Author: painter Date: Tue Dec 18 15:27:13 2018 New Revision: 1849182 URL: http://svn.apache.org/viewvc?rev=1849182&view=rev Log: PMD and FindBug fixes, add commons-codec dependency, remove encryption algos managed by commons-codec
Removed: turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/impl/ Modified: turbine/fulcrum/trunk/crypto/pom.xml turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/DefaultCryptoService.java turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/ClearCrypt.java turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/JavaCrypt.java turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/OldJavaCrypt.java turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/UnixCrypt.java turbine/fulcrum/trunk/crypto/xdocs/changes.xml Modified: turbine/fulcrum/trunk/crypto/pom.xml URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/pom.xml?rev=1849182&r1=1849181&r2=1849182&view=diff ============================================================================== --- turbine/fulcrum/trunk/crypto/pom.xml (original) +++ turbine/fulcrum/trunk/crypto/pom.xml Tue Dec 18 15:27:13 2018 @@ -70,6 +70,12 @@ <artifactId>avalon-framework-api</artifactId> <version>4.3.1</version> </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.11</version> + </dependency> + <!-- testing dependencies --> <dependency> <groupId>org.apache.fulcrum</groupId> Modified: turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/DefaultCryptoService.java URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/DefaultCryptoService.java?rev=1849182&r1=1849181&r2=1849182&view=diff ============================================================================== --- turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/DefaultCryptoService.java (original) +++ turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/DefaultCryptoService.java Tue Dec 18 15:27:13 2018 @@ -21,7 +21,6 @@ package org.apache.fulcrum.crypto; import java.security.NoSuchAlgorithmException; import java.util.HashMap; -import java.util.Hashtable; import org.apache.avalon.framework.activity.Initializable; import org.apache.avalon.framework.configuration.Configurable; @@ -46,10 +45,8 @@ import org.apache.avalon.framework.threa */ public class DefaultCryptoService extends AbstractLogEnabled implements CryptoService, Configurable, Initializable, ThreadSafe { - // - // SJM: removed Component and Contextualizable, Startable - // + /** Key Prefix for our algorithms */ private static final String ALGORITHM = "algorithm"; @@ -60,7 +57,7 @@ public class DefaultCryptoService extend private static final String DEFAULT_CLASS = "org.apache.fulcrum.crypto.provider.JavaCrypt"; /** Names of the registered algorithms and the wanted classes */ - private HashMap<String, String> algos = null; + private HashMap<String, String> algos = new HashMap<>(); /** * Returns a CryptoAlgorithm Object which represents the requested crypto @@ -83,9 +80,6 @@ public class DefaultCryptoService extend throw new NoSuchAlgorithmException("TurbineCryptoService: No Algorithm for " + algo + " found"); } try { - // @todo should be created via factory service. - // Just trying to get something to work. - // ca = (CryptoAlgorithm) factoryService.getInstance(cryptoClass); ca = (CryptoAlgorithm) Class.forName(cryptoClass).newInstance(); } catch (Exception e) { throw new NoSuchAlgorithmException( @@ -95,6 +89,7 @@ public class DefaultCryptoService extend return ca; } + // ---------------- Avalon Lifecycle Methods --------------------- /** @@ -113,16 +108,13 @@ public class DefaultCryptoService extend final Configuration algorithms = conf.getChild(ALGORITHM, false); if (algorithms != null) { Configuration[] nameVal = algorithms.getChildren(); - for (int i = 0; i < nameVal.length; i++) { - String key = nameVal[i].getName(); - String val = nameVal[i].getValue(); - // getLogger.debug("Registered " + val - // + " for Crypto Algorithm " + key); - algos.put(key, val); + for ( Configuration entry : nameVal ) + { + algos.put(entry.getName(), entry.getValue()); } } } - + /** * {@link org.apache.avalon.framework.activity.Initializable#initialize()} * Modified: turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/ClearCrypt.java URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/ClearCrypt.java?rev=1849182&r1=1849181&r2=1849182&view=diff ============================================================================== --- turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/ClearCrypt.java (original) +++ turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/ClearCrypt.java Tue Dec 18 15:27:13 2018 @@ -1,6 +1,5 @@ package org.apache.fulcrum.crypto.provider; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -20,14 +19,12 @@ package org.apache.fulcrum.crypto.provid * under the License. */ - import org.apache.fulcrum.crypto.CryptoAlgorithm; /** - * This is a dummy for "cleartext" encryption. It goes through - * the notions of the CryptoAlgorithm interface but actually does - * nothing. It can be used as a replacement for the "encrypt = no" - * setting in TurbineResources. + * This is a dummy for "cleartext" encryption. It goes through the notions of + * the CryptoAlgorithm interface but actually does nothing. It can be used as a + * replacement for the "encrypt = no" setting in TurbineResources. * * Can be used as the default crypto algorithm * @@ -35,60 +32,44 @@ import org.apache.fulcrum.crypto.CryptoA * @version $Id$ */ -public class ClearCrypt - implements CryptoAlgorithm -{ - /** - * C'tor - * - */ - - public ClearCrypt() - { - } - - /** - * This class never uses an algorithm, so this is - * just a dummy. - * - * @param cipher Cipher (ignored) - */ - - public void setCipher(String cipher) - { - /* dummy */ - } - - /** - * This class never uses a seed, so this is - * just a dummy. - * - * @param seed Seed (ignored) - */ - - public void setSeed(String seed) - { - /* dummy */ - } - - /** - * encrypt the supplied string with the requested cipher - * - * @param value The value to be encrypted - * - * @return The encrypted value - * - * @throws Exception An Exception of the underlying implementation. - * - */ - - public String encrypt(String value) - throws Exception - { - /* - * Ultra-clever implementation. ;-) - */ +public class ClearCrypt implements CryptoAlgorithm { + + /** + * Constructor + */ + public ClearCrypt() { + } + + /** + * This class never uses an algorithm, so this is just a dummy. + * + * @param cipher Cipher (ignored) + */ + public void setCipher(String cipher) { + /* dummy */ + } + + /** + * This class never uses a seed, so this is just a dummy. + * + * @param seed Seed (ignored) + */ + public void setSeed(String seed) { + /* dummy */ + } + + /** + * encrypt the supplied string with the requested cipher + * + * @param value The value to be encrypted + * @return The encrypted value + * @throws Exception An Exception of the underlying implementation. + */ + public String encrypt(String value) throws Exception { + /* + * Ultra-clever implementation. ;-) + */ - return value; - } + return value; + } } Modified: turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/JavaCrypt.java URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/JavaCrypt.java?rev=1849182&r1=1849181&r2=1849182&view=diff ============================================================================== --- turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/JavaCrypt.java (original) +++ turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/JavaCrypt.java Tue Dec 18 15:27:13 2018 @@ -1,6 +1,5 @@ package org.apache.fulcrum.crypto.provider; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -20,23 +19,22 @@ package org.apache.fulcrum.crypto.provid * under the License. */ - import java.security.MessageDigest; +import org.apache.commons.codec.binary.Base64; import org.apache.fulcrum.crypto.CryptoAlgorithm; -import org.apache.fulcrum.crypto.impl.Base64; /** - * Implements the normal java.security.MessageDigest stream cipers. - * Base64 strings returned by this provider are correctly padded to - * multiples of four bytes. If you run into interoperability problems - * with other languages, especially perl and the Digest::MD5 module, - * note that the md5_base64 function from this package incorrectly drops - * the pad bytes. Use the MIME::Base64 package instead. + * Implements the normal java.security.MessageDigest stream cipers. Base64 + * strings returned by this provider are correctly padded to multiples of four + * bytes. If you run into interoperability problems with other languages, + * especially perl and the Digest::MD5 module, note that the md5_base64 function + * from this package incorrectly drops the pad bytes. Use the MIME::Base64 + * package instead. * - * If you upgrade from Turbine 2.1 and suddently your old stored passwords - * no longer work, please take a look at the OldJavaCrypt provider for - * bug-to-bug compatibility. + * If you upgrade from