KEYCLOAK-12619 Improve mapped byte buffer cleanup
This commit is contained in:
Hynek Mlnarik
Hynek Mlnařík
parent
c0aa0891cd
commit
f7379086e0
2 changed files with 10 additions and 5 deletions
|
|
@ -26,6 +26,8 @@ import java.util.concurrent.ThreadLocalRandom;
|
||||||
*/
|
*/
|
||||||
public class DefaultVaultRawSecret implements VaultRawSecret {
|
public class DefaultVaultRawSecret implements VaultRawSecret {
|
||||||
|
|
||||||
|
private static final ByteBuffer EMPTY_BUFFER = ByteBuffer.allocate(0);
|
||||||
|
|
||||||
private static final VaultRawSecret EMPTY_VAULT_SECRET = new VaultRawSecret() {
|
private static final VaultRawSecret EMPTY_VAULT_SECRET = new VaultRawSecret() {
|
||||||
@Override
|
@Override
|
||||||
public Optional<ByteBuffer> get() {
|
public Optional<ByteBuffer> get() {
|
||||||
|
|
@ -42,7 +44,7 @@ public class DefaultVaultRawSecret implements VaultRawSecret {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private final ByteBuffer rawSecret;
|
private ByteBuffer rawSecret;
|
||||||
|
|
||||||
private byte[] secretArray;
|
private byte[] secretArray;
|
||||||
|
|
||||||
|
|
@ -80,9 +82,12 @@ public class DefaultVaultRawSecret implements VaultRawSecret {
|
||||||
public void close() {
|
public void close() {
|
||||||
if (rawSecret.hasArray()) {
|
if (rawSecret.hasArray()) {
|
||||||
ThreadLocalRandom.current().nextBytes(rawSecret.array());
|
ThreadLocalRandom.current().nextBytes(rawSecret.array());
|
||||||
} else if (this.secretArray != null) {
|
}
|
||||||
|
if (this.secretArray != null) {
|
||||||
ThreadLocalRandom.current().nextBytes(this.secretArray);
|
ThreadLocalRandom.current().nextBytes(this.secretArray);
|
||||||
|
this.secretArray = null; // dispose of secretArray
|
||||||
}
|
}
|
||||||
rawSecret.clear();
|
rawSecret.clear();
|
||||||
|
rawSecret = EMPTY_BUFFER;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,10 +5,9 @@ import org.junit.Test;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
|
import static org.hamcrest.CoreMatchers.not;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
|
|
@ -154,11 +153,12 @@ public class PlainTextVaultProviderTest {
|
||||||
|
|
||||||
//when
|
//when
|
||||||
VaultRawSecret secretAfterFirstRead = provider.obtainSecret(secretName);
|
VaultRawSecret secretAfterFirstRead = provider.obtainSecret(secretName);
|
||||||
|
assertThat(secretAfterFirstRead, secretContains("secret"));
|
||||||
secretAfterFirstRead.close();
|
secretAfterFirstRead.close();
|
||||||
VaultRawSecret secretAfterSecondRead = provider.obtainSecret(secretName);
|
VaultRawSecret secretAfterSecondRead = provider.obtainSecret(secretName);
|
||||||
|
|
||||||
//then
|
//then
|
||||||
assertThat(secretAfterFirstRead, secretContains("secret"));
|
assertThat(secretAfterFirstRead, not(secretContains("secret")));
|
||||||
assertThat(secretAfterSecondRead, secretContains("secret"));
|
assertThat(secretAfterSecondRead, secretContains("secret"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in a new issue