You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by he...@apache.org on 2003/01/11 15:19:35 UTC
cvs commit: jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/provider ClearCrypt.java JavaCrypt.java OldJavaCrypt.java UnixCrypt.java package.html
henning 2003/01/11 06:19:34
Modified: . project.xml
Added: src/java/org/apache/turbine/services/crypto
CryptoAlgorithm.java CryptoService.java
TurbineCrypto.java TurbineCryptoService.java
package.html
src/java/org/apache/turbine/services/crypto/provider
ClearCrypt.java JavaCrypt.java OldJavaCrypt.java
UnixCrypt.java package.html
Log:
The CryptoService. Backported from Fulcrum, pre-Avalonization
Revision Changes Path
1.74 +14 -0 jakarta-turbine-2/project.xml
Index: project.xml
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/project.xml,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- project.xml 10 Jan 2003 01:36:03 -0000 1.73
+++ project.xml 11 Jan 2003 14:19:34 -0000 1.74
@@ -354,6 +354,13 @@
<dependencies>
<dependency>
+ <id>commons-codec</id>
+ <version>1.0-dev</version>
+ <properties>
+ <war.bundle.jar>true</war.bundle.jar>
+ </properties>
+ </dependency>
+ <dependency>
<id>commons-collections</id>
<version>2.1</version>
<url>http://jakarta.apache.org/commons/collections.html</url>
@@ -393,6 +400,13 @@
<war.bundle.jar>true</war.bundle.jar>
</properties>
</dependency>
+ <dependency>
+ <id>cryptix</id>
+ <version>3.2.0</version>
+ <properties>
+ <war.bundle.jar>true</war.bundle.jar>
+ </properties>
+ </dependency>
<dependency>
<id>ecs</id>
<version>1.4.1</version>
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/CryptoAlgorithm.java
Index: CryptoAlgorithm.java
===================================================================
package org.apache.turbine.services.crypto;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/**
* This interface describes the various Crypto Algorithms that are
* handed out by the Crypto Service.
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: CryptoAlgorithm.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*/
public interface CryptoAlgorithm
{
/**
* Allows the user to set a salt value whenever the
* algorithm is used. Setting a new salt should invalidate
* all internal state of this object.
* <p>
* Algorithms that do not use a salt are allowed to ignore
* this parameter.
* <p>
* Algorithms must be able to deal with the null value as salt.
* They should treat it as "use a random salt".
*
* @param salt The salt value
*
*/
void setSeed(String salt);
/**
* Performs the actual encryption.
*
* @param value The value to be encrypted
*
* @return The encrypted value
*
* @throws Exception various errors from the underlying ciphers.
* The caller should catch them and report accordingly.
*
*/
String encrypt(String value)
throws Exception;
/**
* Algorithms that perform multiple ciphers get told
* with setCipher, which cipher to use. This should be
* called before any other method call.
*
* If called after any call to encrypt or setSeed, the
* CryptoAlgorithm may choose to ignore this or to reset
* and use the new cipher.
*
* If any other call is used before this, the algorithm
* should use a default cipher and not throw an error.
*
* @param cipher The cipher to use.
*
*/
void setCipher(String cipher);
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/CryptoService.java
Index: CryptoService.java
===================================================================
package org.apache.turbine.services.crypto;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import java.security.NoSuchAlgorithmException;
import org.apache.turbine.services.Service;
/**
* The Crypto Service manages the availability of various crypto
* sources. It provides a consistent interface to things like the
* various java.security Message Digest stuff or the Unix Crypt
* algorithm.
*
* It contains no actual crypto code so it should be fine to import/export
* everywhere.
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: CryptoService.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*
*/
public interface CryptoService
extends Service
{
/** The name of the service */
public static final String SERVICE_NAME = "CryptoService";
/**
* Returns a CryptoAlgorithm Object which represents the requested
* crypto algorithm.
*
* @param algorithm Name of the requested algorithm
*
* @return An Object representing the algorithm
*
* @throws NoSuchAlgorithmException Requested algorithm is not available
*
*/
CryptoAlgorithm getCryptoAlgorithm(String algorithm)
throws NoSuchAlgorithmException;
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/TurbineCrypto.java
Index: TurbineCrypto.java
===================================================================
package org.apache.turbine.services.crypto;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import java.security.NoSuchAlgorithmException;
import org.apache.turbine.services.TurbineServices;
/**
* This is a facade class for the CryptoService.
