KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > gcc > rmi > iiop > SecurityInfo


1 /*
2  * Copyright 2004 The Apache Software Foundation or its licensors, as
3  * applicable.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
14  * implied.
15  *
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package gcc.rmi.iiop;
20
21 import gcc.util.*;
22 import java.util.*;
23
24 public class SecurityInfo
25 {
26     // public data
27
28     public static final int TAG_USERNAME = BigEndian.getInt(new byte[]
29     {
30         (byte)'U', (byte)'S', (byte)'E', (byte)'R'
31     }
32     );
33
34     public static final int TAG_PASSWORD = BigEndian.getInt(new byte[]
35     {
36         (byte)'P', (byte)'A', (byte)'S', (byte)'S'
37     }
38     );
39
40     public static Random _seedFactory = new Random();
41
42     public String username;
43
44     public String password;
45
46     // private data
47
48     private static ThreadLocal _current = new ThreadLocal();
49
50     public static SecurityInfo getCurrent()
51     {
52         return (SecurityInfo)_current.get();
53     }
54
55     public static void setCurrent(SecurityInfo info)
56     {
57         _current.set(info);
58     }
59
60     // TODO: delegate to use DataProtection class
61
62     /**
63      ** Encode a username or password to prevent accidental disclosure
64      ** by packet sniffers etc. The intention is not to provide strong
65      ** encryption, SSL should be used for that.
66      **
67      ** Note: this algorithm is not to be changed, or it will cause
68      ** version incompatibilites between client and server. See also
69      ** similar requirements in Random.java.
70      **/
71     public static byte[] encode(String plainText)
72     {
73         int seed = _seedFactory.nextInt(); // data race, but we don't care
74 Random random = new Random(seed);
75         byte[] utf8 = UTF8.fromString(plainText);
76         int n = utf8.length;
77         int pad = 0;
78         // Try to mask password length by padding to 4 byte boundaries.
79 while ((1 + n + pad) % 4 != 0)
80         {
81             pad++;
82         }
83         byte[] data = new byte[6 + n + pad];
84         data[0] = (byte)'E'; // Can be overwritten by caller after return.
85 BigEndian.setInt(data, 1, seed);
86         data[5] = (byte)(pad + random.nextInt());
87         for (int i = 0; i < n + pad; i++)
88         {
89             if (i < n)
90             {
91                 data[6 + i] = (byte)(utf8[i] + random.nextInt());
92             }
93             else
94             {
95                 data[6 + i] = (byte)random.nextInt(); // random padding.
96 }
97         }
98         return data;
99     }
100
101     /**
102      ** Inverse of encode.
103      **/
104     public static String decode(byte[] data)
105     {
106         int n = data.length - 6;
107         if (n < 0)
108         {
109             throw new IllegalArgumentException("data.length = " + data.length);
110         }
111         int seed = BigEndian.getInt(data, 1);
112         Random random = new Random(seed);
113         int pad = ((data[5] - random.nextInt()) + 0x100) & 0xff;
114         if (pad < 0 || pad > 3)
115         {
116             throw new IllegalArgumentException("pad = " + pad);
117         }
118         n -= pad;
119         byte[] utf8 = new byte[n];
120         for (int i = 0; i < n; i++)
121         {
122             utf8[i] = (byte)(data[i + 6] - random.nextInt());
123         }
124         String plainText = UTF8.toString(utf8);
125         return plainText;
126     }
127 }
128
Popular Tags