List of usage examples for javax.xml.bind DatatypeConverter parseHexBinary
public static byte[] parseHexBinary(String lexicalXSDHexBinary)
Converts the string argument into an array of bytes.
From source file:org.sakaiproject.lessonbuildertool.service.LessonBuilderAccessService.java
public void init() { lessonBuilderAccessAPI.setHttpAccess(getHttpAccess()); accessCache = memoryService.createCache( "org.sakaiproject.lessonbuildertool.service.LessonBuilderAccessService.cache", new SimpleConfiguration<Object, Object>(CACHE_MAX_ENTRIES, CACHE_TIME_TO_LIVE_SECONDS, CACHE_TIME_TO_IDLE_SECONDS)); SimplePageItem metaItem = null;//from ww w .j a v a2 s.c o m // Get crypto session key from metadata item // we have to keep it in the database so it's the same on all servers // There's no entirely sound way to create the item if it doesn't exist // other than by getting a table lock. Fortunately this will only be // needed when the entry is created. SimplePageProperty prop = simplePageToolDao.findProperty("accessCryptoKey"); if (prop == null) { try { sessionKey = KeyGenerator.getInstance("Blowfish").generateKey(); // need string version to save in item byte[] keyBytes = ((SecretKeySpec) sessionKey).getEncoded(); // set attribute to hex version of key prop = simplePageToolDao.makeProperty("accessCryptoKey", DatatypeConverter.printHexBinary(keyBytes)); simplePageToolDao.quickSaveItem(prop); } catch (Exception e) { System.out.println("unable to init cipher for session " + e); // in case of race condition, our save will fail, but we'll be able to get a value // saved by someone else simplePageToolDao.flush(); prop = simplePageToolDao.findProperty("accessCryptoKey"); } } if (prop != null) { String keyString = prop.getValue(); byte[] keyBytes = DatatypeConverter.parseHexBinary(keyString); sessionKey = new SecretKeySpec(keyBytes, "Blowfish"); } }
From source file:org.sakaiproject.lessonbuildertool.service.LessonBuilderAccessService.java
public HttpAccess getHttpAccess() { return new HttpAccess() { public void handleAccess(HttpServletRequest req, HttpServletResponse res, Reference ref, Collection copyrightAcceptedRefs) throws EntityPermissionException, EntityNotDefinedException, EntityAccessOverloadException, EntityCopyrightException { // preauthorized by encrypted key boolean isAuth = false; // if the id is null, the request was for just ".../content" String refId = ref.getId(); if (refId == null) { refId = ""; }/*www . ja v a 2s . c o m*/ if (!refId.startsWith("/item")) { throw new EntityNotDefinedException(ref.getReference()); } String itemString = refId.substring("/item/".length()); // string is of form /item/NNN/url. get the number int i = itemString.indexOf("/"); if (i < 0) { throw new EntityNotDefinedException(ref.getReference()); } // get session. The problem here is that some multimedia tools don't reliably // pass JSESSIONID String sessionParam = req.getParameter("lb.session"); if (sessionParam != null) { try { Cipher sessionCipher = Cipher.getInstance("Blowfish"); sessionCipher.init(Cipher.DECRYPT_MODE, sessionKey); byte[] sessionBytes = DatatypeConverter.parseHexBinary(sessionParam); sessionBytes = sessionCipher.doFinal(sessionBytes); String sessionString = new String(sessionBytes); int j = sessionString.indexOf(":"); String sessionId = sessionString.substring(0, j); String url = sessionString.substring(j + 1); UsageSession s = UsageSessionService.getSession(sessionId); if (s == null || s.isClosed() || url == null || !url.equals(refId)) { throw new EntityPermissionException(sessionManager.getCurrentSessionUserId(), ContentHostingService.AUTH_RESOURCE_READ, ref.getReference()); } else { isAuth = true; } } catch (Exception e) { System.out.println("unable to decode lb.session " + e); } } // basically there are two checks to be done: is the item accessible in Lessons, // and is the underlying resource accessible in Sakai. // This code really does check both. Sort of. // 1) it checks accessibility to the containing page by seeing if it has been visited. // This is stricter than necessary, but there's no obvious reason to let people use this // who aren't following an actual URL we gave them. // 2) it checks group access as part of the normal resource permission check. Sakai // should sync the two. We actually don't check it for items in student home directories, // as far as I can tell // 3) it checks availability (prerequisites) by calling the code from SimplePageBean // We could rewrite this with the new LessonsAccess methods, but since we have to do // resource permission checking also, and there's some duplication, it doesn't seem worth // rewriting this code. What I've done is review it to make sure it does the same thing. String id = itemString.substring(i); itemString = itemString.substring(0, i); boolean pushedAdvisor = false; try { securityService.pushAdvisor(allowReadAdvisor); pushedAdvisor = true; Long itemId = 0L; try { itemId = (Long) Long.parseLong(itemString); } catch (Exception e) { throw new EntityNotDefinedException(ref.getReference()); } // say we've read this if (itemId != 0L) track(itemId.longValue(), sessionManager.getCurrentSessionUserId()); // code here is also in simplePageBean.isItemVisible. change it there // too if you change this logic SimplePageItem item = simplePageToolDao.findItem(itemId.longValue()); SimplePage currentPage = simplePageToolDao.getPage(item.getPageId()); String owner = currentPage.getOwner(); // if student content String group = currentPage.getGroup(); // if student content if (group != null) group = "/site/" + currentPage.getSiteId() + "/group/" + group; String currentSiteId = currentPage.getSiteId(); // first let's make sure the user is allowed to access // the containing page if (!isAuth && !canReadPage(currentSiteId)) { throw new EntityPermissionException(sessionManager.getCurrentSessionUserId(), ContentHostingService.AUTH_RESOURCE_READ, ref.getReference()); } // If the resource is the actual one in the item, or // it is in the containing folder, then do lesson builder checking. // otherwise do normal resource checking if (!isAuth) { boolean useLb = false; // I've seen sakai id's with //, not sure why. they work but will mess up the comparison String itemResource = item.getSakaiId().replace("//", "/"); // only use lb security if the user has visited the page // this handles the various page release issues, although // it's not quite as flexible as the real code. But I don't // see any reason to help the user follow URLs that they can't // legitimately have seen. if (simplePageToolDao.isPageVisited(item.getPageId(), sessionManager.getCurrentSessionUserId(), owner)) { if (id.equals(itemResource)) useLb = true; else { // not exact, but see if it's in the containing folder int endFolder = itemResource.lastIndexOf("/"); if (endFolder > 0) { String folder = itemResource.substring(0, endFolder + 1); if (id.startsWith(folder)) useLb = true; } } } if (useLb) { // key into access cache String accessKey = itemString + ":" + sessionManager.getCurrentSessionUserId(); // special access if we have a student site and item is in worksite of one of the students // Normally we require that the person doing the access be able to see the file, but in // that specific case we allow the access. Note that in order to get a sakaiid pointing // into the user's space, the person editing the page must have been able to read the file. // this allows a user in your group to share any of your resources that he can see. String usersite = null; if (owner != null && group != null && id.startsWith("/user/")) { String username = id.substring(6); int slash = username.indexOf("/"); if (slash > 0) usersite = username.substring(0, slash); // normally it is /user/EID, so convert to userid try { usersite = UserDirectoryService.getUserId(usersite); } catch (Exception e) { } ; String itemcreator = item.getAttribute("addedby"); // suppose a member of the group adds a resource from another member of // the group. (This will only work if they have read access to it.) // We don't want to gimick access in that case. I think if you // add your own item, you've given consent. But not if someone else does. // itemcreator == null is for items added before this patch. I'm going to // continue to allow access for them, to avoid breaking existing content. if (usersite != null && itemcreator != null && !usersite.equals(itemcreator)) usersite = null; } // code here is also in simplePageBean.isItemVisible. change it there // too if you change this logic // for a student page, if it's in one of the groups' worksites, allow it // The assumption is that only one of those people can put content in the // page, and then only if the can see it. if (owner != null && usersite != null && authzGroupService.getUserRole(usersite, group) != null) { // OK } else if (owner != null && group == null && id.startsWith("/user/" + owner)) { // OK } else { // do normal checking for other content if (pushedAdvisor) { securityService.popAdvisor(); pushedAdvisor = false; } // our version of allowget does not check hidden but does everything else // if it's a student page, however use the normal check so students can't // use this to bypass release control if (owner == null && !allowGetResource(id, currentSiteId) || owner != null && !contentHostingService.allowGetResource(id)) { throw new EntityPermissionException(sessionManager.getCurrentSessionUserId(), ContentHostingService.AUTH_RESOURCE_READ, ref.getReference()); } securityService.pushAdvisor(allowReadAdvisor); pushedAdvisor = true; } // now enforce LB access restrictions if any if (item != null && item.isPrerequisite() && !"true".equals((String) accessCache.get(accessKey))) { // computing requirements is so messy that it's worth // instantiating // a SimplePageBean to do it. Otherwise we have to duplicate // lots of // code that changes. And we want it to be a transient bean // because there are // caches that we aren't trying to manage in the long term // but don't do this unless the item needs checking if (!canSeeAll(currentPage.getSiteId())) { SimplePageBean simplePageBean = new SimplePageBean(); simplePageBean.setMessageLocator(messageLocator); simplePageBean.setToolManager(toolManager); simplePageBean.setSecurityService(securityService); simplePageBean.setSessionManager(sessionManager); simplePageBean.setSiteService(siteService); simplePageBean.setContentHostingService(contentHostingService); simplePageBean.setSimplePageToolDao(simplePageToolDao); simplePageBean.setForumEntity(forumEntity); simplePageBean.setQuizEntity(quizEntity); simplePageBean.setAssignmentEntity(assignmentEntity); simplePageBean.setBltiEntity(bltiEntity); simplePageBean.setGradebookIfc(gradebookIfc); simplePageBean.setMemoryService(memoryService); simplePageBean.setCurrentSiteId(currentPage.getSiteId()); simplePageBean.setCurrentPage(currentPage); simplePageBean.setCurrentPageId(currentPage.getPageId()); simplePageBean.init(); if (!simplePageBean.isItemAvailable(item, item.getPageId())) { throw new EntityPermissionException(null, null, null); } } accessCache.put(accessKey, "true"); } } else { // normal security. no reason to use advisor if (pushedAdvisor) securityService.popAdvisor(); pushedAdvisor = false; // not uselb -- their allowget, not ours. theirs checks hidden if (!contentHostingService.allowGetResource(id)) { throw new EntityPermissionException(sessionManager.getCurrentSessionUserId(), ContentHostingService.AUTH_RESOURCE_READ, ref.getReference()); } } } // access checks are OK, get the thing // first see if it's not in resources, i.e. // if it doesn't start with /access/content it's something odd. redirect to it. // probably resources access control won't apply to it String url = contentHostingService.getUrl(id); // https://heidelberg.rutgers.edu/access/citation/content/group/24da8519-08c2-4c8c-baeb-8abdfd6c69d7/New%20Citation%20List int n = url.indexOf("//"); if (n > 0) { n = url.indexOf("/", n + 2); if (n > 0) { String path = url.substring(n); if (!path.startsWith("/access/content")) { res.sendRedirect(url); return; } } } ContentResource resource = null; try { resource = contentHostingService.getResource(id); } catch (IdUnusedException e) { throw new EntityNotDefinedException(e.getId()); } catch (PermissionException e) { throw new EntityPermissionException(e.getUser(), e.getLock(), e.getResource()); } catch (TypeException e) { throw new EntityNotDefinedException(id); } // we only do copyright on resources. I.e. not on inline things,which are MULTIMEDIA if (item.getType() == SimplePageItem.RESOURCE && needsCopyright(resource)) { throw