Java > Open Source Codes > net > myvietnam > mvncore > security > Encoder


1 /*
2  * $Header: /cvsroot/mvnforum/myvietnam/src/net/myvietnam/mvncore/security/Encoder.java,v 1.20 2006/04/15 02:59:19 minhnn Exp $
3  * $Author: minhnn $
4  * $Revision: 1.20 $
5  * $Date: 2006/04/15 02:59:19 $
6  *
7  * ====================================================================
8  *
9  * Copyright (C) 2002-2006 by MyVietnam.net
10  *
11  * All copyright notices regarding MyVietnam and MyVietnam CoreLib
12  * MUST remain intact in the scripts and source code.
13  *
14  * This library is free software; you can redistribute it and/or
15  * modify it under the terms of the GNU Lesser General Public
16  * License as published by the Free Software Foundation; either
17  * version 2.1 of the License, or (at your option) any later version.
18  *
19  * This library is distributed in the hope that it will be useful,
20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22  * Lesser General Public License for more details.
23  *
24  * You should have received a copy of the GNU Lesser General Public
25  * License along with this library; if not, write to the Free Software
26  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
27  *
28  * Correspondence and Marketing Questions can be sent to:
29  * info at MyVietnam net
30  *
31  * @author: Minh Nguyen
32  * @author: Mai Nguyen
33  */
34 package net.myvietnam.mvncore.security;
35
36 import java.lang.reflect.Method ;
37 import java.net.URLDecoder ;
38 import java.net.URLEncoder ;
39 import java.security.MessageDigest ;
40
41 import net.myvietnam.mvncore.misc.Base64;
42 import net.myvietnam.mvncore.util.MailUtil;
43 import org.apache.commons.logging.Log;
44 import org.apache.commons.logging.LogFactory;
45
46 public class Encoder {
47
48     private static Log log = LogFactory.getLog(Encoder.class);
49
50     // Please note that 2 below methods are used in #getMD5_Base64 only
51 // use them in other methods will make it not thread-safe
52 private static MessageDigest digest = null;
53     private static boolean isInited = false;
54
55     private static Method encodeMethod1_4 = null;
56     private static Method decodeMethod1_4 = null;
57
58     // URLEncoder.encode(String) has been deprecated in J2SE 1.4.
59 // Take advantage of the new method URLEncoder.encode(String, enc)
60 // if J2SE 1.4 is used.
61 static {
62         try {
63             Class urlEncoderClass = Class.forName("java.net.URLEncoder");
64             encodeMethod1_4 = urlEncoderClass.getMethod("encode",
65                     new Class [] {String .class, String .class});
66         } catch (Exception ex) {} // encodeMethod1_4 will be null if exception
67
68         try {
69             Class urlDecoderClass = Class.forName("java.net.URLDecoder");
70             decodeMethod1_4 = urlDecoderClass.getMethod("decode",
71                     new Class [] {String .class, String .class});
72         } catch (Exception ex) {} // decodeMethod1_4 will be null if exception
73 }
74
75     private Encoder() {
76     }
77
78     /**
79      * This method return a String that has been encrypted as MD5 and then escaped using Base64.<p>
80      * This method should be used to encrypt all password for maximum security.
81      * @param input String the string that need encrypted
82      * @return String the string after encrypted
83      */
84     public static synchronized String getMD5_Base64(String input) {
85         // please note that we dont use digest, because if we
86 // cannot get digest, then the second time we have to call it
87 // again, which will fail again
88 if (isInited == false) {
89             isInited = true;
90             try {
91                 digest = MessageDigest.getInstance("MD5");
92             } catch (Exception ex) {
93                 log.fatal("Cannot get MessageDigest. Application may fail to run correctly.", ex);
94             }
95         }
96         if (digest == null) return input;
97
98         // now everything is ok, go ahead
99 try {
100             digest.update(input.getBytes("UTF-8"));
101         } catch (java.io.UnsupportedEncodingException ex) {
102             log.error("Assertion: This should never occur.");
103         }
104         byte[] rawData = digest.digest();
105         byte[] encoded = Base64.encode(rawData);
106         String retValue = new String (encoded);
107         return retValue;
108     }
109
110     /**
111      * This method just call URLEncoder.encode() so we can get rid of
112      * the deprecation warning from using URLEncoder.encode() directly.
113      * @param input String
114      * @return String
115      */
116     public static String encodeURL(String input) {
117         if (encodeMethod1_4 != null) {
118             Object [] methodArgsName = new Object [2];
119             methodArgsName[0] = input;
120             methodArgsName[1] = "UTF-8";
121
122             try {
123                 return (String )encodeMethod1_4.invoke(null, methodArgsName);
124             } catch (Exception ex) {
125                 throw new RuntimeException ("System error invoking URLEncoder.encode() by reflection.");
126             }
127         } else {
128             // must use J2SE 1.3 version
129
130             // The following line will cause a warning if compile with jdk1.4
131 // However, we cannot use the new method String encode(String s, String enc)
132 // in jdk1.4, because it wont be compiled with jdk1.3
133 // Currently, there is no way to get rid of this wanring
134 return URLEncoder.encode(input);
135         }
136     }
137
138     /**
139      * This method just call URLDecoder.decode() so we can get rid of
140      * the deprecation warning from using URLDecoder.encode() directly.
