The org.wildfly.security.password.interfaces.OneTimePassword interface contains getSeed() method which is of type byte[]. The more proper type seems to be a String (or char[]).
The OneTimePassword interface type description says:
A one-time password, used by the OTP SASL mechanism.
The OTP RFC 2289 says
The seed MUST consist of purely alphanumeric characters and MUST be of one to 16 characters in length. The seed is a string of characters that MUST not contain any blanks and SHOULD consist of strictly alphanumeric characters from the ISO-646 Invariant Code Set. The seed MUST be case insensitive and MUST be internally converted to lower case before it is processed.
Suggested fix:
Change the getSeed() method type to String.
- is cloned by
-
ELY-1288 Elytron: OTP seed as byte array instead of String
- Resolved
- is incorporated by
-
JBEAP-11931 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta30
- Closed
- relates to
-
JBEAP-12140 Elytron - OTP seed attribute in ldap-realm is Base64 encoded
- Closed