1 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package org.springframework.security.providers.encoding; 17 18 /** 19 * <p>Convenience base for all password encoders.</p> 20 * 21 * @author Ben Alex 22 * @version $Id: BasePasswordEncoder.java 2217 2007-10-27 00:45:30Z luke_t $ 23 */ 24 public abstract class BasePasswordEncoder implements PasswordEncoder { 25 //~ Methods ======================================================================================================== 26 27 /** 28 * Used by subclasses to extract the password and salt from a merged <code>String</code> created using 29 * {@link #mergePasswordAndSalt(String,Object,boolean)}.<p>The first element in the returned array is the 30 * password. The second element is the salt. The salt array element will always be present, even if no salt was 31 * found in the <code>mergedPasswordSalt</code> argument.</p> 32 * 33 * @param mergedPasswordSalt as generated by <code>mergePasswordAndSalt</code> 34 * 35 * @return an array, in which the first element is the password and the second the salt 36 * 37 * @throws IllegalArgumentException if mergedPasswordSalt is null or empty. 38 */ 39 protected String[] demergePasswordAndSalt(String mergedPasswordSalt) { 40 if ((mergedPasswordSalt == null) || "".equals(mergedPasswordSalt)) { 41 throw new IllegalArgumentException("Cannot pass a null or empty String"); 42 } 43 44 String password = mergedPasswordSalt; 45 String salt = ""; 46 47 int saltBegins = mergedPasswordSalt.lastIndexOf("{"); 48 49 if ((saltBegins != -1) && ((saltBegins + 1) < mergedPasswordSalt.length())) { 50 salt = mergedPasswordSalt.substring(saltBegins + 1, mergedPasswordSalt.length() - 1); 51 password = mergedPasswordSalt.substring(0, saltBegins); 52 } 53 54 return new String[] {password, salt}; 55 } 56 57 /** 58 * Used by subclasses to generate a merged password and salt <code>String</code>.<P>The generated password 59 * will be in the form of <code>password{salt}</code>.</p> 60 * <p>A <code>null</code> can be passed to either method, and will be handled correctly. If the 61 * <code>salt</code> is <code>null</code> or empty, the resulting generated password will simply be the passed 62 * <code>password</code>. The <code>toString</code> method of the <code>salt</code> will be used to represent the 63 * salt.</p> 64 * 65 * @param password the password to be used (can be <code>null</code>) 66 * @param salt the salt to be used (can be <code>null</code>) 67 * @param strict ensures salt doesn't contain the delimiters 68 * 69 * @return a merged password and salt <code>String</code> 70 * 71 * @throws IllegalArgumentException if the salt contains '{' or '}' characters. 72 */ 73 protected String mergePasswordAndSalt(String password, Object salt, boolean strict) { 74 if (password == null) { 75 password = ""; 76 } 77 78 if (strict && (salt != null)) { 79 if ((salt.toString().lastIndexOf("{") != -1) || (salt.toString().lastIndexOf("}") != -1)) { 80 throw new IllegalArgumentException("Cannot use { or } in salt.toString()"); 81 } 82 } 83 84 if ((salt == null) || "".equals(salt)) { 85 return password; 86 } else { 87 return password + "{" + salt.toString() + "}"; 88 } 89 } 90 }