bb.gui
Class TextFieldSecure.ContentSecure

java.lang.Object
  extended by javax.swing.text.GapContent
      extended by bb.gui.TextFieldSecure.ContentSecure
All Implemented Interfaces:
Serializable, AbstractDocument.Content
Enclosing class:
TextFieldSecure

private static class TextFieldSecure.ContentSecure
extends GapContent

Subclass of GapContent which is designed for high security. This class subclasses GapContent, since GapContent uses a single underlying char[] for its storage which can be zeroed out when use is done. This class also takes care to never write out the sensitive text content during serialization.


Field Summary
private  List<char[]> buffers
          Multiple calls can be made to the allocateArray method.
private static long serialVersionUID
           
 
Constructor Summary
private TextFieldSecure.ContentSecure(int lengthInitial)
          Constructor.
 
Method Summary
protected  Object allocateArray(int length)
          Returns the superclass result, but before returning it, stores it inside buffers.
protected  void finalize()
          First calls super.finalize, then calls zeroOutContent (to guarantee that the content is zeroed out before garbage collection).
protected  Object getArray()
           
protected  int getGapEnd()
           
protected  int getGapStart()
           
protected  void replace(int arg0, int arg1, Object arg2, int arg3)
           
private  void writeObject(ObjectOutputStream oos)
          The default serialization behavior would write out the complete current state of this instance, including the highly sensitive underlying char[] that stores this instance's text content.
private  void zeroOutContent()
          Writes zeroes to the underlying char[] which holds this instance's text contents.
 
Methods inherited from class javax.swing.text.GapContent
createPosition, getArrayLength, getChars, getPositionsInRange, getString, insertString, length, remove, resetMarksAtZero, shiftEnd, shiftGap, shiftGapEndUp, shiftGapStartDown, updateUndoPositions
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

serialVersionUID

private static final long serialVersionUID
See Also:
Constant Field Values

buffers

private transient List<char[]> buffers
Multiple calls can be made to the allocateArray method. And this is true even tho intelligence was put into the length initially allocated by the constructor below. For instance, the user could attempt to paste a big string of text into the enclosing TextFieldSecure, which will cause a large reallocation request. In order to be sure that all buffers that were ever allocated all get zeroed out at some point, the zeroOutContent method needs to access them all, so this field stores them.

Note: would not need to do this if Sun would simply have made the resize method of GapVector protected so that we could override it and zero out each old array just before it is discarded...

Warning: storing all the buffers like this makes this class unsuited for handling large size documents because of all the wasted memory.

Constructor Detail

TextFieldSecure.ContentSecure

private TextFieldSecure.ContentSecure(int lengthInitial)
Constructor.

Method Detail

finalize

protected void finalize()
                 throws Throwable
First calls super.finalize, then calls zeroOutContent (to guarantee that the content is zeroed out before garbage collection).

Overrides:
finalize in class Object
Throws:
Throwable

allocateArray

protected Object allocateArray(int length)
Returns the superclass result, but before returning it, stores it inside buffers.

Overrides:
allocateArray in class GapContent

zeroOutContent

private void zeroOutContent()
Writes zeroes to the underlying char[] which holds this instance's text contents. (Actually, this method zeroes out every buffer that was ever created by the allocateArray method, not just the current one.)


writeObject

private void writeObject(ObjectOutputStream oos)
                  throws IOException
The default serialization behavior would write out the complete current state of this instance, including the highly sensitive underlying char[] that stores this instance's text content. This constitutes a major security breach.

To prevent this catastrophy, this method ensures that only a zeroed out char[] is ever written. The underlying char[] is first copied to a local variable, then zeroed out, then serialization is performed, and then it is restored from the local copy before method return.

So, users of this class need to beware that the serialized object will lose all the text state.

Throws:
IOException

getArray

protected final Object getArray()

getGapStart

protected final int getGapStart()

getGapEnd

protected final int getGapEnd()

replace

protected void replace(int arg0,
                       int arg1,
                       Object arg2,
                       int arg3)