gemmellr commented on a change in pull request #3851:
URL: https://github.com/apache/activemq-artemis/pull/3851#discussion_r753106726
##########
File path:
artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java
##########
@@ -188,6 +208,16 @@ public String encode(String secret) throws Exception {
BigInteger n = new BigInteger(encoding);
return n.toString(16);
}
+
+ @Override
+ public boolean verify(char[] inputValue, String storedValue) {
+ try {
+ return Objects.equals(storedValue,
encode(String.valueOf(inputValue)));
Review comment:
Match/compatible in what way though? The existing encode/decode methods
args are blindly assumed _unchecked_ to have to be String. The broker only
expects and provides String objects for those method, with the overall type
used also hard coded to require a SensitiveDataCodec\<String\>.
For SecureHashProcessor compare(), it is [_still_] fixed to char[] + String,
as is DefaultSensitiveStringCodec verify (and its internal CodecAlgorithm,
which doesnt actually use Object for any of the methods). It seems that adding
e.g SensitiveDataCodec.verify(char[], T) would be nicer and/or simpler, easily
get rid of a bunch of duplication and unnecessary arg validation. A verify(T,
T) could be added compatibly later if actually needed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
