You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ka...@apache.org on 2010/03/23 11:34:56 UTC
svn commit: r926520 - in /db/derby/code/trunk/java/engine/org/apache/derby:
iapi/util/StringUtil.java
impl/jdbc/authentication/AuthenticationServiceBase.java
Author: kahatlen
Date: Tue Mar 23 10:34:55 2010
New Revision: 926520
URL: http://svn.apache.org/viewvc?rev=926520&view=rev
Log:
DERBY-4483: Make toHexByte() private to discourage its use in new code
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java?rev=926520&r1=926519&r2=926520&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java Tue Mar 23 10:34:55 2010
@@ -227,39 +227,6 @@ public class StringUtil
return s.toString();
}
- /**
-
- Convert a string into a byte array in hex format.
- <BR>
- For each character (b) two bytes are generated, the first byte
- represents the high nibble (4 bits) in hexidecimal (<code>b & 0xf0</code>),
- the second byte represents the low nibble (<code>b & 0x0f</code>).
- <BR>
- The character at <code>str.charAt(0)</code> is represented by the first two bytes
- in the returned String.
-
- @param str string
- @param offset starting character (zero based) to convert.
- @param length number of characters to convert.
-
- @return the byte[] (with hexidecimal format) form of the string (str)
- */
- public static byte[] toHexByte(String str, int offset, int length)
- {
- byte[] data = new byte[(length - offset) * 2];
- int end = offset+length;
-
- for (int i = offset; i < end; i++)
- {
- char ch = str.charAt(i);
- int high_nibble = (ch & 0xf0) >>> 4;
- int low_nibble = (ch & 0x0f);
- data[i] = (byte)high_nibble;
- data[i+1] = (byte)low_nibble;
- }
- return data;
- }
-
/**
Convert a hexidecimal string generated by toHexString() back
into a byte array.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java?rev=926520&r1=926519&r2=926520&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java Tue Mar 23 10:34:55 2010
@@ -468,8 +468,7 @@ public abstract class AuthenticationServ
algorithm.reset();
byte[] bytePasswd = null;
- bytePasswd = StringUtil.toHexByte(
- plainTxtUserPassword,0,plainTxtUserPassword.length());
+ bytePasswd = toHexByte(plainTxtUserPassword);
algorithm.update(bytePasswd);
byte[] encryptVal = algorithm.digest();
String hexString = ID_PATTERN_SHA1_SCHEME +
@@ -480,6 +479,47 @@ public abstract class AuthenticationServ
/**
* <p>
+ * Convert a string into a byte array in hex format.
+ * </p>
+ *
+ * <p>
+ * For each character (b) two bytes are generated, the first byte
+ * represents the high nibble (4 bits) in hexadecimal ({@code b & 0xf0}),
+ * the second byte represents the low nibble ({@code b & 0x0f}).
+ * </p>
+ *
+ * <p>
+ * The character at {@code str.charAt(0)} is represented by the first two
+ * bytes in the returned String.
+ * </p>
+ *
+ * <p>
+ * New code is encouraged to use {@code String.getBytes(String)} or similar
+ * methods instead, since this method does not preserve all bits for
+ * characters whose codepoint exceeds 8 bits. This method is preserved for
+ * compatibility with the SHA-1 authentication scheme.
+ * </p>
+ *
+ * @param str string
+ * @return the byte[] (with hexadecimal format) form of the string (str)
+ */
+ private static byte[] toHexByte(String str)
+ {
+ byte[] data = new byte[str.length() * 2];
+
+ for (int i = 0; i < str.length(); i++)
+ {
+ char ch = str.charAt(i);
+ int high_nibble = (ch & 0xf0) >>> 4;
+ int low_nibble = (ch & 0x0f);
+ data[i] = (byte)high_nibble;
+ data[i+1] = (byte)low_nibble;
+ }
+ return data;
+ }
+
+ /**
+ * <p>
* Encrypt a password using the specified hash algorithm and with the
* user name as extra salt. The algorithm must be supported by one of
* the registered security providers in the JVM.
@@ -671,7 +711,7 @@ public abstract class AuthenticationServ
messageDigest.reset();
byte[] bytePasswd = null;
- byte[] userBytes = StringUtil.toHexByte(userName, 0, userName.length());
+ byte[] userBytes = toHexByte(userName);
if (SanityManager.DEBUG)
{
@@ -699,7 +739,7 @@ public abstract class AuthenticationServ
// substitute generation right afterwards.
if (!databaseUser)
{
- bytePasswd = StringUtil.toHexByte(password, 0, password.length());
+ bytePasswd = toHexByte(password);
messageDigest.update(bytePasswd);
byte[] encryptVal = messageDigest.digest();
hexString = ID_PATTERN_SHA1_SCHEME +
@@ -722,8 +762,7 @@ public abstract class AuthenticationServ
// Generate some 20-byte password token
messageDigest.update(userBytes);
- messageDigest.update(
- StringUtil.toHexByte(hexString, 0, hexString.length()));
+ messageDigest.update(toHexByte(hexString));
byte[] passwordToken = messageDigest.digest();
// Now we generate the 20-byte password substitute