StringUtils.java +++ b/src/main/java/com/gitblit/utils/StringUtils.java @@ -56,6 +56,21 @@ public class StringUtils { return value == null || value.trim().length() == 0; } + /** + * Returns true if the character array represents an empty String. + * An empty character sequence is defined as a sequence that + * either has no characters at all, or no characters above + * '\u0020' (space). + * + * @param value + * @return true if value is null or represents an empty String + */ + public static boolean isEmpty(char[] value) { + if (value == null || value.length == 0) return true; + for ( char c : value) if (c > '\u0020') return false; + return true; + } + /** * Replaces carriage returns and line feeds with html line breaks. * -- cgit v1.2.3