List of usage examples for org.apache.commons.codec.digest DigestUtils sha
@Deprecated public static byte[] sha(String data)
From source file:org.apache.shindig.social.core.oauth.OAuthAuthenticationHanderTest.java
@Test public void testBodySigning() throws Exception { FakeHttpServletRequest req = new FakeHttpServletRequest(); req.setContentType("text/plain"); String body = "BODY"; req.setPostData(CharsetUtil.getUtf8Bytes(body)); String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(body))), "UTF-8"); req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash); OAuthAuthenticationHandler.verifyBodyHash(req, hash); }
From source file:org.apache.shindig.social.core.oauth.OAuthAuthenticationHanderTest.java
@Test public void testFailBodySigning() throws Exception { FakeHttpServletRequest req = new FakeHttpServletRequest(); req.setContentType("text/plain"); String body = "BODY"; req.setPostData(CharsetUtil.getUtf8Bytes(body)); String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes("NOTBODY"))), "UTF-8"); req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash); try {//from w ww . j a v a2 s . c om OAuthAuthenticationHandler.verifyBodyHash(req, hash); fail("Body verification should fail"); } catch (AuthenticationHandler.InvalidAuthenticationException iae) { // Pass } }
From source file:org.apache.shindig.social.core.oauth.OAuthAuthenticationHanderTest.java
@Test public void testFailBodySigningWithFormEncoded() throws Exception { FakeHttpServletRequest req = new FakeHttpServletRequest(); req.setContentType(OAuth.FORM_ENCODED); String body = "BODY"; req.setPostData(CharsetUtil.getUtf8Bytes(body)); String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(body))), "UTF-8"); req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash); try {/*from www . jav a2s . c o m*/ OAuthAuthenticationHandler.verifyBodyHash(req, hash); fail("Body verification should fail"); } catch (AuthenticationHandler.InvalidAuthenticationException iae) { // Pass } }
From source file:org.apache.shindig.social.core.oauth.OAuthAuthenticationHanderTest.java
@Test public void testBodyHashNoContentType() throws Exception { FakeHttpServletRequest req = new FakeHttpServletRequest(); req.setPostData(CharsetUtil.getUtf8Bytes("")); String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(""))), "UTF-8"); OAuthAuthenticationHandler.verifyBodyHash(req, hash); }
From source file:org.apache.shindig.social.core.oauth.OAuthAuthenticationHandler.java
public static void verifyBodyHash(HttpServletRequest request, String oauthBodyHash) throws InvalidAuthenticationException { // we are doing body hash signing which is not permitted for form-encoded data if (request.getContentType() != null && request.getContentType().contains(OAuth.FORM_ENCODED)) { throw new AuthenticationHandler.InvalidAuthenticationException( "Cannot use oauth_body_hash with a Content-Type of application/x-www-form-urlencoded", null); } else {//from w w w . j a v a 2 s.co m try { byte[] rawBody = readBody(request); byte[] received = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(oauthBodyHash)); byte[] expected = DigestUtils.sha(rawBody); if (!Arrays.equals(received, expected)) { throw new AuthenticationHandler.InvalidAuthenticationException( "oauth_body_hash failed verification", null); } } catch (IOException ioe) { throw new AuthenticationHandler.InvalidAuthenticationException( "Unable to read content body for oauth_body_hash verification", null); } } }
From source file:org.apache.weasel.V06Handshake.java
private boolean checkResponseHeaders(Map<String, String> headers, String key) { String expectedKey = new String(Base64.encodeBase64(DigestUtils.sha(key + SERVER_KEY_ADDON))); return "websocket".equalsIgnoreCase(headers.get(UPGRADE_HEADER.toLowerCase())) && "Upgrade".equalsIgnoreCase(headers.get(CONNECTION_HEADER.toLowerCase())) && expectedKey.equals(headers.get(ACCEPT_HEADER.toLowerCase())); }
