%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder |
|
|
1 | /* |
|
2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
|
3 | * contributor license agreements. See the NOTICE file distributed with |
|
4 | * this work for additional information regarding copyright ownership. |
|
5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
6 | * (the "License"); you may not use this file except in compliance with |
|
7 | * the License. You may obtain a copy of the License at |
|
8 | * |
|
9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
10 | * |
|
11 | * Unless required by applicable law or agreed to in writing, software |
|
12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
14 | * See the License for the specific language governing permissions and |
|
15 | * limitations under the License. |
|
16 | */ |
|
17 | package org.apache.jetspeed.security.spi.impl; |
|
18 | ||
19 | import java.security.MessageDigest; |
|
20 | import java.security.NoSuchAlgorithmException; |
|
21 | ||
22 | import org.apache.commons.codec.binary.Base64; |
|
23 | import org.apache.jetspeed.security.SecurityException; |
|
24 | import org.apache.jetspeed.security.spi.CredentialPasswordEncoder; |
|
25 | ||
26 | /** |
|
27 | * <p> |
|
28 | * MessageDigestCredentialPasswordEncoder |
|
29 | * </p> |
|
30 | * |
|
31 | * @author <a href="mailto:ate@apache.org">Ate Douma</a> |
|
32 | * @version $Id: MessageDigestCredentialPasswordEncoder.java 516448 2007-03-09 16:25:47Z ate $ |
|
33 | */ |
|
34 | public class MessageDigestCredentialPasswordEncoder implements CredentialPasswordEncoder |
|
35 | { |
|
36 | // Allow copying of encoded passwords or salt the digest with the userName preventing that |
|
37 | 0 | boolean simpleEncryption = false; |
38 | MessageDigest digester; |
|
39 | ||
40 | public MessageDigestCredentialPasswordEncoder() throws NoSuchAlgorithmException |
|
41 | { |
|
42 | 0 | this("SHA-1", false); |
43 | 0 | } |
44 | ||
45 | public MessageDigestCredentialPasswordEncoder(boolean simpleEncryption) throws NoSuchAlgorithmException |
|
46 | { |
|
47 | 0 | this("SHA-1", simpleEncryption); |
48 | 0 | } |
49 | ||
50 | public MessageDigestCredentialPasswordEncoder(String algorithm) throws NoSuchAlgorithmException |
|
51 | { |
|
52 | 0 | this(algorithm, false); |
53 | 0 | } |
54 | ||
55 | public MessageDigestCredentialPasswordEncoder(String algorithm, boolean simpleEncryption) throws NoSuchAlgorithmException |
|
56 | 0 | { |
57 | 0 | this.digester = MessageDigest.getInstance(algorithm); |
58 | 0 | this.simpleEncryption = simpleEncryption; |
59 | 0 | } |
60 | ||
61 | public String getAlgorithm() |
|
62 | { |
|
63 | 0 | return digester.getAlgorithm(); |
64 | } |
|
65 | ||
66 | /** |
|
67 | * @see org.apache.jetspeed.security.spi.CredentialPasswordEncoder#encode(java.lang.String, java.lang.String) |
|
68 | */ |
|
69 | public String encode(String userName, String clearTextPassword) |
|
70 | throws SecurityException |
|
71 | { |
|
72 | byte[] value; |
|
73 | 0 | synchronized(digester) |
74 | { |
|
75 | 0 | digester.reset(); |
76 | 0 | value = digester.digest(clearTextPassword.getBytes()); |
77 | 0 | if (!simpleEncryption) |
78 | { |
|
79 | // don't allow copying of encoded passwords |
|
80 | 0 | digester.update(userName.getBytes()); |
81 | } |
|
82 | 0 | value = digester.digest(value); |
83 | 0 | } |
84 | 0 | return new String(Base64.encodeBase64(value)); |
85 | } |
|
86 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |