| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.codec; |
| |
| /** |
| * Provides <a href="http://en.wikipedia.org/wiki/Base64">Base 64</a> encoding and decoding as defined by |
| * <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a>. |
| * <p/> |
| * This class implements section <cite>6.8. Base64 Content-Transfer-Encoding</cite> from RFC 2045 <cite>Multipurpose |
| * Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</cite> by Freed and Borenstein. |
| * <p/> |
| * This class was borrowed from Apache Commons Codec SVN repository (rev. 618419) with modifications |
| * to enable Base64 conversion without a full dependency on Commons Codec. We didn't want to reinvent the wheel of |
| * great work they've done, but also didn't want to force every Shiro user to depend on the commons-codec.jar |
| * <p/> |
| * As per the Apache 2.0 license, the original copyright notice and all author and copyright information have |
| * remained in tact. |
| * |
| * @see <a href="http://en.wikipedia.org/wiki/Base64">Wikipedia: Base 64</a> |
| * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045</a> |
| * @since 0.9 |
| */ |
| public class Base64 { |
| |
| /** |
| * Chunk size per RFC 2045 section 6.8. |
| * <p/> |
| * The character limit does not count the trailing CRLF, but counts all other characters, including any |
| * equal signs. |
| * |
| * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045 section 6.8</a> |
| */ |
| static final int CHUNK_SIZE = 76; |
| |
| /** |
| * Chunk separator per RFC 2045 section 2.1. |
| * |
| * @see <a href="http://www.ietf.org/rfc/rfc2045.txt">RFC 2045 section 2.1</a> |
| */ |
| static final byte[] CHUNK_SEPARATOR = "\r\n".getBytes(); |
| |
| /** |
| * The base length. |
| */ |
| private static final int BASELENGTH = 255; |
| |
| /** |
| * Lookup length. |
| */ |
| private static final int LOOKUPLENGTH = 64; |
| |
| /** |
| * Used to calculate the number of bits in a byte. |
| */ |
| private static final int EIGHTBIT = 8; |
| |
| /** |
| * Used when encoding something which has fewer than 24 bits. |
| */ |
| private static final int SIXTEENBIT = 16; |
| |
| /** |
| * Used to determine how many bits data contains. |
| */ |
| private static final int TWENTYFOURBITGROUP = 24; |
| |
| /** |
| * Used to get the number of Quadruples. |
| */ |
| private static final int FOURBYTE = 4; |
| |
| /** |
| * Used to test the sign of a byte. |
| */ |
| private static final int SIGN = -128; |
| |
| /** |
| * Byte used to pad output. |
| */ |
| private static final byte PAD = (byte) '='; |
| |
| /** |
| * Contains the Base64 values <code>0</code> through <code>63</code> accessed by using character encodings as |
| * indices. |
| * <p/> |
| * <p>For example, <code>base64Alphabet['+']</code> returns <code>62</code>.</p> |
| * <p/> |
| * <p>The value of undefined encodings is <code>-1</code>.</p> |
| */ |
| private static final byte[] base64Alphabet = new byte[BASELENGTH]; |
| |
| /** |
| * <p>Contains the Base64 encodings <code>A</code> through <code>Z</code>, followed by <code>a</code> through |
| * <code>z</code>, followed by <code>0</code> through <code>9</code>, followed by <code>+</code>, and |
| * <code>/</code>.</p> |
| * <p/> |
| * <p>This array is accessed by using character values as indices.</p> |
| * <p/> |
| * <p>For example, <code>lookUpBase64Alphabet[62] </code> returns <code>'+'</code>.</p> |
| */ |
| private static final byte[] lookUpBase64Alphabet = new byte[LOOKUPLENGTH]; |
| |
| // Populating the lookup and character arrays |
| |
| static { |
| for (int i = 0; i < BASELENGTH; i++) { |
| base64Alphabet[i] = (byte) -1; |
| } |
| for (int i = 'Z'; i >= 'A'; i--) { |
| base64Alphabet[i] = (byte) (i - 'A'); |
| } |
| for (int i = 'z'; i >= 'a'; i--) { |
| base64Alphabet[i] = (byte) (i - 'a' + 26); |
| } |
| for (int i = '9'; i >= '0'; i--) { |
| base64Alphabet[i] = (byte) (i - '0' + 52); |
| } |
| |
| base64Alphabet['+'] = 62; |
| base64Alphabet['/'] = 63; |
| |
| for (int i = 0; i <= 25; i++) { |