141      * @param input String
142      * @return String
143      */
144     public static String decodeURL(String input) {
145         if (decodeMethod1_4 != null) {
146             Object [] methodArgsName = new Object [2];
147             methodArgsName[0] = input;
148             methodArgsName[1] = "UTF-8";
149
150             try {
151                 return (String )decodeMethod1_4.invoke(null, methodArgsName);
152             } catch (Exception ex) {
153                 throw new RuntimeException ("System error invoking URLDecoder.decode() by reflection.");
154             }
155         } else {
156             // must use J2SE 1.3 version
157
158             // The following line will cause a warning if compile with jdk1.4
159 // However, we cannot use the new method String decode(String s, String enc)
160 // in jdk1.4, because it wont be compiled with jdk1.3
161 // Currently, there is no way to get rid of this wanring
162 return URLDecoder.decode(input);
163         }
164     }
165
166     /**
167      * Filter a url to make it safe, this method is used in class URLFilter
168      * @param url String a url to be filtered
169      * @return String a url that has been filtered
170      */
171     public static String filterUrl(String url) {
172         String lowerUrl = url.toLowerCase();
173         if ( (lowerUrl.indexOf("javascript:") >= 0) ||
174              lowerUrl.indexOf("file:") >= 0) {
175             return "";
176         }
177
178         String protocol = "http://";//default protocol
179 String name = null;
180         if (url.startsWith("http://")) {
181             protocol = "http://";
182             name = url.substring(protocol.length());// must duplicate it because of the default protocol
183 } else if (url.startsWith("https://")) {
184             protocol = "https://";
185             name = url.substring(protocol.length());// must duplicate it because of the default protocol
186 } else if (url.startsWith("ftp://")) {
187             protocol = "ftp://";
188             name = url.substring(protocol.length());// must duplicate it because of the default protocol
189 } else if (url.startsWith("mailto:")) {
190             protocol = "mailto:";
191             name = url.substring(protocol.length());// must duplicate it because of the default protocol
192 } else {
193             name = url;
194         }
195         String ret;
196         if (protocol.equals("mailto:")) {
197             try {
198                 MailUtil.checkGoodEmail(name);
199                 ret = protocol + name;
200             } catch (Exception ex) {
201                 ret = "";
202             }
203         } else {
204             ret = protocol + encodePath(name);
205         }
206         return ret;
207     }
208
209     /**
210      *
211      * @param path the path, something like this localhost:8080/image/index.html
212      * @return the path after being encoded
213      */
214     public static String encodePath(String path) {
215         path = removeInvalidUserInURL(path);
216         return path;
217         /*
218         String ret = "";
219         int indexFirstSlash = path.indexOf('/');
220         if ( indexFirstSlash != -1 ) {
221             String hostport = path.substring(0, indexFirstSlash);
222             int indexFirstColon = hostport.indexOf(':');
223             if (indexFirstColon != -1) {
224                 String host = hostport.substring(0, indexFirstColon);
225                 String port = hostport.substring(indexFirstColon + 1);
226                 hostport = Encoder.encodeURL(host) + ":" + Encoder.encodeURL(port);
227             } else {
228                 hostport = Encoder.encodeURL(hostport);
229             }
230             String filename = path.substring(indexFirstSlash + 1);
231             filename = Encoder.encodeURL(filename);
232             ret = hostport + "/" + filename;
233         } else {
234             ret = Encoder.encodeURL(path);
235         }
236         return ret;
237         */
238     }
239
240     /**
241      * This method is used to fix IE spoof url bug:
242      * http://originalsite.com % 0 0 @ www.badsite.com
243      * <p>(remove the space above, I added spaces because
244      * McAfee conplain that it is a trojan)
245      * @param path String
246      * @return String
247      */
248     private static String removeInvalidUserInURL(String path) {
249         // atIndex is the RIGHT most of @
250 int atIndex = path.lastIndexOf('@');
251         if (atIndex != -1) {
252             // has the user info part
253 // percentIndex is the LEFT most of %
254 int pecentIndex = path.indexOf('%');
255             if ((pecentIndex != -1) && (pecentIndex < atIndex)) {
256                 // user info part has % in it, very likely a spoof url
257 return path.substring(atIndex + 1);// get the char right after @
258 }
259         }
260         return path;
261     }
262     /*
263     public static void main(String[] args) {
264         //test data should be
265         //a1 iou3zTQ6oq2Zt9diAwhXog==
266         //Hello World sQqNsWTgdUEFt6mb5y4/5Q==
267
268         //String testString = "a1";
269         //String encrypted = getMD5_Base64(testString);
270         //System.out.println("encrypted = " + encrypted);
271         //System.out.println("length = " + encrypted.length());
272
273
274        //String encodeString = "Di?n ?àn";//Die^~n d-a`n
275        //JDK 1.3 result : Di%3Fn+%3F%E0n
276        //JDK 1.4 result : Di%E1%BB%85n+%C4%91%C3%A0n
277        //System.out.println("encodeURL input '" + encodeString + "' output '" + encodeURL(encodeString) + "'");
278
279        //String decodeString = "Di%E1%BB%85n+%C4%91%C3%A0n";//encoded of "Die^~n d-a`n"
280        //System.out.println("decodeURL input '" + decodeString + "' output '" + decodeURL(decodeString) + "'");
281     }*/
282 }
283

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags