424307 obfuscate unicode

This commit is contained in:
Greg Wilkins 2013-12-19 11:00:53 +11:00
parent 9e2d0a33d6
commit 5643e588e2
2 changed files with 94 additions and 32 deletions

View File

@ -19,6 +19,7 @@
package org.eclipse.jetty.util.security; package org.eclipse.jetty.util.security;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays; import java.util.Arrays;
import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Log;
@ -141,39 +142,36 @@ public class Password extends Credential
public static String obfuscate(String s) public static String obfuscate(String s)
{ {
StringBuilder buf = new StringBuilder(); StringBuilder buf = new StringBuilder();
byte[] b = s.getBytes(); byte[] b = s.getBytes(StandardCharsets.UTF_8);
buf.append(__OBFUSCATE); buf.append(__OBFUSCATE);
for (int i = 0; i < b.length; i++) for (int i = 0; i < b.length; i++)
{ {
byte b1 = b[i]; byte b1 = b[i];
byte b2 = b[s.length() - (i + 1)]; byte b2 = b[b.length - (i + 1)];
if (b1<0 || b2<0)
{
int i0 = (0xff&b1)*256 + (0xff&b2);
String x = Integer.toString(i0, 36).toLowerCase();
buf.append("U0000",0,5-x.length());
buf.append(x);
}
else
{
int i1 = 127 + b1 + b2; int i1 = 127 + b1 + b2;
int i2 = 127 + b1 - b2; int i2 = 127 + b1 - b2;
int i0 = i1 * 256 + i2; int i0 = i1 * 256 + i2;
String x = Integer.toString(i0, 36); String x = Integer.toString(i0, 36).toLowerCase();
switch (x.length()) int j0 = Integer.parseInt(x, 36);
{ int j1 = (i0 / 256);
case 1: int j2 = (i0 % 256);
buf.append('0'); byte bx = (byte) ((j1 + j2 - 254) / 2);
buf.append('0');
buf.append('0'); buf.append("000",0,4-x.length());
buf.append(x); buf.append(x);
break;
case 2:
buf.append('0');
buf.append('0');
buf.append(x);
break;
case 3:
buf.append('0');
buf.append(x);
break;
default:
buf.append(x);
break;
} }
} }
return buf.toString(); return buf.toString();
@ -187,15 +185,27 @@ public class Password extends Credential
byte[] b = new byte[s.length() / 2]; byte[] b = new byte[s.length() / 2];
int l = 0; int l = 0;
for (int i = 0; i < s.length(); i += 4) for (int i = 0; i < s.length(); i += 4)
{
if (s.charAt(i)=='U')
{
i++;
String x = s.substring(i, i + 4);
int i0 = Integer.parseInt(x, 36);
byte bx = (byte)(i0>>8);
b[l++] = bx;
}
else
{ {
String x = s.substring(i, i + 4); String x = s.substring(i, i + 4);
int i0 = Integer.parseInt(x, 36); int i0 = Integer.parseInt(x, 36);
int i1 = (i0 / 256); int i1 = (i0 / 256);
int i2 = (i0 % 256); int i2 = (i0 % 256);
b[l++] = (byte) ((i1 + i2 - 254) / 2); byte bx = (byte) ((i1 + i2 - 254) / 2);
b[l++] = bx;
}
} }
return new String(b, 0, l); return new String(b, 0, l,StandardCharsets.UTF_8);
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */

View File

@ -0,0 +1,52 @@
//
// ========================================================================
// Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.util.security;
import static org.junit.Assert.assertEquals;
import org.junit.Test;
public class PasswordTest
{
@Test
public void testDeobfuscate()
{
// check any changes do not break already encoded strings
String password = "secret password !# ";
String obfuscate = "OBF:1iaa1g3l1fb51i351sw01ym91hdc1yt41v1p1ym71v2p1yti1hhq1ym51svy1hyl1f7h1fzx1i5o";
assertEquals(password,Password.deobfuscate(obfuscate));
}
@Test
public void testObfuscate()
{
String password = "secret password !# ";
String obfuscate = Password.obfuscate(password);
assertEquals(password,Password.deobfuscate(obfuscate));
}
@Test
public void testObfuscateUnicode()
{
String password = "secret password !#\u20ac ";
String obfuscate = Password.obfuscate(password);
assertEquals(password,Password.deobfuscate(obfuscate));
}
}