| lookUpBase64Alphabet[i] = (byte) ('A' + i); |
| } |
| |
| for (int i = 26, j = 0; i <= 51; i++, j++) { |
| lookUpBase64Alphabet[i] = (byte) ('a' + j); |
| } |
| |
| for (int i = 52, j = 0; i <= 61; i++, j++) { |
| lookUpBase64Alphabet[i] = (byte) ('0' + j); |
| } |
| |
| lookUpBase64Alphabet[62] = (byte) '+'; |
| lookUpBase64Alphabet[63] = (byte) '/'; |
| } |
| |
| /** |
| * Returns whether or not the <code>octet</code> is in the base 64 alphabet. |
| * |
| * @param octect The value to test |
| * @return <code>true</code> if the value is defined in the the base 64 alphabet, <code>false</code> otherwise. |
| */ |
| private static boolean isBase64(byte octect) { |
| if (octect == PAD) { |
| return true; |
| } else //noinspection RedundantIfStatement |
| if (octect < 0 || base64Alphabet[octect] == -1) { |
| return false; |
| } else { |
| return true; |
| } |
| } |
| |
| /** |
| * Tests a given byte array to see if it contains only valid characters within the Base64 alphabet. |
| * |
| * @param arrayOctect byte array to test |
| * @return <code>true</code> if all bytes are valid characters in the Base64 alphabet or if the byte array is |
| * empty; false, otherwise |
| */ |
| public static boolean isBase64(byte[] arrayOctect) { |
| |
| arrayOctect = discardWhitespace(arrayOctect); |
| |
| int length = arrayOctect.length; |
| if (length == 0) { |
| // shouldn't a 0 length array be valid base64 data? |
| // return false; |
| return true; |
| } |
| for (int i = 0; i < length; i++) { |
| if (!isBase64(arrayOctect[i])) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| /** |
| * Discards any whitespace from a base-64 encoded block. |
| * |
| * @param data The base-64 encoded data to discard the whitespace from. |
| * @return The data, less whitespace (see RFC 2045). |
| */ |
| static byte[] discardWhitespace(byte[] data) { |
| byte groomedData[] = new byte[data.length]; |
| int bytesCopied = 0; |
| |
| for (byte aByte : data) { |
| switch (aByte) { |
| case (byte) ' ': |
| case (byte) '\n': |
| case (byte) '\r': |
| case (byte) '\t': |
| break; |
| default: |
| groomedData[bytesCopied++] = aByte; |
| } |
| } |
| |
| byte packedData[] = new byte[bytesCopied]; |
| |
| System.arraycopy(groomedData, 0, packedData, 0, bytesCopied); |
| |
| return packedData; |
| } |
| |
| /** |
| * Base64 encodes the specified byte array and then encodes it as a String using Shiro's preferred character |
| * encoding (UTF-8). |
| * |
| * @param bytes the byte array to Base64 encode. |
| * @return a UTF-8 encoded String of the resulting Base64 encoded byte array. |
| */ |
| public static String encodeToString(byte[] bytes) { |
| byte[] encoded = encode(bytes); |
| return CodecSupport.toString(encoded); |
| } |
| |
| /** |
| * Encodes binary data using the base64 algorithm and chunks the encoded output into 76 character blocks |
| * |
| * @param binaryData binary data to encodeToChars |
| * @return Base64 characters chunked in 76 character blocks |
| */ |
| public static byte[] encodeChunked(byte[] binaryData) { |
| return encode(binaryData, true); |
| } |
| |
| /** |
| * Encodes a byte[] containing binary data, into a byte[] containing characters in the Base64 alphabet. |
| * |
| * @param pArray a byte array containing binary data |
| * @return A byte array containing only Base64 character data |
| */ |
| public static byte[] encode(byte[] pArray) { |
| return encode(pArray, false); |
| } |
| |
| /** |
| * Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks. |
| * |
| * @param binaryData Array containing binary data to encodeToChars. |
| * @param isChunked if <code>true</code> this encoder will chunk the base64 output into 76 character blocks |
| * @return Base64-encoded data. |
| * @throws IllegalArgumentException Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE} |
| */ |
| public static byte[] encode(byte[] binaryData, boolean isChunked) { |
| long binaryDataLength = binaryData.length; |
| long lengthDataBits = binaryDataLength * EIGHTBIT; |
