?? encoder.java
字號:
/*
* $Header: /cvsroot/mvnforum/myvietnam/src/net/myvietnam/mvncore/security/Encoder.java,v 1.20 2006/04/15 02:59:19 minhnn Exp $
* $Author: minhnn $
* $Revision: 1.20 $
* $Date: 2006/04/15 02:59:19 $
*
* ====================================================================
*
* Copyright (C) 2002-2006 by MyVietnam.net
*
* All copyright notices regarding MyVietnam and MyVietnam CoreLib
* MUST remain intact in the scripts and source code.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Correspondence and Marketing Questions can be sent to:
* info at MyVietnam net
*
* @author: Minh Nguyen
* @author: Mai Nguyen
*/
package net.myvietnam.mvncore.security;
import java.lang.reflect.Method;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.MessageDigest;
import net.myvietnam.mvncore.misc.Base64;
import net.myvietnam.mvncore.util.MailUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class Encoder {
private static Log log = LogFactory.getLog(Encoder.class);
// Please note that 2 below methods are used in #getMD5_Base64 only
// use them in other methods will make it not thread-safe
private static MessageDigest digest = null;
private static boolean isInited = false;
private static Method encodeMethod1_4 = null;
private static Method decodeMethod1_4 = null;
// URLEncoder.encode(String) has been deprecated in J2SE 1.4.
// Take advantage of the new method URLEncoder.encode(String, enc)
// if J2SE 1.4 is used.
static {
try {
Class urlEncoderClass = Class.forName("java.net.URLEncoder");
encodeMethod1_4 = urlEncoderClass.getMethod("encode",
new Class[] {String.class, String.class});
} catch (Exception ex) {} // encodeMethod1_4 will be null if exception
try {
Class urlDecoderClass = Class.forName("java.net.URLDecoder");
decodeMethod1_4 = urlDecoderClass.getMethod("decode",
new Class[] {String.class, String.class});
} catch (Exception ex) {} // decodeMethod1_4 will be null if exception
}
private Encoder() {
}
/**
* This method return a String that has been encrypted as MD5 and then escaped using Base64.<p>
* This method should be used to encrypt all password for maximum security.
* @param input String the string that need encrypted
* @return String the string after encrypted
*/
public static synchronized String getMD5_Base64(String input) {
// please note that we dont use digest, because if we
// cannot get digest, then the second time we have to call it
// again, which will fail again
if (isInited == false) {
isInited = true;
try {
digest = MessageDigest.getInstance("MD5");
} catch (Exception ex) {
log.fatal("Cannot get MessageDigest. Application may fail to run correctly.", ex);
}
}
if (digest == null) return input;
// now everything is ok, go ahead
try {
digest.update(input.getBytes("UTF-8"));
} catch (java.io.UnsupportedEncodingException ex) {
log.error("Assertion: This should never occur.");
}
byte[] rawData = digest.digest();
byte[] encoded = Base64.encode(rawData);
String retValue = new String(encoded);
return retValue;
}
/**
* This method just call URLEncoder.encode() so we can get rid of
* the deprecation warning from using URLEncoder.encode() directly.
* @param input String
* @return String
*/
public static String encodeURL(String input) {
if (encodeMethod1_4 != null) {
Object[] methodArgsName = new Object[2];
methodArgsName[0] = input;
methodArgsName[1] = "UTF-8";
try {
return (String)encodeMethod1_4.invoke(null, methodArgsName);
} catch (Exception ex) {
throw new RuntimeException("System error invoking URLEncoder.encode() by reflection.");
}
} else {
// must use J2SE 1.3 version
// The following line will cause a warning if compile with jdk1.4
// However, we cannot use the new method String encode(String s, String enc)
// in jdk1.4, because it wont be compiled with jdk1.3
// Currently, there is no way to get rid of this wanring
return URLEncoder.encode(input);
}
}
/**
* This method just call URLDecoder.decode() so we can get rid of
* the deprecation warning from using URLDecoder.encode() directly.