Turbine 2.1 and suddently your old stored passwords no + * longer work, please take a look at the OldJavaCrypt provider for bug-to-bug + * compatibility. * * This provider can be used as the default crypto algorithm provider. * @@ -44,79 +42,62 @@ import org.apache.fulcrum.crypto.impl.Ba * @version $Id$ */ -public class JavaCrypt - implements CryptoAlgorithm -{ - - /** The default cipher */ - public static final String DEFAULT_CIPHER = "SHA"; - - /** The cipher to use for encryption */ - private String cipher = null; - - - /** - * C'tor - * - */ - - public JavaCrypt() - { - this.cipher = DEFAULT_CIPHER; - } - - /** - * Setting the actual cipher requested. If not - * called, then the default cipher (SHA) is used. - * - * This will never throw an error even if there is no - * provider for this cipher. The error will be thrown - * by encrypt() (Fixme?) - * - * @param cipher The cipher to use. - * - */ - - public void setCipher(String cipher) - { - this.cipher = cipher; - } - - /** - * This class never uses a seed, so this is - * just a dummy. - * - * @param seed Seed (ignored) - * - */ - - public void setSeed(String seed) - { - /* dummy */ - } - - /** - * encrypt the supplied string with the requested cipher - * - * @param value The value to be encrypted - * - * @return The encrypted value - * - * @throws Exception An Exception of the underlying implementation. - */ - - public String encrypt(String value) - throws Exception - { - MessageDigest md = MessageDigest.getInstance(cipher); - - // We need to use unicode here, to be independent of platform's - // default encoding. Thanks to SGawin for spotting this. - byte[] digest = md.digest(value.getBytes("UTF-8")); - - // Base64-encode the digest. - byte[] encodedDigest = Base64.encodeBase64(digest); - return (encodedDigest == null ? null : - new String(encodedDigest)); - } +public class JavaCrypt implements CryptoAlgorithm { + + /** The default cipher */ + public static final String DEFAULT_CIPHER = "SHA"; + + /** The cipher to use for encryption */ + private String cipher = null; + + /** + * Constructo + * + */ + public JavaCrypt() { + this.cipher = DEFAULT_CIPHER; + } + + /** + * Setting the actual cipher requested. If not called, then the default cipher + * (SHA) is used. + * + * This will never throw an error even if there is no provider for this cipher. + * The error will be thrown by encrypt() (Fixme?) + * + * @param cipher The cipher to use. + * + */ + public void setCipher(String cipher) { + this.cipher = cipher; + } + + /** + * This class never uses a seed, so this is just a dummy. + * + * @param seed Seed (ignored) + * + */ + public void setSeed(String seed) { + /* dummy */ + } + + /** + * encrypt the supplied string with the requested cipher + * + * @param value The value to be encrypted + * @return The encrypted value + * @throws Exception An Exception of the underlying implementation. + */ + public String encrypt(String value) throws Exception { + MessageDigest md = MessageDigest.getInstance(cipher); + + // We need to use unicode here, to be independent of platform's + // default encoding. Thanks to SGawin for spotting this. + byte[] digest = md.digest(value.getBytes("UTF-8")); + + // Base64-encode the digest. + byte[] encodedDigest = Base64.encodeBase64(digest); + return (encodedDigest == null ? null : new String(encodedDigest, "UTF-8")); + } } Modified: turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/OldJavaCrypt.java URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/OldJavaCrypt.java?rev=1849182&r1=1849181&r2=1849182&view=diff ============================================================================== --- turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/OldJavaCrypt.java (original) +++ turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/OldJavaCrypt.java Tue Dec 18 15:27:13 2018 @@ -1,6 +1,5 @@ package org.apache.fulcrum.crypto.provider; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -20,21 +19,20 @@ package org.apache.fulcrum.crypto.provid * under the License. */ - import java.security.MessageDigest; +import org.apache.commons.codec.binary.Base64; import org.apache.fulcrum.crypto.CryptoAlgorithm; -import org.apache.fulcrum.crypto.impl.Base64; /** - * This is the Message Digest Implementation of Turbine 2.1. It does - * not pad the Base64 encryption of the Message Digests correctly but - * truncates after 20 chars. This leads to interoperability problems - * if you want to use e.g. database