new EntityCopyrightException(resource.getReference()); } try { // Wrap it in any filtering needed. resource = contentFilterService.wrap(resource); // following cast is redundant is current kernels, but is needed for Sakai 2.6.1 long len = (long) resource.getContentLength(); String contentType = resource.getContentType(); // for url resource type, encode a redirect to the body URL // in 2.10 have to check resourcetype, but in previous releasese // it doesn't get copied in site copy, so check content type. 10 doesn't set the contenttype to url // so we have to check both to work in all versions if (contentType.equalsIgnoreCase(ResourceProperties.TYPE_URL) || "org.sakaiproject.content.types.urlResource" .equalsIgnoreCase(resource.getResourceType())) { if (len < MAX_URL_LENGTH) { byte[] content = resource.getContent(); if ((content == null) || (content.length == 0)) { throw new IdUnusedException(ref.getReference()); } // An invalid URI format will get caught by the // outermost catch block URI uri = new URI(new String(content, "UTF-8")); eventTrackingService.post( eventTrackingService.newEvent(ContentHostingService.EVENT_RESOURCE_READ, resource.getReference(null), false)); res.sendRedirect(uri.toASCIIString()); } else { // we have a text/url mime type, but the body is too // long to issue as a redirect throw new EntityNotDefinedException(ref.getReference()); } } else { // use the last part, the file name part of the id, for // the download file name String fileName = Web.encodeFileName(req, Validator.getFileName(ref.getId())); String disposition = null; boolean inline = false; if (Validator.letBrowserInline(contentType)) { // type can be inline, but if HTML we have more checks to do if (inlineHtml || (!"text/html".equalsIgnoreCase(contentType) && !"application/xhtml+xml".equals(contentType))) // easy cases: not HTML or HTML always OK inline = true; else { // HTML and html is not allowed globally. code copied from BaseContentServices ResourceProperties rp = resource.getProperties(); boolean fileInline = false; boolean folderInline = false; try { fileInline = rp.getBooleanProperty(ResourceProperties.PROP_ALLOW_INLINE); } catch (EntityPropertyNotDefinedException e) { // we expect this so nothing to do! } if (!fileInline) try { folderInline = resource.getContainingCollection().getProperties() .getBooleanProperty(ResourceProperties.PROP_ALLOW_INLINE); } catch (EntityPropertyNotDefinedException e) { // we expect this so nothing to do! } if (fileInline || folderInline) { inline = true; } } } if (inline) { disposition = "inline; filename=\"" + fileName + "\""; } else { disposition = "attachment; filename=\"" + fileName + "\""; } // NOTE: Only set the encoding on the content we have // to. // Files uploaded by the user may have been created with // different encodings, such as ISO-8859-1; // rather than (sometimes wrongly) saying its UTF-8, let // the browser auto-detect the encoding. // If the content was created through the WYSIWYG // editor, the encoding does need to be set (UTF-8). String encoding = resource.getProperties() .getProperty(ResourceProperties.PROP_CONTENT_ENCODING); if (encoding != null && encoding.length() > 0) { contentType = contentType + "; charset=" + encoding; } // from contenthosting res.addHeader("Cache-Control", "must-revalidate, private"); res.addHeader("Expires", "-1"); ResourceProperties rp = resource.getProperties(); long lastModTime = 0; try { Time modTime = rp.getTimeProperty(ResourceProperties.PROP_MODIFIED_DATE); lastModTime = modTime.getTime(); } catch (Exception e1) { M_log.info("Could not retrieve modified time for: " + resource.getId()); } // KNL-1316 tell the browser when our file was last modified for caching reasons if (lastModTime > 0) { SimpleDateFormat rfc1123Date = new SimpleDateFormat(RFC1123_DATE, LOCALE_US); rfc1123Date.setTimeZone(TimeZone.getTimeZone("GMT")); res.addHeader("Last-Modified", rfc1123Date.format(lastModTime)); } // KNL-1316 let's see if the user already has a cached copy. Code copied and modified from Tomcat DefaultServlet.java long headerValue = req.getDateHeader("If-Modified-Since"); if (headerValue != -1 && (lastModTime < headerValue + 1000)) { // The