Examples of ICrypt

org.apache.wicket.util.crypt.ICrypt
Encryption and decryption implementations are accessed through this interface. It provide some simple means to encrypt and decrypt strings, like passwords etc.. It depends on the implementation itself which algorithms are used to en-/decrypt the data.
If you value the privacy of your websites users, then please consider using a one-way encryption algorithm instead of the Wicket provided ICrypt implementations. The intention of these encryption facilities is to keep passwords private when stored in cookies or in the session.The implementation of the encryption algorithm may change between releases. As such, this interface and its implementations are not intended and should not be used as an encryption facility for persistent values.
As of Wicket 1.2 the methods encrypt and decrypt are deprecated. Consider changing your persistent encryption strategy to be based on a one-way encryption such as a SHA1 hash, not depending on Wicket classes. @author Juergen Donnerstag

Examples of org.apache.wicket.util.crypt.ICrypt

  private static class TestCryptFactory implements ICryptFactory
  {


    public ICrypt newCrypt()
    {
      return new ICrypt()
      {


        public String decryptUrlSafe(String text)
        {
          return new String(new Base64(true).decode(text));

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

    };


    panel.setPersistent(true);
    form = (Form<?>)panel.get("signInForm");


    final ICrypt crypt = tester.getApplication()
      .getSecuritySettings()
      .getCryptFactory()
      .newCrypt();
    final String encryptedPassword = crypt.encryptUrlSafe("test");
    assertNotNull(encryptedPassword);
    cookieUsername = new Cookie("panel.signInForm.username", "juergen");
    Cookie cookiePassword = new Cookie("panel.signInForm.password", encryptedPassword);
    Cookie[] cookies = new Cookie[] { cookieUsername, cookiePassword };

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

  private static class TestCryptFactory implements ICryptFactory
  {


    public ICrypt newCrypt()
    {
      return new ICrypt()
      {


        public String decryptUrlSafe(String text)
        {
          return new String(new Base64(true).decode(text));

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

   * 
   * 
   */
  public void testCrypt()
  {
    final ICrypt crypt = new SunJceCrypt();


    try
    {
      if (crypt.encryptUrlSafe("test") != null)
      {
        final String text = "abcdefghijkABC: A test which creates a '/' and/or a '+'";
        final String expectedUrlSafeEncrypted = "g-N_AGk2b3qe70kJ0we4Rsa8getbnPLm6NyE0BCd-go0P-0kuIe6UvAYP7dlzx-9mfmPaMQ5lCk";


        final String encrypted = crypt.encryptUrlSafe(text);
        assertEquals(expectedUrlSafeEncrypted, encrypted);
        assertEquals(text, crypt.decryptUrlSafe(expectedUrlSafeEncrypted));
        assertNull(crypt.decryptUrlSafe("style.css"));
      }
    }
    catch (Exception ex)
    {
      // fails on JVMs without security provider (e.g. seems to be on

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

   * 
   */
  public void testNoCrypt()
  {
    // The NoCrypt implementation does not modify the string at all
    final ICrypt crypt = new NoCrypt();


    assertEquals("test", crypt.encryptUrlSafe("test"));
    assertEquals("test", crypt.decryptUrlSafe("test"));
  }

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

   * @return The encoded url
   */
  protected CharSequence encodeURL(final CharSequence url)
  {
    // Get the crypt implementation from the application
    ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
    if (urlCrypt != null)
    {
      // The url must have a query string, otherwise keep the url
      // unchanged
      final int pos = url.toString().indexOf('?');
      if (pos > -1)
      {
        // The url's path
        CharSequence urlPrefix = url.subSequence(0, pos);


        // Extract the querystring
        String queryString = url.subSequence(pos + 1, url.length()).toString();


        // if the querystring starts with a parameter like
        // "x=", than don't change the querystring as it
        // has been encoded already
        if (!queryString.startsWith("x="))
        {
          // The length of the encrypted string depends on the
          // length of the original querystring. Let's try to
          // make the querystring shorter first without loosing
          // information.
          queryString = shortenUrl(queryString).toString();


          // encrypt the query string
          String encryptedQueryString = urlCrypt.encryptUrlSafe(queryString);


                    encryptedQueryString = WicketURLEncoder.QUERY_INSTANCE.encode(encryptedQueryString);


          // build the new complete url
          return new AppendingStringBuffer(urlPrefix).append("?x=").append(

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

        }


        secureParam = WicketURLDecoder.QUERY_INSTANCE.decode(secureParam);


        // Get the crypt implementation from the application
        final ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory()
            .newCrypt();


        // Decrypt the query string
        String queryString = urlCrypt.decryptUrlSafe(secureParam);


        // The querystring might have been shortened (length reduced).
        // In that case, lengthen the query string again.
        queryString = rebuildUrl(queryString);
        return queryString;

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

      key = session.getId() + "." + UUID.randomUUID().toString();
      session.setMetaData(KEY, key);
    }


    // build the crypt based on session key
    ICrypt crypt = new SunJceCrypt();
    crypt.setKey(key);
    return crypt;
  }

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

  private static class TestCryptFactory implements ICryptFactory
  {


    public ICrypt newCrypt()
    {
      return new ICrypt()
      {


        public String decryptUrlSafe(String text)
        {
          return new String(new Base64(true).decode(text));

View Full Code Here

Examples of org.apache.wicket.util.crypt.ICrypt

   * 
   */
  @Test
  public void crypt()
  {
    final ICrypt crypt = new SunJceCrypt();


    try
    {
      if (crypt.encryptUrlSafe("test") != null)
      {
        final String text = "abcdefghijkABC: A test which creates a '/' and/or a '+'";
        final String expectedUrlSafeEncrypted = "g-N_AGk2b3qe70kJ0we4Rsa8getbnPLm6NyE0BCd-go0P-0kuIe6UvAYP7dlzx-9mfmPaMQ5lCk";


        final String encrypted = crypt.encryptUrlSafe(text);
        assertEquals(expectedUrlSafeEncrypted, encrypted);
        assertEquals(text, crypt.decryptUrlSafe(expectedUrlSafeEncrypted));
        assertNull(crypt.decryptUrlSafe("style.css"));
      }
    }
    catch (Exception ex)
    {
      // fails on JVMs without security provider (e.g. seems to be on

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.