001package org.apache.fulcrum.crypto.provider; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import java.security.MessageDigest; 023 024import org.apache.commons.codec.binary.Base64; 025import org.apache.fulcrum.crypto.CryptoAlgorithm; 026 027/** 028 * Implements the normal java.security.MessageDigest stream cipers. Base64 029 * strings returned by this provider are correctly padded to multiples of four 030 * bytes. If you run into interoperability problems with other languages, 031 * especially perl and the Digest::MD5 module, note that the md5_base64 function 032 * from this package incorrectly drops the pad bytes. Use the MIME::Base64 033 * package instead. 034 * 035 * If you upgrade from Turbine 2.1 and suddently your old stored passwords no 036 * longer work, please take a look at the OldJavaCrypt provider for bug-to-bug 037 * compatibility. 038 * 039 * This provider can be used as the default crypto algorithm provider. 040 * 041 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 042 * @version $Id: JavaCrypt.java 1852158 2019-01-25 18:19:46Z painter $ 043 */ 044public class JavaCrypt implements CryptoAlgorithm 045{ 046 047 /** The default cipher */ 048 public static final String DEFAULT_CIPHER = "SHA"; 049 050 /** The cipher to use for encryption */ 051 private String cipher = null; 052 053 /** 054 * Constructor 055 * 056 */ 057 public JavaCrypt() 058 { 059 this.cipher = DEFAULT_CIPHER; 060 } 061 062 /** 063 * Setting the actual cipher requested. If not called, then the default cipher 064 * (SHA) is used. 065 * 066 * This will never throw an error even if there is no provider for this cipher. 067 * The error will be thrown by encrypt() (Fixme?) 068 * 069 * @see org.apache.fulcrum.crypto.CryptoAlgorithm#setCipher(java.lang.String) 070 * 071 * @param cipher The cipher to use. 072 * 073 */ 074 public void setCipher(String cipher) 075 { 076 this.cipher = cipher; 077 } 078 079 /** 080 * This class never uses a seed, so this is just a dummy. 081 * 082 * @see org.apache.fulcrum.crypto.CryptoAlgorithm#setSeed(java.lang.String) 083 * 084 * @param seed Seed (ignored) 085 * 086 */ 087 public void setSeed(String seed) 088 { 089 /* dummy */ 090 } 091 092 /** 093 * Encrypt the supplied string with the requested cipher 094 * 095 * @see org.apache.fulcrum.crypto.CryptoAlgorithm#encrypt(java.lang.String) 096 * 097 * @param value The value to be encrypted 098 * @return The encrypted value 099 * @throws Exception An Exception of the underlying implementation. 100 */ 101 public String encrypt(String value) throws Exception 102 { 103 MessageDigest md = MessageDigest.getInstance(cipher); 104 105 // We need to use unicode here, to be independent of platform's 106 // default encoding. Thanks to SGawin for spotting this. 107 byte[] digest = md.digest(value.getBytes("UTF-8")); 108 109 // Base64-encode the digest. 110 byte[] encodedDigest = Base64.encodeBase64(digest); 111 return (encodedDigest == null ? null : new String(encodedDigest, "UTF-8")); 112 } 113}