*
* Here are the static methods that call related methods of the
* various implementations of the Crypto Security Service, according
* to the settings in TurbineResources.
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: TurbineCrypto.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*
*/
public abstract class TurbineCrypto
{
/**
* Retrieves an implementation of the CryptoService, based on
* the settings in TurbineResources.
*
* @return an implementation of the CryptoService
*/
public static CryptoService getService()
{
return (CryptoService) TurbineServices.getInstance()
.getService(CryptoService.SERVICE_NAME);
}
/**
* Returns a CryptoAlgorithm Object which represents the requested
* crypto algorithm.
*
* @param algo Name of the requested algorithm
*
* @return An Object representing the algorithm
*
* @throws NoSuchAlgorithmException Requested algorithm is not available
*
*/
public static CryptoAlgorithm getCryptoAlgorithm(String algo)
throws NoSuchAlgorithmException
{
return getService().getCryptoAlgorithm(algo);
}
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/TurbineCryptoService.java
Index: TurbineCryptoService.java
===================================================================
package org.apache.turbine.services.crypto;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import java.util.Hashtable;
import java.util.Iterator;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.configuration.Configuration;
import org.apache.turbine.services.InitializationException;
import org.apache.turbine.services.factory.FactoryService;
import org.apache.turbine.services.BaseService;
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.crypto.provider.JavaCrypt;
/**
* An implementation of CryptoService that uses either supplied crypto
* Algorithms (provided in Turbine.Services.properties) or tries to get them via
* the normal java mechanisms if this fails.
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: TurbineCryptoService.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*
*/
public class TurbineCryptoService
extends BaseService
implements CryptoService
{
/** Key Prefix for our algorithms */
private static final String ALGORITHM = "algorithm";
/** Default Key */
private static final String DEFAULT_KEY = "default";
/** Default Encryption Class */
private static final String DEFAULT_CLASS =
JavaCrypt.class.getName();
/** Names of the registered algorithms and the wanted classes */
private Hashtable algos = null;
/** A factory to construct CryptoAlgorithm objects */
private FactoryService factoryService = null;
/**
* There is not much to initialize here. This runs
* as early init method.
*
* @throws InitializationException Something went wrong in the init
* stage
*/
public void init()
throws InitializationException
{
this.algos = new Hashtable();
/*
* Set up default (Can be overridden by default key
* from the properties
*/
algos.put(DEFAULT_KEY, DEFAULT_CLASS);
/* get the parts of the configuration relevant to us. */
Configuration conf = getConfiguration().subset(ALGORITHM);
if (conf != null)
{
for (Iterator it = conf.getKeys() ;it.hasNext(); )
{
String key = (String) it.next();
String val = conf.getString(key);
// Log.debug("Registered " + val
// + " for Crypto Algorithm " + key);
algos.put(key, val);
}
}
try
{
factoryService = (FactoryService) TurbineServices.getInstance().
getService(FactoryService.SERVICE_NAME);
}
catch (Exception e)
{
throw new InitializationException(
"TurbineCryptoService.init: Failed to get a Factory object", e);
}
setInit(true);
}
/**
* Returns a CryptoAlgorithm Object which represents the requested
* crypto algorithm.
*
* @param algo Name of the requested algorithm
*
* @return An Object representing the algorithm
*
* @throws NoSuchAlgorithmException Requested algorithm is not available
*
*/
public CryptoAlgorithm getCryptoAlgorithm(String algo)
throws NoSuchAlgorithmException
{
String cryptoClass = (String) algos.get(algo);
CryptoAlgorithm ca = null;
if (cryptoClass == null)
{
cryptoClass = (String) algos.get(DEFAULT_KEY);
}
if (cryptoClass == null || cryptoClass.equalsIgnoreCase("none"))
{
throw new NoSuchAlgorithmException(
"TurbineCryptoService: No Algorithm for "
+ algo + " found");
}
try
{
ca = (CryptoAlgorithm) factoryService.getInstance(cryptoClass);
}
catch (Exception e)
{
throw new NoSuchAlgorithmException(
"TurbineCryptoService: Error instantiating "
+ cryptoClass + " for " + algo);
}
ca.setCipher(algo);
return ca;
}
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/package.html
Index: package.html
===================================================================
<html>
<head>
<!-- head part is ignored -->
</head>
<body>
Contains the Crypto Service providing you with a variety of Crypto algorithms.