columns between two languages. - * - * If you upgrade an application from Turbine 2.1 and have already used - * the Security Service with encrypted passwords and no way to rebuild - * your databases, use this provider. It is bug-compatible. + * This is the Message Digest Implementation of Turbine 2.1. It does not pad the + * Base64 encryption of the Message Digests correctly but truncates after 20 + * chars. This leads to interoperability problems if you want to use e.g. + * database columns between two languages. + * + * If you upgrade an application from Turbine 2.1 and have already used the + * Security Service with encrypted passwords and no way to rebuild your + * databases, use this provider. It is bug-compatible. * * DO NOT USE THIS PROVIDER FOR ANY NEW APPLICATION! * @@ -44,82 +42,61 @@ import org.apache.fulcrum.crypto.impl.Ba * @version $Id$ */ -public class OldJavaCrypt - implements CryptoAlgorithm -{ - - /** The default cipher */ - public static final String DEFAULT_CIPHER = "SHA"; - - /** The cipher to use for encryption */ - private String cipher = null; - - - /** - * C'tor - * - */ - - public OldJavaCrypt() - { - this.cipher = DEFAULT_CIPHER; - } - - /** - * Setting the actual cipher requested. If not - * called, then the default cipher (SHA) is used. - * - * This will never throw an error even if there is no - * provider for this cipher. The error will be thrown - * by encrypt() (Fixme?) - * - * @param cipher The cipher to use. - * - */ - - public void setCipher(String cipher) - { - this.cipher = cipher; - } - - /** - * This class never uses a seed, so this is - * just a dummy. - * - * @param seed Seed (ignored) - * - */ - - public void setSeed(String seed) - { - /* dummy */ - } - - /** - * encrypt the supplied string with the requested cipher - * - * @param value The value to be encrypted - * - * @return The encrypted value - * - * @throws Exception An Exception of the underlying implementation. - */ - - public String encrypt(String value) - throws Exception - { - MessageDigest md = MessageDigest.getInstance(cipher); - - // We need to use unicode here, to be independent of platform's - // default encoding. Thanks to SGawin for spotting this. - - byte[] digest = md.digest(value.getBytes("UTF-8")); - byte[] base64 = Base64.encodeBase64(digest); - // from MD5 the digest has 16 bytes but for SHA1 it contains 20 bytes - // depending on the digest lenght the result is truncated - int len = (digest.length == 16 ? 20 : 24 ); - byte[] result = new byte[len]; - System.arraycopy(base64, 0, result, 0, result.length); - return new String(result); - } +public class OldJavaCrypt implements CryptoAlgorithm { + + /** The default cipher */ + public static final String DEFAULT_CIPHER = "SHA"; + + /** The cipher to use for encryption */ + private String cipher = null; + + /** + * Constructor + */ + public OldJavaCrypt() { + this.cipher = DEFAULT_CIPHER; + } + + /** + * Setting the actual cipher requested. If not called, then the default cipher + * (SHA) is used. + * + * This will never throw an error even if there is no provider for this cipher. + * The error will be thrown by encrypt() (Fixme?) + * + * @param cipher The cipher to use. + * + */ + public void setCipher(String cipher) { + this.cipher = cipher; + } + + /** + * This class never uses a seed, so this is just a dummy. + * + * @param seed Seed (ignored) + * + */ + public void setSeed(String seed) { + /* dummy */ + } + + /** + * encrypt the supplied string with the requested cipher + * + * @param value The value to be encrypted + * @return The encrypted value + * @throws Exception An Exception of the underlying implementation. + */ + public String encrypt(String value) throws Exception { + MessageDigest md = MessageDigest.getInstance(cipher); + byte[] digest = md.digest(value.getBytes("UTF-8")); + byte[] base64 = Base64.encodeBase64(digest); + // from MD5 the digest has 16 bytes but for SHA1 it contains 20 bytes + // depending on the digest lenght the result is truncated + int len = (digest.length == 16 ? 