| long fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP; |
| long tripletCount = lengthDataBits / TWENTYFOURBITGROUP; |
| long encodedDataLengthLong; |
| int chunckCount = 0; |
| |
| if (fewerThan24bits != 0) { |
| // data not divisible by 24 bit |
| encodedDataLengthLong = (tripletCount + 1) * 4; |
| } else { |
| // 16 or 8 bit |
| encodedDataLengthLong = tripletCount * 4; |
| } |
| |
| // If the output is to be "chunked" into 76 character sections, |
| // for compliance with RFC 2045 MIME, then it is important to |
| // allow for extra length to account for the separator(s) |
| if (isChunked) { |
| |
| chunckCount = (CHUNK_SEPARATOR.length == 0 ? 0 : (int) Math |
| .ceil((float) encodedDataLengthLong / CHUNK_SIZE)); |
| encodedDataLengthLong += chunckCount * CHUNK_SEPARATOR.length; |
| } |
| |
| if (encodedDataLengthLong > Integer.MAX_VALUE) { |
| throw new IllegalArgumentException( |
| "Input array too big, output array would be bigger than Integer.MAX_VALUE=" + Integer.MAX_VALUE); |
| } |
| int encodedDataLength = (int) encodedDataLengthLong; |
| byte encodedData[] = new byte[encodedDataLength]; |
| |
| byte k, l, b1, b2, b3; |
| |
| int encodedIndex = 0; |
| int dataIndex; |
| int i; |
| int nextSeparatorIndex = CHUNK_SIZE; |
| int chunksSoFar = 0; |
| |
| // log.debug("number of triplets = " + numberTriplets); |
| for (i = 0; i < tripletCount; i++) { |
| dataIndex = i * 3; |
| b1 = binaryData[dataIndex]; |
| b2 = binaryData[dataIndex + 1]; |
| b3 = binaryData[dataIndex + 2]; |
| |
| // log.debug("b1= " + b1 +", b2= " + b2 + ", b3= " + b3); |
| |
| l = (byte) (b2 & 0x0f); |
| k = (byte) (b1 & 0x03); |
| |
| byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0); |
| byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0); |
| byte val3 = ((b3 & SIGN) == 0) ? (byte) (b3 >> 6) : (byte) ((b3) >> 6 ^ 0xfc); |
| |
| encodedData[encodedIndex] = lookUpBase64Alphabet[val1]; |
| // log.debug( "val2 = " + val2 ); |
| // log.debug( "k4 = " + (k<<4) ); |
| // log.debug( "vak = " + (val2 | (k<<4)) ); |
| encodedData[encodedIndex + 1] = lookUpBase64Alphabet[val2 | (k << 4)]; |
| encodedData[encodedIndex + 2] = lookUpBase64Alphabet[(l << 2) | val3]; |
| encodedData[encodedIndex + 3] = lookUpBase64Alphabet[b3 & 0x3f]; |
| |
| encodedIndex += 4; |
| |
| // If we are chunking, let's put a chunk separator down. |
| if (isChunked) { |
| // this assumes that CHUNK_SIZE % 4 == 0 |
| if (encodedIndex == nextSeparatorIndex) { |
| System.arraycopy(CHUNK_SEPARATOR, 0, encodedData, encodedIndex, CHUNK_SEPARATOR.length); |
| chunksSoFar++; |
| nextSeparatorIndex = (CHUNK_SIZE * (chunksSoFar + 1)) + (chunksSoFar * CHUNK_SEPARATOR.length); |
| encodedIndex += CHUNK_SEPARATOR.length; |
| } |
| } |
| } |
| |
| // form integral number of 6-bit groups |
| dataIndex = i * 3; |
| |
| if (fewerThan24bits == EIGHTBIT) { |
| b1 = binaryData[dataIndex]; |
| k = (byte) (b1 & 0x03); |
| // log.debug("b1=" + b1); |
| // log.debug("b1<<2 = " + (b1>>2) ); |
| byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0); |
| encodedData[encodedIndex] = lookUpBase64Alphabet[val1]; |
| encodedData[encodedIndex + 1] = lookUpBase64Alphabet[k << 4]; |
| encodedData[encodedIndex + 2] = PAD; |
| encodedData[encodedIndex + 3] = PAD; |
| } else if (fewerThan24bits == SIXTEENBIT) { |
| |
| b1 = binaryData[dataIndex]; |
| b2 = binaryData[dataIndex + 1]; |
| l = (byte) (b2 & 0x0f); |
| k = (byte) (b1 & 0x03); |
| |
| byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0); |
| byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0); |
| |
| encodedData[encodedIndex] = lookUpBase64Alphabet[val1]; |
| encodedData[encodedIndex + 1] = lookUpBase64Alphabet[val2 | (k << 4)]; |
| encodedData[encodedIndex + 2] = lookUpBase64Alphabet[l << 2]; |
| encodedData[encodedIndex + 3] = PAD; |
| } |
| |
| if (isChunked) { |
| // we also add a separator to the end of the final chunk. |
| if (chunksSoFar < chunckCount) { |
| System.arraycopy(CHUNK_SEPARATOR, 0, encodedData, encodedDataLength - CHUNK_SEPARATOR.length, |
