private String stripFormData(String data, MediaType type, boolean cipher) {

    if (data.endsWith("=") && !type.equals(MediaType.TEXT_PLAIN)) {
      try {
        data = URLDecoder.decode(data, "UTF-8");
        if (cipher) {
          data = data.replace(" ", "+");
        }
      } catch (UnsupportedEncodingException e) {
        // Really?
      }
      String candidate = data.substring(0, data.length() - 1);
      if (cipher) {
        if (data.endsWith("=")) {
          if (data.length() / 2 != (data.length() + 1) / 2) {
            try {
              Hex.decode(candidate);
              return candidate;
            } catch (IllegalArgumentException e) {
              if (Base64.isBase64(data.getBytes())) {
                return data;
              }
            }
          }
        }
        return data;
      }
      // User posted data with content type form but meant it to be text/plain
      data = candidate;
    }

    return data;
  }
Exemplo n.º 2
0
 private String encode(CharSequence rawPassword, String salt) {
   byte[] input = Utf8.encode(salt + rawPassword);
   byte[] digest = messageDigest.digest(input);
   return messageDigest.getAlgorithm().toLowerCase()
       + "$"
       + salt
       + "$"
       + new String(Hex.encode(digest));
 }
 public AesBytesEncryptor(
     String password, CharSequence salt, BytesKeyGenerator ivGenerator, CipherAlgorithm alg) {
   PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), Hex.decode(salt), 1024, 256);
   SecretKey secretKey = newSecretKey("PBKDF2WithHmacSHA1", keySpec);
   this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES");
   this.alg = alg;
   this.encryptor = alg.createCipher();
   this.decryptor = alg.createCipher();
   this.ivGenerator = ivGenerator != null ? ivGenerator : alg.defaultIvGenerator();
 }
 @Override
 public String encode(CharSequence paramCharSequence) {
   MessageDigest md;
   try {
     md = MessageDigest.getInstance("SHA-256");
     md.update(paramCharSequence.toString().getBytes("UTF-8"));
     byte[] digest = md.digest();
     return new String(Hex.encode(digest));
   } catch (NoSuchAlgorithmException e) {
     e.printStackTrace();
   } catch (UnsupportedEncodingException e) {
     e.printStackTrace();
   }
   return null;
 }
Exemplo n.º 5
0
  public String computeSignature(UserDetails userDetails, long expires) {
    StringBuilder signatureBuilder = new StringBuilder();
    signatureBuilder.append(userDetails.getUsername()).append(":");
    signatureBuilder.append(expires).append(":");
    signatureBuilder.append(userDetails.getPassword()).append(":");
    signatureBuilder.append(secretKey);

    MessageDigest digest;
    try {
      digest = MessageDigest.getInstance("MD5");
    } catch (NoSuchAlgorithmException e) {
      throw new IllegalStateException("No MD5 algorithm available!");
    }
    return new String(Hex.encode(digest.digest(signatureBuilder.toString().getBytes())));
  }
Exemplo n.º 6
0
  private UaaUser createDummyUser() {
    // Create random unguessable password
    SecureRandom random = new SecureRandom();
    byte[] passBytes = new byte[16];
    random.nextBytes(passBytes);
    String password = encoder.encode(new String(Hex.encode(passBytes)));
    // Unique ID which isn't in the database
    final String id = UUID.randomUUID().toString();

    return new UaaUser("dummy_user", password, "dummy_user", "dummy", "dummy") {
      public final String getId() {
        return id;
      }

      public final List<? extends GrantedAuthority> getAuthorities() {
        throw new IllegalStateException();
      }
    };
  }