Remove NUL padding when reading secrets from stdin (#76)

* Respect the limit when converting a ByteBuffer to an array

* Explicitly make use of 'position' + clean up intermediate storage

* Don't clear wrapped char array twice

* Move 'asBytes()' to 'SecretValueConverter' + add tests

Author: jwarlander

cli/src/main/java/com/schibsted/security/strongbox/cli/viewmodel/SecretModel.java

@@ -144,7 +144,7 @@ private byte[] fromStdin() {
                 if (secretValue == null) {
                     throw new IllegalArgumentException("A secret value must be specified");
                 }
-                return asBytes(secretValue);
+                return SecretValueConverter.asBytes(secretValue);
             } else {
                 // Piped in
                 return IOUtils.toByteArray(inputStream);
@@ -164,15 +164,6 @@ private static byte[] extractValueFromFile(String valueFile) {
         }
     }
 
-    private byte[] asBytes(char[] chars) {
-        CharBuffer charBuffer = CharBuffer.wrap(chars);
-        ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
-
-        BestEffortShredder.shred(chars);
-
-        return byteBuffer.array();
-    }
-
     private static int booleanIfExists(String value) {
         return (value != null) ? 1 : 0;
     }

sdk/src/main/java/com/schibsted/security/strongbox/sdk/internal/converter/SecretValueConverter.java

@@ -8,6 +8,9 @@
 import com.schibsted.security.strongbox.sdk.types.SecretType;
 import com.schibsted.security.strongbox.sdk.types.SecretValue;
 
+import java.nio.ByteBuffer;
+import java.nio.CharBuffer;
+import java.nio.charset.Charset;
 import java.util.Arrays;
 
 /**
@@ -28,4 +31,15 @@ public static SecretValue inferEncoding(byte[] value, SecretType secretType) {
             return new SecretValue(value, secretType);
         }
     }
+
+    public static byte[] asBytes(char[] chars) {
+        CharBuffer charBuffer = CharBuffer.wrap(chars);
+        ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
+        byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
+
+        BestEffortShredder.shred(charBuffer.array());
+        BestEffortShredder.shred(byteBuffer.array());
+
+        return bytes;
+    }
 }

sdk/src/test/java/com/schibsted/security/strongbox/sdk/SecretValueConverterTest.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2018 Schibsted Products & Technology AS. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+ */
+
+package com.schibsted.security.strongbox.sdk;
+
+import com.schibsted.security.strongbox.sdk.internal.converter.SecretValueConverter;
+import org.testng.annotations.Test;
+
+import java.nio.charset.Charset;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.core.Is.is;
+
+/**
+ * @author jwarlander
+ */
+public class SecretValueConverterTest {
+    @Test
+    public void chars_to_bytes() {
+        String str = "beeboopfoobarblahblahthisisalongstringyeah";
+        char[] charsFromString = str.toCharArray();
+        byte[] bytesFromString = str.getBytes(Charset.forName("UTF-8"));
+        assertThat(SecretValueConverter.asBytes(charsFromString), is(bytesFromString));
+
+        // Our initial char array above should be shredded now; eg. only nulls
+        char[] emptyCharArray = new char[bytesFromString.length];
+        assertThat(charsFromString, is(emptyCharArray));
+    }
+}