You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by de...@apache.org on 2007/03/21 02:04:56 UTC
svn commit: r520685 -
/myfaces/shared/branches/3_0_0/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
Author: dennisbyrne
Date: Tue Mar 20 18:04:53 2007
New Revision: 520685
URL: http://svn.apache.org/viewvc?view=rev&rev=520685
Log:
Random password now generated at startup for apps w/out encyrption configured
Modified:
myfaces/shared/branches/3_0_0/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
Modified: myfaces/shared/branches/3_0_0/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/branches/3_0_0/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?view=diff&rev=520685&r1=520684&r2=520685
==============================================================================
--- myfaces/shared/branches/3_0_0/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java (original)
+++ myfaces/shared/branches/3_0_0/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java Tue Mar 20 18:04:53 2007
@@ -35,6 +35,7 @@
import java.io.ObjectOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.util.Random;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
@@ -101,8 +102,12 @@
//nope
}
- private static void testConfiguration(String algorithmParams, String iv){
+ private static void testConfiguration(ExternalContext ctx){
+ String algorithmParams = ctx.getInitParameter(INIT_ALGORITHM_PARAM);
+ String iv = ctx.getInitParameter(INIT_ALGORITHM_IV);
+ String _secret = ctx.getInitParameter(INIT_SECRET);
+
if (algorithmParams != null && algorithmParams.startsWith("CBC") )
{
if(iv == null)
@@ -111,6 +116,10 @@
" but no initialization vector has been set " +
" with " + INIT_ALGORITHM_IV);
}
+
+ if (_secret == null)
+ throw new NullPointerException("secret for " + INIT_SECRET
+ + " not located in deployment descriptor");
}
@@ -389,44 +398,11 @@
if (ctx == null)
throw new NullPointerException("ExternalContext ctx");
- String _secret = ctx.getInitParameter(INIT_SECRET);
- String _algorithm = ctx.getInitParameter(INIT_ALGORITHM);
- String _algorithmParams = ctx.getInitParameter(INIT_ALGORITHM_PARAM);
- String _iv = ctx.getInitParameter(INIT_ALGORITHM_IV);
-
- // use isSecure() before calling this method
- if (_secret == null)
- throw new NullPointerException("secret for " + INIT_SECRET
- + " not located in deployment descriptor");
-
- if (_algorithm == null)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Using default algorithm " + DEFAULT_ALGORITHM);
- }
- _algorithm = DEFAULT_ALGORITHM;
- }
-
- if (_algorithmParams == null)
- {
- if (log.isDebugEnabled())
- {
- log.debug("Using default algorithm paramaters "
- + DEFAULT_ALGORITHM_PARAMS);
- }
- _algorithmParams = DEFAULT_ALGORITHM_PARAMS;
- }
-
- testConfiguration(_algorithmParams, _iv);
-
- Base64 base64 = new Base64();
- // TODO find a way to avoid decoding each time, maybe context listener
-
- byte[] iv = null;
-
- if (_iv != null)
- iv = base64.decode(_iv.getBytes());
+ testConfiguration(ctx);
+
+ String _algorithm = findAlgorithm(ctx);
+ String _algorithmParams = findAlgorithmParams(ctx);
+ byte[] iv = findInitializationVector(ctx);
Object object = ctx.getApplicationMap().get(INIT_SECRET_KEY_CACHE);
@@ -438,13 +414,48 @@
throw new ClassCastException("Did not find an instance of SecretKey "
+ "in application scope using the key '" + INIT_SECRET_KEY_CACHE + "'");
- if(log.isDebugEnabled())
- log.debug("using cached SecretKey");
-
return symmetric(data, (SecretKey)object, _algorithm, _algorithmParams, iv, mode);
}
+ private static byte[] findInitializationVector(ExternalContext ctx) {
+
+ byte[] iv = null;
+ String _iv = ctx.getInitParameter(INIT_ALGORITHM_IV);
+
+ if (_iv != null)
+ iv = new Base64().decode(_iv.getBytes());
+
+ return iv;
+ }
+
+ private static String findAlgorithmParams(ExternalContext ctx) {
+ String _algorithmParams = ctx.getInitParameter(INIT_ALGORITHM_PARAM);
+ if (_algorithmParams == null)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Using default algorithm paramaters "
+ + DEFAULT_ALGORITHM_PARAMS);
+ }
+ _algorithmParams = DEFAULT_ALGORITHM_PARAMS;
+ }
+ return _algorithmParams;
+ }
+
+ private static String findAlgorithm(ExternalContext ctx) {
+ String _algorithm = ctx.getInitParameter(INIT_ALGORITHM);
+ if (_algorithm == null)
+ {
+ if (log.isDebugEnabled())
+ {
+ log.debug("Using default algorithm " + DEFAULT_ALGORITHM);
+ }
+ _algorithm = DEFAULT_ALGORITHM;
+ }
+ return _algorithm;
+ }
+
/**
* Does nothing if the user has disabled the SecretKey cache. This is
* useful when dealing with a JCA provider whose SecretKey
@@ -470,13 +481,19 @@
private static byte[] findSecret(ServletContext ctx) {
String _secret = ctx.getInitParameter(INIT_SECRET);
-
+ byte[] bytes = null;
+
if(_secret == null)
{
- _secret = "00000000";// TODO generate random secret
+ bytes = new byte[8];
+ new Random().nextBytes(bytes);
+ }
+ else
+ {
+ bytes = new Base64().decode(_secret.getBytes());
}
- return new Base64().decode(_secret.getBytes());
+ return bytes;
}
private static String findAlgorithm(ServletContext ctx) {