20 : 24); + byte[] result = new byte[len]; + System.arraycopy(base64, 0, result, 0, result.length); + return new String(result, "UTF-8"); + } } Modified: turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/UnixCrypt.java URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/UnixCrypt.java?rev=1849182&r1=1849181&r2=1849182&view=diff ============================================================================== --- turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/UnixCrypt.java (original) +++ turbine/fulcrum/trunk/crypto/src/java/org/apache/fulcrum/crypto/provider/UnixCrypt.java Tue Dec 18 15:27:13 2018 @@ -19,9 +19,7 @@ package org.apache.fulcrum.crypto.provid * under the License. */ - import org.apache.fulcrum.crypto.CryptoAlgorithm; - import java.util.Random; /** @@ -31,78 +29,60 @@ import java.util.Random; * @version $Id$ */ -public class UnixCrypt - implements CryptoAlgorithm -{ - - /** The seed to use */ - private String seed = null; - - /** standard Unix crypt chars (64) */ - private static final char[] SALT_CHARS = - (("abcdefghijklmnopqrstuvwxyz" + - "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./").toCharArray()); - - - /** - * C'tor - * - */ - - public UnixCrypt() - { - } - - /** - * This class never uses anything but - * UnixCrypt, so it is just a dummy - * (Fixme: Should we throw an exception if - * something is requested that we don't support? - * - * @param cipher Cipher (ignored) - */ - - public void setCipher(String cipher) - { - /* dummy */ - } - - /** - * Setting the seed for the UnixCrypt - * algorithm. If a null value is supplied, - * or no seed is set, then a random seed is used. - * - * @param seed The seed value to use. - */ - - public void setSeed(String seed) - { - this.seed = seed; - } - - /** - * encrypt the supplied string with the requested cipher - * - * @param value The value to be encrypted - * @return The encrypted value - * @throws Exception An Exception of the underlying implementation. - */ - public String encrypt(String value) - throws Exception - { - if (seed == null) - { - Random randomGenerator = new java.util.Random(); - int numSaltChars = SALT_CHARS.length; - - seed = (new StringBuilder()) - .append(SALT_CHARS[Math.abs(randomGenerator.nextInt() - % numSaltChars)]) - .append(SALT_CHARS[Math.abs(randomGenerator.nextInt() - % numSaltChars)]) - .toString(); - } +public class UnixCrypt implements CryptoAlgorithm { + + /** The seed to use */ + private String seed = null; - return org.apache.fulcrum.crypto.impl.UnixCrypt.crypt(seed, value); - } + /** standard Unix crypt chars (64) */ + private static final char[] SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./" + .toCharArray(); + + /** + * Constructor + */ + public UnixCrypt() { + } + + /** + * This class never uses anything but UnixCrypt, so it is just a dummy (Fixme: + * Should we throw an exception if something is requested that we don't support? + * + * @param cipher Cipher (ignored) + */ + public void setCipher(String cipher) { + /* dummy */ + } + + /** + * Setting the seed for the UnixCrypt algorithm. If a null value is supplied, or + * no seed is set, then a random seed is used. + * + * @param seed The seed value to use. + */ + public void setSeed(String seed) { + this.seed = seed; + } + + /** + * encrypt the supplied string with the requested cipher + * + * @param value The value to be encrypted + * @return The encrypted value + * @throws Exception An Exception of the underlying implementation. + */ + public String encrypt(String value) throws Exception { + + if (seed == null) { + Random randomGenerator = new Random(); + int numSaltChars = SALT_CHARS.length; + StringBuilder sb = new StringBuilder(); + sb.append(SALT_CHARS[Math.abs(randomGenerator.nextInt() % numSaltChars)]) + .append(SALT_CHARS[Math.abs(randomGenerator.nextInt() % numSaltChars)]).toString(); + seed = sb.toString(); + } + + // use commons-codec to do the encryption + return org.apache.commons.codec.digest.UnixCrypt.crypt(value, seed); + } } Modified: turbine/fulcrum/trunk/crypto/xdocs/changes.xml URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/xdocs/changes.xml?rev=1849182&r1=1849181&r2=1849182&view=diff ============================================================================== --- turbine/fulcrum/trunk/crypto/xdocs/changes.xml (original) +++ turbine/fulcrum/trunk/crypto/xdocs/changes.xml Tue Dec 18 15:27:13 2018 @@ -25,6 +25,18 @@ <body> <release version="1.0.8-SNAPSHOT" date="as in SVN"> + <action dev="painter" type="update"> + Use commons-codec for basic encryption algorithms + </action> + <action dev="painter" type="update"> + PMD report cleanup + </action> + <action dev="painter" type="update"> + Update to yaafi 1.0.8 + </action> + <action dev="painter" type="update"> + Derive from Turbine parent POM 5 + </action> </release> <release version="1.0.7" date="2009-09-10"> <action dev="sgoeschl" type="update">