<br>
<font size="-2">$Id: package.html,v 1.1 2003/01/11 14:19:34 henning Exp $</font>
</body>
</html>
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/provider/ClearCrypt.java
Index: ClearCrypt.java
===================================================================
package org.apache.turbine.services.crypto.provider;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import org.apache.turbine.services.crypto.CryptoAlgorithm;
/**
* This is a dummy for "cleartext" encryption. It goes through
* the notions of the CryptoAlgorithm interface but actually does
* nothing. It can be used as a replacement for the "encrypt = no"
* setting in TurbineResources.
*
* Can be used as the default crypto algorithm
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: ClearCrypt.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*/
public class ClearCrypt
implements CryptoAlgorithm
{
/**
* C'tor
*
*/
public ClearCrypt()
{
}
/**
* This class never uses an algorithm, so this is
* just a dummy.
*
* @param cipher Cipher (ignored)
*/
public void setCipher(String cipher)
{
/* dummy */
}
/**
* This class never uses a seed, so this is
* just a dummy.
*
* @param seed Seed (ignored)
*/
public void setSeed(String seed)
{
/* dummy */
}
/**
* encrypt the supplied string with the requested cipher
*
* @param value The value to be encrypted
*
* @return The encrypted value
*
* @throws Exception An Exception of the underlying implementation.
*
*/
public String encrypt(String value)
throws Exception
{
/*
* Ultra-clever implementation. ;-)
*/
return value;
}
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/provider/JavaCrypt.java
Index: JavaCrypt.java
===================================================================
package org.apache.turbine.services.crypto.provider;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import java.security.MessageDigest;
import org.apache.commons.codec.base64.Base64;
import org.apache.turbine.services.crypto.CryptoAlgorithm;
/**
* Implements the normal java.security.MessageDigest stream cipers.
* Base64 strings returned by this provider are correctly padded to
* multiples of four bytes. If you run into interoperability problems
* with other languages, especially perl and the Digest::MD5 module,
* note that the md5_base64 function from this package incorrectly drops
* the pad bytes. Use the MIME::Base64 package instead.
*
* If you upgrade from Turbine 2.1 and suddently your old stored passwords
* no longer work, please take a look at the OldJavaCrypt provider for
* bug-to-bug compatibility.
*
* This provider can be used as the default crypto algorithm provider.
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: JavaCrypt.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*/
public class JavaCrypt
implements CryptoAlgorithm
{
/** The default cipher */
public static final String DEFAULT_CIPHER = "SHA";
/** The cipher to use for encryption */
private String cipher = null;
/**
* C'tor
*
*/
public JavaCrypt()
{
this.cipher = DEFAULT_CIPHER;
}
/**
* Setting the actual cipher requested. If not
* called, then the default cipher (SHA) is used.
*
* This will never throw an error even if there is no
* provider for this cipher. The error will be thrown
* by encrypt() (Fixme?)
*
* @param cipher The cipher to use.
*
*/
public void setCipher(String cipher)
{
this.cipher = cipher;
}
/**
* This class never uses a seed, so this is
* just a dummy.
*
* @param seed Seed (ignored)
*
*/
public void setSeed(String seed)
{
/* dummy */
}
/**
* encrypt the supplied string with the requested cipher
*
* @param value The value to be encrypted
*
* @return The encrypted value
*
* @throws Exception An Exception of the underlying implementation.
*/
public String encrypt(String value)
throws Exception
{
MessageDigest md = MessageDigest.getInstance(cipher);
// We need to use unicode here, to be independent of platform's
// default encoding. Thanks to SGawin for spotting this.
byte[] digest = md.digest(value.getBytes("UTF-8"));
// Base64-encode the digest.
byte[] encodedDigest = Base64.encode(digest);
return (encodedDigest == null ? null :
new String(encodedDigest));
}
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/provider/OldJavaCrypt.java
Index: OldJavaCrypt.java
===================================================================
package org.apache.turbine.services.crypto.provider;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import javax.mail.internet.MimeUtility;
import java.security.MessageDigest;
import java.io.OutputStream;
import java.io.ByteArrayOutputStream;
import org.apache.turbine.services.crypto.CryptoAlgorithm;
/**
* This is the Message Digest Implementation of Turbine 2.1. It does
* not pad the Base64 encryption of the Message Digests correctly but
* truncates after 20 chars. This leads to interoperability problems
* if you want to use e.g. database columns between two languages.
