001: package org.apache.turbine.services.crypto.provider;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import java.io.ByteArrayOutputStream;
023: import java.io.OutputStream;
024:
025: import java.security.MessageDigest;
026:
027: import javax.mail.internet.MimeUtility;
028:
029: import org.apache.turbine.services.crypto.CryptoAlgorithm;
030:
031: /**
032: * This is the Message Digest Implementation of Turbine 2.1. It does
033: * not pad the Base64 encryption of the Message Digests correctly but
034: * truncates after 20 chars. This leads to interoperability problems
035: * if you want to use e.g. database columns between two languages.
036: *
037: * If you upgrade an application from Turbine 2.1 and have already used
038: * the Security Service with encrypted passwords and no way to rebuild
039: * your databases, use this provider. It is bug-compatible.
040: *
041: * DO NOT USE THIS PROVIDER FOR ANY NEW APPLICATION!
042: *
043: * Nevertheless it can be used as the default crypto algorithm .
044: *
045: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
046: * @version $Id: OldJavaCrypt.java 534527 2007-05-02 16:10:59Z tv $
047: */
048: public class OldJavaCrypt implements CryptoAlgorithm {
049:
050: /** The default cipher */
051: public static final String DEFAULT_CIPHER = "SHA";
052:
053: /** The cipher to use for encryption */
054: private String cipher = null;
055:
056: /**
057: * C'tor
058: */
059: public OldJavaCrypt() {
060: this .cipher = DEFAULT_CIPHER;
061: }
062:
063: /**
064: * Setting the actual cipher requested. If not
065: * called, then the default cipher (SHA) is used.
066: *
067: * This will never throw an error even if there is no
068: * provider for this cipher. The error will be thrown
069: * by encrypt() (Fixme?)
070: *
071: * @param cipher The cipher to use.
072: */
073: public void setCipher(String cipher) {
074: this .cipher = cipher;
075: }
076:
077: /**
078: * This class never uses a seed, so this is
079: * just a dummy.
080: *
081: * @param seed Seed (ignored)
082: */
083: public void setSeed(String seed) {
084: /* dummy */
085: }
086:
087: /**
088: * Encrypt the supplied string with the requested cipher
089: *
090: * @param value The value to be encrypted
091: * @return The encrypted value
092: * @throws Exception An Exception of the underlying implementation.
093: */
094: public String encrypt(String value) throws Exception {
095: MessageDigest md = MessageDigest.getInstance(cipher);
096:
097: // We need to use unicode here, to be independent of platform's
098: // default encoding. Thanks to SGawin for spotting this.
099:
100: byte[] digest = md.digest(value.getBytes("UTF-8"));
101: ByteArrayOutputStream bas = new ByteArrayOutputStream(
102: digest.length + digest.length / 3 + 1);
103: OutputStream encodedStream = MimeUtility.encode(bas, "base64");
104: encodedStream.write(digest);
105: return bas.toString();
106: }
107:
108: }
|