entity has not been modified since the date specified by the client. This is not an error case. res.setStatus(HttpServletResponse.SC_NOT_MODIFIED); return; } ArrayList<Range> ranges = parseRange(req, res, len); if (req.getHeader("Range") == null || (ranges == null) || (ranges.isEmpty())) { // stream the content using a small buffer to keep memory managed InputStream content = null; OutputStream out = null; try { content = resource.streamContent(); if (content == null) { throw new IdUnusedException(ref.getReference()); } res.setContentType(contentType); res.addHeader("Content-Disposition", disposition); res.addHeader("Accept-Ranges", "bytes"); // http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4187336 if (len <= Integer.MAX_VALUE) { res.setContentLength((int) len); } else { res.addHeader("Content-Length", Long.toString(len)); } // set the buffer of the response to match what we are reading from the request if (len < STREAM_BUFFER_SIZE) { res.setBufferSize((int) len); } else { res.setBufferSize(STREAM_BUFFER_SIZE); } out = res.getOutputStream(); copyRange(content, out, 0, len - 1); } catch (ServerOverloadException e) { throw e; } catch (Exception ignore) { } finally { // be a good little program and close the stream - freeing up valuable system resources if (content != null) { content.close(); } if (out != null) { try { out.close(); } catch (Exception ignore) { } } } // Track event - only for full reads eventTrackingService.post( eventTrackingService.newEvent(ContentHostingService.EVENT_RESOURCE_READ, resource.getReference(null), false)); } else { // Output partial content. Adapted from Apache Tomcat 5.5.27 DefaultServlet.java res.setStatus(HttpServletResponse.SC_PARTIAL_CONTENT); if (ranges.size() == 1) { // Single response Range range = (Range) ranges.get(0); res.addHeader("Content-Range", "bytes " + range.start + "-" + range.end + "/" + range.length); long length = range.end - range.start + 1; if (length < Integer.MAX_VALUE) { res.setContentLength((int) length); } else { // Set the content-length as String to be able to use a long res.setHeader("content-length", "" + length); } res.addHeader("Content-Disposition", disposition); if (contentType != null) { res.setContentType(contentType); } // stream the content using a small buffer to keep memory managed InputStream content = null; OutputStream out = null; try { content = resource.streamContent(); if (content == null) { throw new IdUnusedException(ref.getReference()); } // set the buffer of the response to match what we are reading from the request if (len < STREAM_BUFFER_SIZE) { res.setBufferSize((int) len); } else { res.setBufferSize(STREAM_BUFFER_SIZE); } out = res.getOutputStream(); copyRange(content, out, range.start, range.end); } catch (ServerOverloadException e) { throw e; } catch (SocketException e) { //a socket exception usualy means the client aborted the connection or similar if (M_log.isDebugEnabled()) { M_log.debug("SocketExcetion", e); } } catch (Exception ignore) { } finally { // be a good little program and close the stream - freeing up valuable system resources IOUtils.closeQuietly(content); IOUtils.closeQuietly(out); } } else { // Multipart response res.setContentType("multipart/byteranges; boundary=" + MIME_SEPARATOR); // stream the content using a small buffer to keep memory managed OutputStream out = null; try { // set the buffer of the response to match what we are reading from the request if (len < STREAM_BUFFER_SIZE) { res.setBufferSize((int) len); } else { res.setBufferSize(STREAM_BUFFER_SIZE); } out = res.getOutputStream(); copyRanges(resource, out, ranges.iterator(), contentType); } catch (SocketException e) { //a socket exception usualy means the client aborted the connection or similar if (M_log.isDebugEnabled()) { M_log.debug("SocketExcetion", e); } } catch (Exception ignore) { M_log.error("Swallowing exception", ignore); } finally { // be a good little program and close the stream - freeing up valuable system resources IOUtils.closeQuietly(out); } } // output multiple ranges } // output partial content } } catch (Exception t) { throw new EntityNotDefinedException(ref.getReference()); // following won't work in 2.7.1 // throw new EntityNotDefinedException(ref.getReference(), t); } // not sure why we're trapping exceptions and calling them not defined, but // a few types are needed by the caller } catch (EntityCopyrightException ce) { // copyright exception needs to go as is, to give copyright alert throw ce; } catch (EntityPermissionException pe) { // also want permission exceptions; it will generate a login page throw pe; } catch (Exception ex) { throw new EntityNotDefinedException(ref.getReference()); } finally { if (pushedAdvisor) securityService.popAdvisor(); } } }; }
