szetszwo commented on code in PR #19082:
URL: https://github.com/apache/kafka/pull/19082#discussion_r1981829797
##########
clients/src/main/java/org/apache/kafka/common/security/scram/internals/ScramSaslClient.java:
##########
@@ -190,7 +190,7 @@ private void setState(State state) {
private ClientFinalMessage handleServerFirstMessage(char[] password)
throws SaslException {
try {
- byte[] passwordBytes = ScramFormatter.normalize(new
String(password));
+ byte[] passwordBytes = ScramFormatter.normalize(new
String(password).toCharArray());
Review Comment:
Why not simply passing the password as below?
```java
byte[] passwordBytes = ScramFormatter.normalize(password);
```
##########
metadata/src/main/java/org/apache/kafka/metadata/storage/ScramParser.java:
##########
@@ -173,7 +173,9 @@ byte[] saltedPassword(byte[] salt, int iterations) throws
Exception {
return configuredSaltedPassword.get();
}
return new ScramFormatter(mechanism).saltedPassword(
- configuredPasswordString.get(),
+ configuredPasswordString
Review Comment:
Similarly, it would be better if we change `configuredPasswordString ` to
not using String.
##########
core/src/main/scala/kafka/server/DelegationTokenManager.scala:
##########
@@ -106,7 +106,7 @@ class DelegationTokenManager(val config: KafkaConfig,
val scramCredentialMap = mutable.Map[String, ScramCredential]()
def scramCredential(mechanism: ScramMechanism): ScramCredential = {
- new ScramFormatter(mechanism).generateCredential(hmacString,
mechanism.minIterations)
+ new ScramFormatter(mechanism).generateCredential(hmacString.toCharArray,
mechanism.minIterations)
Review Comment:
It would be better if we change `hmacString` to not using String.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
