Initial commit (#155).

Author: gmessner

src/main/java/org/gitlab4j/api/utils/Oauth2LoginStreamingOutput.java

@@ -0,0 +1,69 @@
+package org.gitlab4j.api.utils;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.StreamingOutput;
+
+/**
+ * This StreamingOutput implementation is utilized to send a OAuth2 token request
+ * in a secure manner.  The password is never copied to a String, instead it is
+ * contained in a SecretString that is cleared when an instance of this class is finalized.
+ */
+public class Oauth2LoginStreamingOutput implements StreamingOutput, AutoCloseable {
+
+    private final String username;
+    private final SecretString password;
+
+    public Oauth2LoginStreamingOutput(String username, CharSequence password) {
+        this.username = username;
+        this.password = new SecretString(password);
+    }
+
+    public Oauth2LoginStreamingOutput(String username, char[] password) {
+        this.username = username;
+        this.password = new SecretString(password);
+    }
+
+    @Override
+    public void write(OutputStream output) throws IOException, WebApplicationException {
+
+        PrintWriter writer = new PrintWriter(output);
+        writer.append("{ ");
+        writer.append("\"grant_type\": \"password\", ");
+        writer.append("\"username\": \"" + username + "\", ");
+        writer.append("\"password\": ");
+
+        // Output the quoted password
+        writer.append('"');
+        for (int i = 0, length = password.length(); i < length; i++) {
+            char c = password.charAt(i);
+            writer.append(c);
+        }     
+        writer.append('"');
+
+        writer.append(" }");
+        writer.flush();
+        writer.close();
+    }
+
+    /**
+     * Clears the contained password's data.
+     */
+    public void clearPassword() {
+        password.clear();
+    }
+
+    @Override
+    public void close() {
+        password.clear();
+    }
+
+    @Override
+    public void finalize() throws Throwable {
+        clearPassword();
+        super.finalize();
+    }
+}

src/main/java/org/gitlab4j/api/utils/SecretString.java

@@ -0,0 +1,64 @@
+package org.gitlab4j.api.utils;
+
+import java.util.Arrays;
+
+/**
+ * This class implements a CharSequence that can be cleared of it's contained characters.
+ * This class is utilized to pass around secrets (passwords) instead of a String instance.
+ */
+public class SecretString implements CharSequence, AutoCloseable {
+
+    private final char[] chars;
+
+    public SecretString(CharSequence charSequence) {
+
+        int length = charSequence.length();
+        chars = new char[length];
+        for (int i = 0; i < length; i++) {
+            chars[i] = charSequence.charAt(i);
+        }
+    }
+
+    public SecretString(char[] chars) {
+        this(chars, 0, chars.length);
+    }
+
+    public SecretString(char[] chars, int start, int end) {
+        this.chars = new char[end - start];
+        System.arraycopy(chars, start, this.chars, 0, this.chars.length);
+    }
+
+    @Override
+    public char charAt(int index) {
+        return chars[index];
+    }
+
+    @Override
+    public void close() {
+        clear();
+    }
+
+    @Override
+    public int length() {
+        return chars.length;
+    }
+
+    @Override
+    public CharSequence subSequence(int start, int end) {
+        return new SecretString(this.chars, start, end);
+    }
+
+    /**
+     * Clear the contents of this SecretString instance by setting each character to 0.
+     * This is automatically done in the finalize() method.
+     */
+    public void clear() {
+        Arrays.fill(chars, '\0');
+    }
+
+    @Override
+    public void finalize() throws Throwable {
+        clear();
+        super.finalize();
+    }
+}