01: /*
02: * Licensed to the Apache Software Foundation (ASF) under one or more
03: * contributor license agreements. See the NOTICE file distributed with
04: * this work for additional information regarding copyright ownership.
05: * The ASF licenses this file to You under the Apache License, Version 2.0
06: * (the "License"); you may not use this file except in compliance with
07: * the License. You may obtain a copy of the License at
08: *
09: * http://www.apache.org/licenses/LICENSE-2.0
10: *
11: * Unless required by applicable law or agreed to in writing, software
12: * distributed under the License is distributed on an "AS IS" BASIS,
13: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14: * See the License for the specific language governing permissions and
15: * limitations under the License.
16: */
17: package org.apache.jetspeed.security.impl;
18:
19: import java.io.ByteArrayOutputStream;
20: import java.io.OutputStream;
21: import java.security.MessageDigest;
22:
23: import javax.mail.internet.MimeUtility;
24:
25: import org.apache.jetspeed.security.SecurityException;
26: import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
27:
28: public class Jetspeed1CredentialPasswordEncoder implements
29: CredentialPasswordEncoder {
30:
31: protected String passwordsAlgorithm = "SHA";
32: protected String encodingMethod = "base64";
33:
34: // We don't need the constructors to do anything, but it crashes if we
35: // don't provide them.
36: /*
37: public Jetspeed1CredentialPasswordEncoder() {}
38: public Jetspeed1CredentialPasswordEncoder(boolean dummy) {}
39: public Jetspeed1CredentialPasswordEncoder(String algorithm)
40: {
41: this.passwordsAlgorithm = algorithm;
42: }
43:
44: public Jetspeed1CredentialPasswordEncoder(boolean dummy1, String dummy2) {}
45: */
46:
47: public Jetspeed1CredentialPasswordEncoder() {
48: this ("SHA", "base64");
49: }
50:
51: public Jetspeed1CredentialPasswordEncoder(String algorithm) {
52: this (algorithm, "base64");
53: }
54:
55: public Jetspeed1CredentialPasswordEncoder(String algorithm,
56: String encoding) {
57: this .passwordsAlgorithm = algorithm;
58: this .encodingMethod = encoding;
59: }
60:
61: public String encode(String userName, String clearTextPassword)
62: throws SecurityException {
63: try {
64: MessageDigest md = MessageDigest
65: .getInstance(passwordsAlgorithm);
66: // We need to use unicode here, to be independent of platform's
67: // default encoding. Thanks to SGawin for spotting this.
68: byte[] digest = md.digest(clearTextPassword
69: .getBytes("UTF-8"));
70: ByteArrayOutputStream bas = new ByteArrayOutputStream(
71: digest.length + digest.length / 3 + 1);
72: OutputStream encodedStream = MimeUtility.encode(bas,
73: "base64");
74: encodedStream.write(digest);
75: encodedStream.flush();
76: encodedStream.close();
77: return bas.toString();
78: } catch (Exception e) {
79: //logger.error("Unable to encrypt password."+e.getMessage(), e);
80: return null;
81: }
82: }
83:
84: }
|