View Javadoc

1   /*
2   * Licensed to the Apache Software Foundation (ASF) under one or more
3   * contributor license agreements.  See the NOTICE file distributed with
4   * this work for additional information regarding copyright ownership.
5   * The ASF licenses this file to You under the Apache License, Version 2.0
6   * (the "License"); you may not use this file except in compliance with
7   * the License.  You may obtain a copy of the License at
8   *
9   *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17  package org.apache.jetspeed.security.impl;
18  
19  import java.io.ByteArrayOutputStream;
20  import java.io.OutputStream;
21  import java.security.MessageDigest;
22  
23  import javax.mail.internet.MimeUtility;
24  
25  import org.apache.jetspeed.security.SecurityException;
26  import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
27  
28  public class Jetspeed1CredentialPasswordEncoder implements
29  		CredentialPasswordEncoder {
30  
31      protected String passwordsAlgorithm = "SHA";
32      protected String encodingMethod = "base64";
33  
34      // We don't need the constructors to do anything, but it crashes if we
35      // don't provide them.
36      /*
37      public Jetspeed1CredentialPasswordEncoder() {}
38      public Jetspeed1CredentialPasswordEncoder(boolean dummy) {}
39      public Jetspeed1CredentialPasswordEncoder(String algorithm) 
40      {
41      	this.passwordsAlgorithm = algorithm;
42      }
43      
44      public Jetspeed1CredentialPasswordEncoder(boolean dummy1, String dummy2) {}
45      */
46      
47      public Jetspeed1CredentialPasswordEncoder()
48      {
49      	this("SHA", "base64");
50      }
51      
52      public Jetspeed1CredentialPasswordEncoder( String algorithm )
53      {
54      	this(algorithm, "base64");
55      }
56      
57      public Jetspeed1CredentialPasswordEncoder( String algorithm, String encoding )
58      {
59      	this.passwordsAlgorithm = algorithm;
60      	this.encodingMethod = encoding;
61      }
62      
63      public String encode(String userName, String clearTextPassword)
64  			throws SecurityException {
65      	try
66      	{
67          MessageDigest md = MessageDigest.getInstance(passwordsAlgorithm);
68          // We need to use unicode here, to be independent of platform's
69          // default encoding. Thanks to SGawin for spotting this.
70          byte[] digest = md.digest(clearTextPassword.getBytes("UTF-8"));
71          ByteArrayOutputStream bas = new ByteArrayOutputStream(digest.length + digest.length / 3 + 1);
72          OutputStream encodedStream = MimeUtility.encode(bas, "base64");
73          encodedStream.write(digest);
74          encodedStream.flush();
75          encodedStream.close();
76          return bas.toString();
77      	}
78      	catch( Exception e )
79      	{
80              //logger.error("Unable to encrypt password."+e.getMessage(), e);
81              return null;
82      	}
83  	}
84  
85  }