Postgres Pro
Downloads
Home   >   mailing lists

Thread: [pgjdbc/pgjdbc] dd6000: feat: Change AuthenticationPlugin interface to use...

[pgjdbc/pgjdbc] dd6000: feat: Change AuthenticationPlugin interface to use...

From
Sehrope Sarkuni
Date:
  Branch: refs/heads/master
  Home:   https://github.com/pgjdbc/pgjdbc
  Commit: dd6000e290f55aa79467c85f641f0099c644bf07
      https://github.com/pgjdbc/pgjdbc/commit/dd6000e290f55aa79467c85f641f0099c644bf07
  Author: Sehrope Sarkuni <sehrop@jackdb.com>
  Date:   2022-01-28 (Fri, 28 Jan 2022)

  Changed paths:
    R pgjdbc/src/main/java/org/postgresql/core/AuthenticationPluginManager.java
    A pgjdbc/src/main/java/org/postgresql/core/v3/AuthenticationPluginManager.java
    M pgjdbc/src/main/java/org/postgresql/core/v3/ConnectionFactoryImpl.java
    M pgjdbc/src/main/java/org/postgresql/gss/GSSCallbackHandler.java
    M pgjdbc/src/main/java/org/postgresql/gss/MakeGSS.java
    M pgjdbc/src/main/java/org/postgresql/plugin/AuthenticationPlugin.java
    M pgjdbc/src/test/java/org/postgresql/test/plugin/AuthenticationPluginTest.java

  Log Message:
  -----------
  feat: Change AuthenticationPlugin interface to use char[] rather than String

Changes AuthenticationPlugin interface for dynamic passwords to supply passwords as a
char[] rather than a String. This changes the currently unreleased public interface of
AuthenticationPlugin and allows the driver to clear the user provided char[] array
after it is finished using it for authentication. Users implementing that interface must
ensure that each invocation of the method provides a new char[] array as the contents
will be filled with zeroes by the driver after use.

Call sites within the driver have been updated to use the char[] directly wherever possible.
This includes direct usage in the GSS authentication code paths that internally were already
converting the String password into a char[] for internal usage.

The SASL (i.e. "SCRAM") internals have not been updated to use a char[] array as the entirety
of that library uses String types for provided passwords. Assuming that it is not exposed in
other parts of the driver, that could be updated as a standalone PR. For now the entrypoint
from the ConnectionFactoryImpl into the SASL library simply converts the char[] array to
a String at it's single usage point.

Co-Authored-By: Vladimir Sitnikov <sitnikov.vladimir@gmail.com>