From source file:org.apache.weasel.V06Handshake.java
public WebSocket<T> serverHandshake(T channel, String requestLine, Map<String, String> headers, WebSocketApplication<T> app) throws IOException { StringBuilder response = new StringBuilder(); response.append("HTTP/1.1 101 Switching Protocols").append(CRLF); String key = headers.get(KEY_HEADER.toLowerCase()) + SERVER_KEY_ADDON; byte[] sha1AcceptKey = DigestUtils.sha(key); byte[] base64AceeptKey = Base64.encodeBase64(sha1AcceptKey); response.append(ACCEPT_HEADER).append(": ").append(new String(base64AceeptKey)).append(CRLF); response.append(UPGRADE_HEADER).append(": ").append("websocket").append(CRLF); response.append(CONNECTION_HEADER).append(": ").append("Upgrade").append(CRLF); String protocol = headers.get(PROTOCOL_HEADER.toLowerCase()); String acceptedProtocol = app.acceptProtocol(protocol); if (acceptedProtocol != null && !protocol.isEmpty()) { response.append(PROTOCOL_HEADER).append(": ").append(acceptedProtocol).append(CRLF); }//from www . j a v a2 s .c o m String origin = headers.get(ORIGIN_HEADER.toLowerCase()); if (!app.acceptOrigin(origin)) { throw new WebSocketException("Origin not accepted"); } // TODO: add extension abstraction Map<String, String> responseHeaders = app.acceptExtensions(headers); if (responseHeaders != null) { for (String header : responseHeaders.keySet()) { response.append(header).append(": ").append(responseHeaders.get(header)).append(CRLF); } } response.append(CRLF); channel.write(ByteBuffer.wrap(response.toString().getBytes(UTF8))); // TODO determine that client received the response and didn't fail the // connection return new V06WebSocket<T>(channel, false); }
From source file:org.infoglue.cms.applications.managementtool.actions.ViewPasswordToolAction.java
/** * The main method that fetches the Value-object for this use-case *//*from www .jav a 2 s. c o m*/ public String doExecute() throws Exception { byte[] encryptedPassRaw = DigestUtils.sha(this.password); String encryptedPass = new String(Base64.encodeBase64(encryptedPassRaw), "ASCII"); encryptedPassword = encryptedPass; return "success"; }
From source file:org.infoglue.cms.controllers.kernel.impl.simple.SystemUserController.java
public SystemUserVO create(SystemUserVO systemUserVO) throws ConstraintException, SystemException { if (CmsPropertyHandler.getUsePasswordEncryption()) { String password = systemUserVO.getPassword(); try {/*w w w. j a va 2 s.co m*/ byte[] encryptedPassRaw = DigestUtils.sha(password); String encryptedPass = new String(Base64.encodeBase64(encryptedPassRaw), "ASCII"); password = encryptedPass; systemUserVO.setPassword(password); } catch (Exception e) { logger.error("Error generating password:" + e.getMessage()); } } SystemUser systemUser = new SystemUserImpl(); systemUser.setValueObject(systemUserVO); systemUser = (SystemUser) createEntity(systemUser); return systemUser.getValueObject(); }
From source file:org.infoglue.cms.controllers.kernel.impl.simple.SystemUserController.java
public SystemUser create(SystemUserVO systemUserVO, Database db) throws ConstraintException, SystemException, Exception { if (CmsPropertyHandler.getUsePasswordEncryption()) { String password = systemUserVO.getPassword(); try {//from w w w .jav a2 s . c o m byte[] encryptedPassRaw = DigestUtils.sha(password); String encryptedPass = new String(Base64.encodeBase64(encryptedPassRaw), "ASCII"); password = encryptedPass; systemUserVO.setPassword(password); } catch (Exception e) { logger.error("Error generating password:" + e.getMessage()); } } SystemUser systemUser = new SystemUserImpl(); systemUser.setValueObject(systemUserVO); systemUser = (SystemUser) createEntity(systemUser, db); return systemUser; }