001package org.apache.fulcrum.crypto.provider; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import java.security.MessageDigest; 023 024import org.apache.commons.codec.binary.Base64; 025import org.apache.fulcrum.crypto.CryptoAlgorithm; 026 027/** 028 * This is the Message Digest Implementation of Turbine 2.1. It does not pad the 029 * Base64 encryption of the Message Digests correctly but truncates after 20 030 * chars. This leads to interoperability problems if you want to use e.g. 031 * database columns between two languages. 032 * 033 * If you upgrade an application from Turbine 2.1 and have already used the 034 * Security Service with encrypted passwords and no way to rebuild your 035 * databases, use this provider. It is bug-compatible. 036 * 037 * DO NOT USE THIS PROVIDER FOR ANY NEW APPLICATION! 038 * 039 * Nevertheless it can be used as the default crypto algorithm . 040 * 041 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 042 * @version $Id: OldJavaCrypt.java 1852158 2019-01-25 18:19:46Z painter $ 043 */ 044public class OldJavaCrypt implements CryptoAlgorithm 045{ 046 /** The default cipher */ 047 public static final String DEFAULT_CIPHER = "SHA"; 048 049 /** The cipher to use for encryption */ 050 private String cipher = null; 051 052 /** 053 * Constructor 054 */ 055 public OldJavaCrypt() 056 { 057 this.cipher = DEFAULT_CIPHER; 058 } 059 060 /** 061 * Setting the actual cipher requested. If not called, then the default cipher 062 * (SHA) is used. 063 * 064 * This will never throw an error even if there is no provider for this cipher. 065 * The error will be thrown by encrypt() (Fixme?) 066 * 067 * @param cipher The cipher to use. 068 * 069 */ 070 public void setCipher(String cipher) 071 { 072 this.cipher = cipher; 073 } 074 075 /** 076 * This class never uses a seed, so this is just a dummy. 077 * 078 * @param seed Seed (ignored) 079 * 080 */ 081 public void setSeed(String seed) 082 { 083 /* dummy */ 084 } 085 086 /** 087 * Encrypt the supplied string with the requested cipher 088 * 089 * @param value The value to be encrypted 090 * @return The encrypted value 091 * @throws Exception An Exception of the underlying implementation. 092 */ 093 public String encrypt(String value) throws Exception 094 { 095 MessageDigest md = MessageDigest.getInstance(cipher); 096 byte[] digest = md.digest(value.getBytes("UTF-8")); 097 byte[] base64 = Base64.encodeBase64(digest); 098 099 // from MD5 the digest has 16 bytes but for SHA1 it contains 20 bytes 100 // depending on the digest length the result is truncated 101 int len = (digest.length == 16 ? 20 : 24); 102 byte[] result = new byte[len]; 103 104 System.arraycopy(base64, 0, result, 0, result.length); 105 return new String(result, "UTF-8"); 106 } 107}