| CHUNK_SEPARATOR.length); |
| } |
| } |
| |
| return encodedData; |
| } |
| |
| /** |
| * Converts the specified UTF-8 Base64 encoded String and decodes it to a resultant UTF-8 encoded string. |
| * |
| * @param base64Encoded a UTF-8 Base64 encoded String |
| * @return the decoded String, UTF-8 encoded. |
| */ |
| public static String decodeToString(String base64Encoded) { |
| byte[] encodedBytes = CodecSupport.toBytes(base64Encoded); |
| return decodeToString(encodedBytes); |
| } |
| |
| /** |
| * Decodes the specified Base64 encoded byte array and returns the decoded result as a UTF-8 encoded. |
| * |
| * @param base64Encoded a Base64 encoded byte array |
| * @return the decoded String, UTF-8 encoded. |
| */ |
| public static String decodeToString(byte[] base64Encoded) { |
| byte[] decoded = decode(base64Encoded); |
| return CodecSupport.toString(decoded); |
| } |
| |
| /** |
| * Converts the specified UTF-8 Base64 encoded String and decodes it to a raw Base64 decoded byte array. |
| * |
| * @param base64Encoded a UTF-8 Base64 encoded String |
| * @return the raw Base64 decoded byte array. |
| */ |
| public static byte[] decode(String base64Encoded) { |
| byte[] bytes = CodecSupport.toBytes(base64Encoded); |
| return decode(bytes); |
| } |
| |
| /** |
| * Decodes Base64 data into octets |
| * |
| * @param base64Data Byte array containing Base64 data |
| * @return Array containing decoded data. |
| */ |
| public static byte[] decode(byte[] base64Data) { |
| // RFC 2045 requires that we discard ALL non-Base64 characters |
| base64Data = discardNonBase64(base64Data); |
| |
| // handle the edge case, so we don't have to worry about it later |
| if (base64Data.length == 0) { |
| return new byte[0]; |
| } |
| |
| int numberQuadruple = base64Data.length / FOURBYTE; |
| byte decodedData[]; |
| byte b1, b2, b3, b4, marker0, marker1; |
| |
| // Throw away anything not in base64Data |
| |
| int encodedIndex = 0; |
| int dataIndex; |
| { |
| // this sizes the output array properly - rlw |
| int lastData = base64Data.length; |
| // ignore the '=' padding |
| while (base64Data[lastData - 1] == PAD) { |
| if (--lastData == 0) { |
| return new byte[0]; |
| } |
| } |
| decodedData = new byte[lastData - numberQuadruple]; |
| } |
| |
| for (int i = 0; i < numberQuadruple; i++) { |
| dataIndex = i * 4; |
| marker0 = base64Data[dataIndex + 2]; |
| marker1 = base64Data[dataIndex + 3]; |
| |
| b1 = base64Alphabet[base64Data[dataIndex]]; |
| b2 = base64Alphabet[base64Data[dataIndex + 1]]; |
| |
| if (marker0 != PAD && marker1 != PAD) { |
| // No PAD e.g 3cQl |
| b3 = base64Alphabet[marker0]; |
| b4 = base64Alphabet[marker1]; |
| |
| decodedData[encodedIndex] = (byte) (b1 << 2 | b2 >> 4); |
| decodedData[encodedIndex + 1] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)); |
| decodedData[encodedIndex + 2] = (byte) (b3 << 6 | b4); |
| } else if (marker0 == PAD) { |
| // Two PAD e.g. 3c[Pad][Pad] |
| decodedData[encodedIndex] = (byte) (b1 << 2 | b2 >> 4); |
| } else { |
| // One PAD e.g. 3cQ[Pad] |
| b3 = base64Alphabet[marker0]; |
| decodedData[encodedIndex] = (byte) (b1 << 2 | b2 >> 4); |
| decodedData[encodedIndex + 1] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)); |
| } |
| encodedIndex += 3; |
| } |
| return decodedData; |
| } |
| |
| /** |
| * Discards any characters outside of the base64 alphabet, per the requirements on page 25 of RFC 2045 - "Any |
| * characters outside of the base64 alphabet are to be ignored in base64 encoded data." |
| * |
| * @param data The base-64 encoded data to groom |
| * @return The data, less non-base64 characters (see RFC 2045). |
| */ |
| static byte[] discardNonBase64(byte[] data) { |
| byte groomedData[] = new byte[data.length]; |
| int bytesCopied = 0; |
| |
| for (byte aByte : data) { |
| if (isBase64(aByte)) { |
| groomedData[bytesCopied++] = aByte; |
| } |
| } |
| |
| byte packedData[] = new byte[bytesCopied]; |
| |
| System.arraycopy(groomedData, 0, packedData, 0, bytesCopied); |
| |
| return packedData; |
| } |
| |
| } |