KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > interop > rmi > iiop > SecurityInfo


1 /**
2  *
3  * Copyright 2004-2005 The Apache Software Foundation
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  */
18 package org.apache.geronimo.interop.rmi.iiop;
19
20 import java.util.Random JavaDoc;
21
22 import org.apache.geronimo.interop.util.BigEndian;
23 import org.apache.geronimo.interop.util.UTF8;
24
25
26 public class SecurityInfo {
27     // public data
28
29     public static final int TAG_USERNAME = BigEndian.getInt(new byte[]
30     {
31         (byte) 'U', (byte) 'S', (byte) 'E', (byte) 'R'
32     });
33
34     public static final int TAG_PASSWORD = BigEndian.getInt(new byte[]
35     {
36         (byte) 'P', (byte) 'A', (byte) 'S', (byte) 'S'
37     });
38
39     public static Random JavaDoc seedFactory = new Random JavaDoc();
40     public String JavaDoc username;
41     public String JavaDoc password;
42
43     private static ThreadLocal JavaDoc current = new ThreadLocal JavaDoc();
44
45     public static SecurityInfo getCurrent() {
46         return (SecurityInfo) current.get();
47     }
48
49     public static void setCurrent(SecurityInfo info) {
50         current.set(info);
51     }
52
53     /**
54      * * Encode a username or password to prevent accidental disclosure
55      * * by packet sniffers etc. The intention is not to provide strong
56      * * encryption, SSL should be used for that.
57      * *
58      * * Note: this algorithm is not to be changed, or it will cause
59      * * version incompatibilites between client and server. See also
60      * * similar requirements in Random.java.
61      */
62     public static byte[] encode(String JavaDoc plainText) {
63         int seed = seedFactory.nextInt(); // data race, but we don't care
64 Random JavaDoc random = new Random JavaDoc(seed);
65         byte[] utf8 = UTF8.fromString(plainText);
66         int n = utf8.length;
67         int pad = 0;
68         // Try to mask password length by padding to 4 byte boundaries.
69 while ((1 + n + pad) % 4 != 0) {
70             pad++;
71         }
72         byte[] data = new byte[6 + n + pad];
73         data[0] = (byte) 'E'; // Can be overwritten by caller after return.
74 BigEndian.setInt(data, 1, seed);
75         data[5] = (byte) (pad + random.nextInt());
76         for (int i = 0; i < n + pad; i++) {
77             if (i < n) {
78                 data[6 + i] = (byte) (utf8[i] + random.nextInt());
79             } else {
80                 data[6 + i] = (byte) random.nextInt(); // random padding.
81 }
82         }
83         return data;
84     }
85
86     /**
87      * * Inverse of encode.
88      */
89     public static String JavaDoc decode(byte[] data) {
90         int n = data.length - 6;
91         if (n < 0) {
92             throw new IllegalArgumentException JavaDoc("data.length = " + data.length);
93         }
94         int seed = BigEndian.getInt(data, 1);
95         Random JavaDoc random = new Random JavaDoc(seed);
96         int pad = ((data[5] - random.nextInt()) + 0x100) & 0xff;
97         if (pad < 0 || pad > 3) {
98             throw new IllegalArgumentException JavaDoc("pad = " + pad);
99         }
100         n -= pad;
101         byte[] utf8 = new byte[n];
102         for (int i = 0; i < n; i++) {
103             utf8[i] = (byte) (data[i + 6] - random.nextInt());
104         }
105         String JavaDoc plainText = UTF8.toString(utf8);
106         return plainText;
107     }
108 }
109
Popular Tags