diff options
| author | Jesse Morgan <jesse@jesterpm.net> | 2016-03-20 09:38:03 -0700 |
|---|---|---|
| committer | Jesse Morgan <jesse@jesterpm.net> | 2016-03-20 09:38:03 -0700 |
| commit | 881b24811e42240b9af88e9adf21736c212c27a9 (patch) | |
| tree | 4be2d8407e1c0c4169cf3d0160f7c1dccb945c0e | |
| parent | 1b4fe7eb6ed4999bd49bf458815bce124f85861c (diff) | |
Changing GetIndividualProfilesRequest to use char[] for password.
4 files changed, 82 insertions, 9 deletions
diff --git a/src/main/java/com/p4square/ccbapi/CCBAPIClient.java b/src/main/java/com/p4square/ccbapi/CCBAPIClient.java index 782f305..ee309c6 100644 --- a/src/main/java/com/p4square/ccbapi/CCBAPIClient.java +++ b/src/main/java/com/p4square/ccbapi/CCBAPIClient.java @@ -81,7 +81,19 @@ public class CCBAPIClient implements CCBAPI { // Use individual_profile_from_login_password (login, password) serviceName = "individual_profile_from_login_password"; params.put("login", request.getLogin()); - params.put("password", request.getPassword()); + /* + TODO: Don't convert password char[] to String. + The whole purpose behind keeping the password in a char[] is + so that it can be zeroed out in the heap when its no longer + needed. + Unfortunately Church Community Builder decided to send the + user's password, among other sensitive fields, as a query + parameter. Since the query string has to be a String, I'll go + ahead and convert the password to String here. + The library's public interface will use char[] to make the + switch easier if CCB provides a more sane alternative. + */ + params.put("password", new String(request.getPassword())); } else if (request.getRoutingNumber() != null && request.getAccountNumber() != null) { // Use individual_profile_from_micr (account_number, routing_number) diff --git a/src/main/java/com/p4square/ccbapi/model/GetIndividualProfilesRequest.java b/src/main/java/com/p4square/ccbapi/model/GetIndividualProfilesRequest.java index 589de3c..93bb8c5 100644 --- a/src/main/java/com/p4square/ccbapi/model/GetIndividualProfilesRequest.java +++ b/src/main/java/com/p4square/ccbapi/model/GetIndividualProfilesRequest.java @@ -1,6 +1,7 @@ package com.p4square.ccbapi.model; import java.time.LocalDate; +import java.util.Arrays; /** * GetIndividualProfilesRequest is the set of options for retrieving individual profiles. @@ -18,7 +19,7 @@ public class GetIndividualProfilesRequest { // Used with individual_profile_from_login_password private String login; - private String password; + private char[] password; // Used with individual_profile_from_micr private String routingNumber; @@ -31,7 +32,7 @@ public class GetIndividualProfilesRequest { /** * Request the IndividualProfile for the given individual id. * - * This option is mutually exclusive with {@link #withLoginPassword(String, String)} + * This option is mutually exclusive with {@link #withLoginPassword(String, char[])} * and {@link #withMICR(String, String)}. * * @param id The id. @@ -39,7 +40,8 @@ public class GetIndividualProfilesRequest { */ public GetIndividualProfilesRequest withIndividualId(final int id) { this.id = id; - this.login = this.password = this.accountNumber = this.routingNumber = null; + this.password = new char[0]; + this.login = this.accountNumber = this.routingNumber = null; return this; } @@ -47,7 +49,7 @@ public class GetIndividualProfilesRequest { return login; } - public String getPassword() { + public char[] getPassword() { return password; } @@ -61,7 +63,7 @@ public class GetIndividualProfilesRequest { * @param password The individual's password. * @return this. */ - public GetIndividualProfilesRequest withLoginPassword(final String login, final String password) { + public GetIndividualProfilesRequest withLoginPassword(final String login, final char[] password) { this.login = login; this.password = password; this.id = 0; @@ -81,7 +83,7 @@ public class GetIndividualProfilesRequest { * Request the IndividualProfile for the given bank account information. * * This option is mutually exclusive with {@link #withIndividualId(int)} - * and {@link #withLoginPassword(String, String)}. + * and {@link #withLoginPassword(String, char[])}. * * @param routingNumber The individual's bank routing number. * @param accountNumber The individual's bank account number. @@ -156,4 +158,62 @@ public class GetIndividualProfilesRequest { this.perPage = perPage; return this; } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + + GetIndividualProfilesRequest that = (GetIndividualProfilesRequest) o; + + if (getPage() != that.getPage()) { + return false; + } + if (getPerPage() != that.getPerPage()) { + return false; + } + if (getId() != that.getId()) { + return false; + } + if (getModifiedSince() != null ? + !getModifiedSince().equals(that.getModifiedSince()) : that.getModifiedSince() != null) { + return false; + } + if (getIncludeInactive() != null ? + !getIncludeInactive().equals(that.getIncludeInactive()) : that.getIncludeInactive() != null) { + return false; + } + if (getLogin() != null ? + !getLogin().equals(that.getLogin()) : that.getLogin() != null) { + return false; + } + if (getPassword() != null ? !Arrays.equals(getPassword(), that.getPassword()) : that.getPassword() != null) { + return false; + } + if (getRoutingNumber() != null ? + !getRoutingNumber().equals(that.getRoutingNumber()) : that.getRoutingNumber() != null) { + return false; + } + + return getAccountNumber() != null ? + getAccountNumber().equals(that.getAccountNumber()) : that.getAccountNumber() == null; + } + + @Override + public int hashCode() { + int result = getModifiedSince() != null ? getModifiedSince().hashCode() : 0; + result = 31 * result + (getIncludeInactive() != null ? getIncludeInactive().hashCode() : 0); + result = 31 * result + getPage(); + result = 31 * result + getPerPage(); + result = 31 * result + getId(); + result = 31 * result + (getLogin() != null ? getLogin().hashCode() : 0); + result = 31 * result + (getPassword() != null ? Arrays.hashCode(getPassword()) : 0); + result = 31 * result + (getRoutingNumber() != null ? getRoutingNumber().hashCode() : 0); + result = 31 * result + (getAccountNumber() != null ? getAccountNumber().hashCode() : 0); + return result; + } } diff --git a/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java b/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java index e722e9a..b15d16f 100644 --- a/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java +++ b/src/test/java/com/p4square/ccbapi/CCBAPIClientTest.java @@ -142,7 +142,8 @@ public class CCBAPIClientTest { EasyMock.replay(mockHttpClient); // Test individual_profile_from_login_password. - GetIndividualProfilesRequest request = new GetIndividualProfilesRequest().withLoginPassword("user", "pass"); + GetIndividualProfilesRequest request = new GetIndividualProfilesRequest() + .withLoginPassword("user", "pass".toCharArray()); GetIndividualProfilesResponse response = client.getIndividualProfiles(request); // Verify results. diff --git a/src/test/java/com/p4square/ccbapi/model/GetCustomFieldLabelsResponseTest.java b/src/test/java/com/p4square/ccbapi/model/GetCustomFieldLabelsResponseTest.java index 549b8e9..2509514 100644 --- a/src/test/java/com/p4square/ccbapi/model/GetCustomFieldLabelsResponseTest.java +++ b/src/test/java/com/p4square/ccbapi/model/GetCustomFieldLabelsResponseTest.java @@ -14,7 +14,7 @@ public class GetCustomFieldLabelsResponseTest extends XmlBinderTestBase { */ @Test public void testGetCustomFieldLabelsResponse() throws Exception { - final GetCustomFieldLabelsResponse response = parseFile("ccb_custom_labels_response.xml", + final GetCustomFieldLabelsResponse response = parseFile("ccb_custom_field_labels_response.xml", GetCustomFieldLabelsResponse.class); assertNull("Response should not have errors", response.getErrors()); |