From source file:org.seedstack.seed.crypto.internal.PasswordLookup.java
@Override public String lookup(String key) { try {/*from www . jav a 2 s. c o m*/ return new String(encryptionService.decrypt(DatatypeConverter.parseHexBinary(key))); } catch (InvalidKeyException e) { throw new RuntimeException("Can not decrypt passwords !", e); } }
From source file:org.seedstack.seed.crypto.internal.PasswordLookupTest.java
/** * Test method for {@link org.seedstack.seed.crypto.internal.PasswordLookup#lookup(java.lang.String)}. * /* w w w .j av a 2s. co m*/ * @throws Exception if an error occurred */ @Test public void testLookupString(@Mocked final AbstractConfiguration configuration, @Mocked final EncryptionService service) throws Exception { final String toDecrypt = "essai crypting"; final String cryptingString = DatatypeConverter.printHexBinary(toDecrypt.getBytes()); new Expectations() { { service.decrypt(DatatypeConverter.parseHexBinary(cryptingString)); result = toDecrypt.getBytes(); } }; PasswordLookup lookup = new PasswordLookup(configuration); Deencapsulation.setField(lookup, "encryptionService", service); Assertions.assertThat(lookup.lookup(cryptingString)).isEqualTo(toDecrypt); }
From source file:org.seedstack.seed.crypto.internal.PasswordLookupTest.java
/** * Test method for {@link org.seedstack.seed.crypto.internal.PasswordLookup#lookup(java.lang.String)}. * /* www. j a v a 2 s. c o m*/ * @throws Exception if an error occurred */ @Test(expected = RuntimeException.class) public void testLookupStringWithInvalidKey(@Mocked final AbstractConfiguration configuration, @Mocked final EncryptionService service) throws Exception { final String toDecrypt = "essai crypting"; final String cryptingString = DatatypeConverter.printHexBinary(toDecrypt.getBytes()); new Expectations() { { service.decrypt(DatatypeConverter.parseHexBinary(cryptingString)); result = new InvalidKeyException("dummy exception"); } }; PasswordLookup lookup = new PasswordLookup(configuration); Deencapsulation.setField(lookup, "encryptionService", service); lookup.lookup(cryptingString); }
From source file:org.slc.sli.api.security.saml.SamlHelper.java
public String getArtifactUrl(String realmId, String artifact) { byte[] sourceId = retrieveSourceId(artifact); Entity realm = realmHelper.findRealmById(realmId); if (realm == null) { LOG.error("Invalid realm: " + realmId); throw new APIAccessDeniedException("Authorization could not be verified."); }/* w w w .ja v a2 s .com*/ Map<String, Object> idp = (Map<String, Object>) realm.getBody().get("idp"); String realmSourceId = (String) idp.get("sourceId"); if (realmSourceId == null || realmSourceId.isEmpty()) { LOG.error("SourceId is not configured properly for realm: " + realmId); throw new APIAccessDeniedException("Authorization could not be verified."); } byte[] realmByteSourceId = DatatypeConverter.parseHexBinary(realmSourceId); if (!Arrays.equals(realmByteSourceId, sourceId)) { LOG.error("SourceId from Artifact does not match configured SourceId for realm: " + realmId); throw new APIAccessDeniedException("Authorization could not be verified."); } return (String) idp.get("artifactResolutionEndpoint"); }
From source file:org.zuinnote.hadoop.bitcoin.format.BitcoinUtil.java
/** * Converts a Hex String to Byte Array. Only used for configuration not for parsing. Hex String is in format of xsd:hexBinary * * @param hexString String in Hex format. * * @return byte array corresponding to String in Hex format * *//*from ww w .j a va 2 s. c o m*/ public static byte[] convertHexStringToByteArray(String hexString) { return DatatypeConverter.parseHexBinary(hexString); }