encoder.java

来自「一个完整的网络订餐系统」· Java 代码 · 共 244 行

package com.util.security;


import java.lang.reflect.Method;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.MessageDigest;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;


public class Encoder {

  private static Log log = LogFactory.getLog(Encoder.class);
  private static MessageDigest digest = null;
  private static boolean isInited = false;

private static Method encodeMethod1_4 = null;
private static Method decodeMethod1_4 = null;

// URLEncoder.encode(String) has been deprecated in J2SE 1.4.
// Take advantage of the new method URLEncoder.encode(String, enc)
// if J2SE 1.4 is used.
static {
    try {
        Class urlEncoderClass = Class.forName("java.net.URLEncoder");
        encodeMethod1_4 = urlEncoderClass.getMethod("encode",
                new Class[] {String.class, String.class});
    } catch (Exception ex) {} // encodeMethod1_4 will be null if exception

    try {
        Class urlDecoderClass = Class.forName("java.net.URLDecoder");
        decodeMethod1_4 = urlDecoderClass.getMethod("decode",
                new Class[] {String.class, String.class});
    } catch (Exception ex) {} // decodeMethod1_4 will be null if exception
}
  public Encoder() {
  }

/**
 * This method return a String that has been encrypted as MD5 and then escaped using Base64.<p>
 * This method should be used to encrypt all password for maximum security.
 * @param input String the string that need encrypted
 * @return String the string after encrypted
 */
public static synchronized String getMD5_Base64(String input) {
    // please note that we dont use digest, because if we
    // cannot get digest, then the second time we have to call it
    // again, which will fail again
    if (isInited == false) {
        isInited = true;
        try {
            digest = MessageDigest.getInstance("MD5");
        } catch (Exception ex) {
            log.fatal("Cannot get MessageDigest. Application may fail to run correctly.", ex);
        }
    }
    if (digest == null) return input;

    // now everything is ok, go ahead
    try {
        digest.update(input.getBytes("UTF-8"));
    } catch (java.io.UnsupportedEncodingException ex) {
        log.error("Assertion: This should never occur.");
    }
    byte[] rawData = digest.digest();
    byte[] encoded = Base64.encode(rawData);
    String retValue = new String(encoded);
    return retValue;
}

/**
 * This method just call URLEncoder.encode() so we can get rid of
 * the deprecation warning from using URLEncoder.encode() directly.
 * @param input String
 * @return String
 */
public static String encodeURL(String input) {
    if (encodeMethod1_4 != null) {
        Object[] methodArgsName = new Object[2];
        methodArgsName[0] = input;
        methodArgsName[1] = "UTF-8";

        try {
            return (String)encodeMethod1_4.invoke(null, methodArgsName);
        } catch (Exception ex) {
            throw new RuntimeException("System error invoking URLEncoder.encode() by reflection.");
        }
    } else {
        // must use J2SE 1.3 version

        // The following line will cause a warning if compile with jdk1.4
        // However, we cannot use the new method String encode(String s, String enc)
        // in jdk1.4, because it wont be compiled with jdk1.3
        // Currently, there is no way to get rid of this wanring
        return URLEncoder.encode(input);
    }
}

/**
 * This method just call URLDecoder.decode() so we can get rid of
 * the deprecation warning from using URLDecoder.encode() directly.
 * @param input String
 * @return String
 */
public static String decodeURL(String input) {
    if (decodeMethod1_4 != null) {
        Object[] methodArgsName = new Object[2];
        methodArgsName[0] = input;
        methodArgsName[1] = "UTF-8";

        try {
            return (String)decodeMethod1_4.invoke(null, methodArgsName);
        } catch (Exception ex) {
            throw new RuntimeException("System error invoking URLDecoder.decode() by reflection.");
        }
    } else {
        // must use J2SE 1.3 version

        // The following line will cause a warning if compile with jdk1.4
        // However, we cannot use the new method String decode(String s, String enc)
        // in jdk1.4, because it wont be compiled with jdk1.3
        // Currently, there is no way to get rid of this wanring
        return URLDecoder.decode(input);
    }
}

/**
 * Filter a url to make it safe, this method is used in class URLFilter
 * @param url String a url to be filtered
 * @return String a url that has been filtered
 */
public static String filterUrl(String url) {
    String lowerUrl = url.toLowerCase();
    if ( (lowerUrl.indexOf("javascript:") >= 0) ||
         lowerUrl.indexOf("file:") >= 0) {
        return "";
    }

    String protocol = "http://";//default protocol
    String name = null;
    if (url.startsWith("http://")) {
        protocol = "http://";
        name = url.substring(protocol.length());// must duplicate it because of the default protocol
    } else if (url.startsWith("https://")) {
        protocol = "https://";
        name = url.substring(protocol.length());// must duplicate it because of the default protocol
    } else if (url.startsWith("ftp://")) {
        protocol = "ftp://";
        name = url.substring(protocol.length());// must duplicate it because of the default protocol
    } else if (url.startsWith("mailto:")) {
        protocol = "mailto:";
        name = url.substring(protocol.length());// must duplicate it because of the default protocol
    } else {
        name = url;
    }
    String ret;
    if (protocol.equals("mailto:")) {
        try {
              ret = protocol + name;
        } catch (Exception ex) {
            ret = "";
        }
    } else {
        ret = protocol + encodePath(name);
    }
    return ret;
}

/**
 *
 * @param path the path, something like this localhost:8080/image/index.html
 * @return the path after being encoded
 */
private static String encodePath(String path) {
    path = removeInvalidUserInURL(path);
    return path;
    /*
    String ret = "";
    int indexFirstSlash = path.indexOf('/');
    if ( indexFirstSlash != -1 ) {
        String hostport = path.substring(0, indexFirstSlash);
        int indexFirstColon = hostport.indexOf(':');
        if (indexFirstColon != -1) {
            String host = hostport.substring(0, indexFirstColon);
            String port = hostport.substring(indexFirstColon + 1);
            hostport = Encoder.encodeURL(host) + ":" + Encoder.encodeURL(port);
        } else {
            hostport = Encoder.encodeURL(hostport);
        }
        String filename = path.substring(indexFirstSlash + 1);
        filename = Encoder.encodeURL(filename);
        ret = hostport + "/" + filename;
    } else {
        ret = Encoder.encodeURL(path);
    }
    return ret;
    */
}

/**
 * This method is used to fix IE spoof url bug:
 * http://originalsite.com % 0 0 @ www.badsite.com
 * <p>(remove the space above, I added spaces because
 * McAfee conplain that it is a trojan)
 * @param path String
 * @return String
 */
private static String removeInvalidUserInURL(String path) {
  // atIndex is the RIGHT most of @
  int atIndex = path.lastIndexOf('@');
  if (atIndex != -1) {
    // has the user info part
    // percentIndex is the LEFT most of %
    int pecentIndex = path.indexOf('%');
    if ( (pecentIndex != -1) && (pecentIndex < atIndex)) {
      // user info part has % in it, very likely a spoof url
      return path.substring(atIndex + 1); // get the char right after @
    }
  }
  return path;
}

public static void main(String arg[]) {
  try {
    String query;
    if (arg.length < 1) {
      query = "";
    } else {
      query = arg[0];
    }

    String  admin = Encoder.getMD5_Base64("lw1219");
    System.out.println(admin);
  } catch (Exception e) {
    e.printStackTrace();
  }
}


}