01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity.providers.encoding;
17:
18: /**
19: * <p>Convenience base for all password encoders.</p>
20: *
21: * @author Ben Alex
22: * @version $Id: BasePasswordEncoder.java 1496 2006-05-23 13:38:33Z benalex $
23: */
24: public abstract class BasePasswordEncoder implements PasswordEncoder {
25: //~ Methods ========================================================================================================
26:
27: /**
28: * Used by subclasses to extract the password and salt from a merged <code>String</code> created using
29: * {@link #mergePasswordAndSalt(String,Object,boolean)}.<p>The first element in the returned array is the
30: * password. The second element is the salt. The salt array element will always be present, even if no salt was
31: * found in the <code>mergedPasswordSalt</code> argument.</p>
32: *
33: * @param mergedPasswordSalt as generated by <code>mergePasswordAndSalt</code>
34: *
35: * @return an array, in which the first element is the password and the second the salt
36: *
37: * @throws IllegalArgumentException if mergedPasswordSalt is null or empty.
38: */
39: protected String[] demergePasswordAndSalt(String mergedPasswordSalt) {
40: if ((mergedPasswordSalt == null)
41: || "".equals(mergedPasswordSalt)) {
42: throw new IllegalArgumentException(
43: "Cannot pass a null or empty String");
44: }
45:
46: String password = mergedPasswordSalt;
47: String salt = "";
48:
49: int saltBegins = mergedPasswordSalt.lastIndexOf("{");
50:
51: if ((saltBegins != -1)
52: && ((saltBegins + 1) < mergedPasswordSalt.length())) {
53: salt = mergedPasswordSalt.substring(saltBegins + 1,
54: mergedPasswordSalt.length() - 1);
55: password = mergedPasswordSalt.substring(0, saltBegins);
56: }
57:
58: return new String[] { password, salt };
59: }
60:
61: /**
62: * Used by subclasses to generate a merged password and salt <code>String</code>.<P>The generated password
63: * will be in the form of <code>password{salt}</code>.</p>
64: * <p>A <code>null</code> can be passed to either method, and will be handled correctly. If the
65: * <code>salt</code> is <code>null</code> or empty, the resulting generated password will simply be the passed
66: * <code>password</code>. The <code>toString</code> method of the <code>salt</code> will be used to represent the
67: * salt.</p>
68: *
69: * @param password the password to be used (can be <code>null</code>)
70: * @param salt the salt to be used (can be <code>null</code>)
71: * @param strict ensures salt doesn't contain the delimiters
72: *
73: * @return a merged password and salt <code>String</code>
74: *
75: * @throws IllegalArgumentException if the salt contains '{' or '}' characters.
76: */
77: protected String mergePasswordAndSalt(String password, Object salt,
78: boolean strict) {
79: if (password == null) {
80: password = "";
81: }
82:
83: if (strict && (salt != null)) {
84: if ((salt.toString().lastIndexOf("{") != -1)
85: || (salt.toString().lastIndexOf("}") != -1)) {
86: throw new IllegalArgumentException(
87: "Cannot use { or } in salt.toString()");
88: }
89: }
90:
91: if ((salt == null) || "".equals(salt)) {
92: return password;
93: } else {
94: return password + "{" + salt.toString() + "}";
95: }
96: }
97: }
|