*
* If you upgrade an application from Turbine 2.1 and have already used
* the Security Service with encrypted passwords and no way to rebuild
* your databases, use this provider. It is bug-compatible.
*
* DO NOT USE THIS PROVIDER FOR ANY NEW APPLICATION!
*
* Nevertheless it can be used as the default crypto algorithm .
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: OldJavaCrypt.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*/
public class OldJavaCrypt
implements CryptoAlgorithm
{
/** The default cipher */
public static final String DEFAULT_CIPHER = "SHA";
/** The cipher to use for encryption */
private String cipher = null;
/**
* C'tor
*
*/
public OldJavaCrypt()
{
this.cipher = DEFAULT_CIPHER;
}
/**
* Setting the actual cipher requested. If not
* called, then the default cipher (SHA) is used.
*
* This will never throw an error even if there is no
* provider for this cipher. The error will be thrown
* by encrypt() (Fixme?)
*
* @param cipher The cipher to use.
*
*/
public void setCipher(String cipher)
{
this.cipher = cipher;
}
/**
* This class never uses a seed, so this is
* just a dummy.
*
* @param seed Seed (ignored)
*
*/
public void setSeed(String seed)
{
/* dummy */
}
/**
* encrypt the supplied string with the requested cipher
*
* @param value The value to be encrypted
*
* @return The encrypted value
*
* @throws Exception An Exception of the underlying implementation.
*/
public String encrypt(String value)
throws Exception
{
MessageDigest md = MessageDigest.getInstance(cipher);
// We need to use unicode here, to be independent of platform's
// default encoding. Thanks to SGawin for spotting this.
byte[] digest = md.digest(value.getBytes("UTF-8"));
ByteArrayOutputStream bas =
new ByteArrayOutputStream(digest.length + digest.length / 3 + 1);
OutputStream encodedStream = MimeUtility.encode(bas, "base64");
encodedStream.write(digest);
return bas.toString();
}
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/provider/UnixCrypt.java
Index: UnixCrypt.java
===================================================================
package org.apache.turbine.services.crypto.provider;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import org.apache.turbine.services.crypto.CryptoAlgorithm;
/**
* Implements Standard Unix crypt(3) for use with the Crypto Service.
*
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @version $Id: UnixCrypt.java,v 1.1 2003/01/11 14:19:34 henning Exp $
*/
public class UnixCrypt
implements CryptoAlgorithm
{
/** The seed to use */
private String seed = null;
/** standard Unix crypt chars (64) */
private static final char[] SALT_CHARS =
(("abcdefghijklmnopqrstuvwxyz" +
"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./").toCharArray());
/**
* C'tor
*
*/
public UnixCrypt()
{
}
/**
* This class never uses anything but
* UnixCrypt, so it is just a dummy
* (Fixme: Should we throw an exception if
* something is requested that we don't support?
*
* @param cipher Cipher (ignored)
*/
public void setCipher(String cipher)
{
/* dummy */
}
/**
* Setting the seed for the UnixCrypt
* algorithm. If a null value is supplied,
* or no seed is set, then a random seed is used.
*
* @param seed The seed value to use.
*/
public void setSeed(String seed)
{
this.seed = seed;
}
/**
* encrypt the supplied string with the requested cipher
*
* @param value The value to be encrypted
*
* @return The encrypted value
*
* @throws Exception An Exception of the underlying implementation.
*/
public String encrypt(String value)
throws Exception
{
if (seed == null)
{
java.util.Random randomGenerator = new java.util.Random();
int numSaltChars = SALT_CHARS.length;
seed = (new StringBuffer())
.append(SALT_CHARS[Math.abs(randomGenerator.nextInt())
% numSaltChars])
.append(SALT_CHARS[Math.abs(randomGenerator.nextInt())
% numSaltChars])
.toString();
}
/* UnixCrypt seems to be a really widespread name... */
return new cryptix.tools.UnixCrypt(seed).crypt(value);
}
}
1.1 jakarta-turbine-2/src/java/org/apache/turbine/services/crypto/provider/package.html
Index: package.html
===================================================================
<html>
<head>
<!-- head part is ignored -->
</head>
<body>
Algorithm providers for the Crypto Service.
<br>
<font size="-2">$Id: package.html,v 1.1 2003/01/11 14:19:34 henning Exp $</font>
</body>
</html>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>