* @param input String
* @return String
*/
public static String decodeURL(String input) {
if (decodeMethod1_4 != null) {
Object[] methodArgsName = new Object[2];
methodArgsName[0] = input;
methodArgsName[1] = "UTF-8";
try {
return (String)decodeMethod1_4.invoke(null, methodArgsName);
} catch (Exception ex) {
throw new RuntimeException("System error invoking URLDecoder.decode() by reflection.");
}
} else {
// must use J2SE 1.3 version
// The following line will cause a warning if compile with jdk1.4
// However, we cannot use the new method String decode(String s, String enc)
// in jdk1.4, because it wont be compiled with jdk1.3
// Currently, there is no way to get rid of this wanring
return URLDecoder.decode(input);
}
}
/**
* Filter a url to make it safe, this method is used in class URLFilter
* @param url String a url to be filtered
* @return String a url that has been filtered
*/
public static String filterUrl(String url) {
String lowerUrl = url.toLowerCase();
if ( (lowerUrl.indexOf("javascript:") >= 0) ||
lowerUrl.indexOf("file:") >= 0) {
return "";
}
String protocol = "http://";//default protocol
String name = null;
if (url.startsWith("http://")) {
protocol = "http://";
name = url.substring(protocol.length());// must duplicate it because of the default protocol
} else if (url.startsWith("https://")) {
protocol = "https://";
name = url.substring(protocol.length());// must duplicate it because of the default protocol
} else if (url.startsWith("ftp://")) {
protocol = "ftp://";
name = url.substring(protocol.length());// must duplicate it because of the default protocol
} else if (url.startsWith("mailto:")) {
protocol = "mailto:";
name = url.substring(protocol.length());// must duplicate it because of the default protocol
} else {
name = url;
}
String ret;
if (protocol.equals("mailto:")) {
try {
MailUtil.checkGoodEmail(name);
ret = protocol + name;
} catch (Exception ex) {
ret = "";
}
} else {
ret = protocol + encodePath(name);
}
return ret;
}
/**
*
* @param path the path, something like this localhost:8080/image/index.html
* @return the path after being encoded
*/
public static String encodePath(String path) {
path = removeInvalidUserInURL(path);
return path;
/*
String ret = "";
int indexFirstSlash = path.indexOf('/');
if ( indexFirstSlash != -1 ) {
String hostport = path.substring(0, indexFirstSlash);
int indexFirstColon = hostport.indexOf(':');
if (indexFirstColon != -1) {
String host = hostport.substring(0, indexFirstColon);
String port = hostport.substring(indexFirstColon + 1);
hostport = Encoder.encodeURL(host) + ":" + Encoder.encodeURL(port);
} else {
hostport = Encoder.encodeURL(hostport);
}
String filename = path.substring(indexFirstSlash + 1);
filename = Encoder.encodeURL(filename);
ret = hostport + "/" + filename;
} else {
ret = Encoder.encodeURL(path);
}
return ret;
*/
}
/**
* This method is used to fix IE spoof url bug:
* http://originalsite.com % 0 0 @ www.badsite.com
* <p>(remove the space above, I added spaces because
* McAfee conplain that it is a trojan)
* @param path String
* @return String
*/
private static String removeInvalidUserInURL(String path) {
// atIndex is the RIGHT most of @
int atIndex = path.lastIndexOf('@');
if (atIndex != -1) {
// has the user info part
// percentIndex is the LEFT most of %
int pecentIndex = path.indexOf('%');
if ((pecentIndex != -1) && (pecentIndex < atIndex)) {
// user info part has % in it, very likely a spoof url
return path.substring(atIndex + 1);// get the char right after @
}
}
return path;
}
/*
public static void main(String[] args) {
//test data should be
//a1 iou3zTQ6oq2Zt9diAwhXog==
//Hello World sQqNsWTgdUEFt6mb5y4/5Q==
//String testString = "a1";
//String encrypted = getMD5_Base64(testString);
//System.out.println("encrypted = " + encrypted);
//System.out.println("length = " + encrypted.length());
//String encodeString = "Di\u1ec5n \u0111\u00e0n";//Die^~n d-a`n
//JDK 1.3 result : Di%3Fn+%3F%E0n
//JDK 1.4 result : Di%E1%BB%85n+%C4%91%C3%A0n
//System.out.println("encodeURL input '" + encodeString + "' output '" + encodeURL(encodeString) + "'");
//String decodeString = "Di%E1%BB%85n+%C4%91%C3%A0n";//encoded of "Die^~n d-a`n"
//System.out.println("decodeURL input '" + decodeString + "' output '" + decodeURL(decodeString) + "'");
}*/
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -