Class SecureString

java.lang.Object
org.elasticsearch.common.settings.SecureString
All Implemented Interfaces:
Closeable, AutoCloseable, CharSequence, Releasable

public final class SecureString extends Object implements CharSequence, Releasable
A String implementations which allows clearing the underlying char array.
  • Constructor Details

    • SecureString

      public SecureString(char[] chars)
      Constructs a new SecureString which controls the passed in char array. Note: When this instance is closed, the array will be zeroed out.
    • SecureString

      @Deprecated public SecureString(String s)
      Deprecated.
      Only use for compatibility between deprecated string settings and new secure strings
      Constructs a new SecureString from an existing String. NOTE: This is not actually secure, since the provided String cannot be deallocated, but this constructor allows for easy compatibility between new and old apis.
  • Method Details

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object
    • equals

      public boolean equals(CharSequence that)
      Constant time equality to avoid potential timing attacks.
    • startsWith

      public boolean startsWith(CharSequence other)
    • regionMatches

      public boolean regionMatches(int thisOffset, CharSequence other, int otherOffset, int len)
      Compare the characters in this SecureString from thisOffset to thisOffset + len against that characters in other from otherOffset to otherOffset + len
      This operation is performed in constant time (relative to len)
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • length

      public int length()
      Specified by:
      length in interface CharSequence
    • charAt

      public char charAt(int index)
      Specified by:
      charAt in interface CharSequence
    • subSequence

      public SecureString subSequence(int start, int end)
      Specified by:
      subSequence in interface CharSequence
    • toString

      public String toString()
      Convert to a String. This should only be used with APIs that do not take CharSequence.
      Specified by:
      toString in interface CharSequence
      Overrides:
      toString in class Object
    • close

      public void close()
      Closes the string by clearing the underlying char array.
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Specified by:
      close in interface Releasable
    • clone

      public SecureString clone()
      Returns a new copy of this object that is backed by its own char array. Closing the new instance has no effect on the instance it was created from. This is useful for APIs which accept a char array and you want to be safe about the API potentially modifying the char array. For example:
           try (SecureString copy = secureString.clone()) {
               // pass thee char[] to a external API
               PasswordAuthentication auth = new PasswordAuthentication(username, copy.getChars());
               ...
           }
       
      Overrides:
      clone in class Object
    • getChars

      public char[] getChars()
      Returns the underlying char[]. This is a dangerous operation as the array may be modified while it is being used by other threads or a consumer may modify the values in the array. For safety, it is preferable to use clone() and pass its chars to the consumer when the chars are needed multiple times.