001    package org.apache.fulcrum.crypto.provider;
002    
003    
004    /*
005     * Licensed to the Apache Software Foundation (ASF) under one
006     * or more contributor license agreements.  See the NOTICE file
007     * distributed with this work for additional information
008     * regarding copyright ownership.  The ASF licenses this file
009     * to you under the Apache License, Version 2.0 (the
010     * "License"); you may not use this file except in compliance
011     * with the License.  You may obtain a copy of the License at
012     *
013     *   http://www.apache.org/licenses/LICENSE-2.0
014     *
015     * Unless required by applicable law or agreed to in writing,
016     * software distributed under the License is distributed on an
017     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018     * KIND, either express or implied.  See the License for the
019     * specific language governing permissions and limitations
020     * under the License.
021     */
022    
023    
024    import java.security.MessageDigest;
025    
026    import org.apache.fulcrum.crypto.CryptoAlgorithm;
027    import org.apache.fulcrum.crypto.impl.Base64;
028    
029    /**
030     * This is the Message Digest Implementation of Turbine 2.1. It does
031     * not pad the Base64 encryption of the Message Digests correctly but
032     * truncates after 20 chars. This leads to interoperability problems
033     * if you want to use e.g. database columns between two languages.
034     *
035     * If you upgrade an application from Turbine 2.1 and have already used
036     * the Security Service with encrypted passwords and no way to rebuild
037     * your databases, use this provider. It is bug-compatible.
038     *
039     * DO NOT USE THIS PROVIDER FOR ANY NEW APPLICATION!
040     *
041     * Nevertheless it can be used as the default crypto algorithm .
042     *
043     * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
044     * @version $Id: OldJavaCrypt.java 581797 2007-10-04 08:26:18Z sgoeschl $
045     */
046    
047    public class OldJavaCrypt
048        implements CryptoAlgorithm
049    {
050    
051        /** The default cipher */
052        public static final String DEFAULT_CIPHER = "SHA";
053    
054        /** The cipher to use for encryption */
055        private String cipher = null;
056    
057    
058        /**
059         * C'tor
060         *
061         */
062    
063        public OldJavaCrypt()
064        {
065            this.cipher = DEFAULT_CIPHER;
066        }
067    
068        /**
069         * Setting the actual cipher requested. If not
070         * called, then the default cipher (SHA) is used.
071         *
072         * This will never throw an error even if there is no
073         * provider for this cipher. The error will be thrown
074         * by encrypt() (Fixme?)
075         *
076         * @param cipher     The cipher to use.
077         *
078         */
079    
080        public void setCipher(String cipher)
081        {
082            this.cipher = cipher;
083        }
084    
085        /**
086         * This class never uses a seed, so this is
087         * just a dummy.
088         *
089         * @param seed        Seed (ignored)
090         *
091         */
092    
093        public void setSeed(String seed)
094        {
095            /* dummy */
096        }
097    
098        /**
099         * encrypt the supplied string with the requested cipher
100         *
101         * @param value       The value to be encrypted
102         *
103         * @return The encrypted value
104         *
105         * @throws Exception An Exception of the underlying implementation.
106         */
107    
108        public String encrypt(String value)
109            throws Exception
110        {
111            MessageDigest md = MessageDigest.getInstance(cipher);
112    
113            // We need to use unicode here, to be independent of platform's
114            // default encoding. Thanks to SGawin for spotting this.
115    
116            byte[] digest = md.digest(value.getBytes("UTF-8"));
117            byte[] base64 = Base64.encodeBase64(digest);
118            // from MD5 the digest has 16 bytes but for SHA1 it contains 20 bytes
119            // depending on the digest lenght the result is truncated
120            int len = (digest.length == 16 ? 20 : 24 );
121            byte[] result = new byte[len];
122            System.arraycopy(base64, 0, result, 0, result.length);
123            return new String(result);
124        }
125    }