private String stripFormData(String data, MediaType type, boolean cipher) {
if (data.endsWith("=") && !type.equals(MediaType.TEXT_PLAIN)) {
try {
data = URLDecoder.decode(data, "UTF-8");
if (cipher) {
data = data.replace(" ", "+");
}
} catch (UnsupportedEncodingException e) {
// Really?
}
String candidate = data.substring(0, data.length() - 1);
if (cipher) {
if (data.endsWith("=")) {
if (data.length() / 2 != (data.length() + 1) / 2) {
try {
Hex.decode(candidate);
return candidate;
} catch (IllegalArgumentException e) {
if (Base64.isBase64(data.getBytes())) {
return data;
}
}
}
}
return data;
}
// User posted data with content type form but meant it to be text/plain
data = candidate;
}
return data;
}
private String encode(CharSequence rawPassword, String salt) {
byte[] input = Utf8.encode(salt + rawPassword);
byte[] digest = messageDigest.digest(input);
return messageDigest.getAlgorithm().toLowerCase()
+ "$"
+ salt
+ "$"
+ new String(Hex.encode(digest));
}
public AesBytesEncryptor(
String password, CharSequence salt, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), Hex.decode(salt), 1024, 256);
SecretKey secretKey = newSecretKey("PBKDF2WithHmacSHA1", keySpec);
this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES");
this.alg = alg;
this.encryptor = alg.createCipher();
this.decryptor = alg.createCipher();
this.ivGenerator = ivGenerator != null ? ivGenerator : alg.defaultIvGenerator();
}
@Override
public String encode(CharSequence paramCharSequence) {
MessageDigest md;
try {
md = MessageDigest.getInstance("SHA-256");
md.update(paramCharSequence.toString().getBytes("UTF-8"));
byte[] digest = md.digest();
return new String(Hex.encode(digest));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return null;
}
public String computeSignature(UserDetails userDetails, long expires) {
StringBuilder signatureBuilder = new StringBuilder();
signatureBuilder.append(userDetails.getUsername()).append(":");
signatureBuilder.append(expires).append(":");
signatureBuilder.append(userDetails.getPassword()).append(":");
signatureBuilder.append(secretKey);
MessageDigest digest;
try {
digest = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("No MD5 algorithm available!");
}
return new String(Hex.encode(digest.digest(signatureBuilder.toString().getBytes())));
}
private UaaUser createDummyUser() {
// Create random unguessable password
SecureRandom random = new SecureRandom();
byte[] passBytes = new byte[16];
random.nextBytes(passBytes);
String password = encoder.encode(new String(Hex.encode(passBytes)));
// Unique ID which isn't in the database
final String id = UUID.randomUUID().toString();
return new UaaUser("dummy_user", password, "dummy_user", "dummy", "dummy") {
public final String getId() {
return id;
}
public final List<? extends GrantedAuthority> getAuthorities() {
throw new IllegalStateException();
}
};
}
