From 7d4b00963124e0be7680a401f8dfb1ad5e2e6846 Mon Sep 17 00:00:00 2001
From: michi <mrjato@uvigo.es>
Date: Thu, 5 Feb 2015 00:39:19 +0100
Subject: [PATCH] Java 8 native SHA-256 and Base64 native algorithms.

Dependency with Apache Commons Codec was removed and now the native Java
8 utilities for SHA-256 and Base64 encoding and decoding is used.
---
 pom.xml                                       |  7 ---
 .../java/es/uvigo/esei/daa/dao/UsersDAO.java  | 46 +++++++++++++++----
 2 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/pom.xml b/pom.xml
index 1986eaa..fe8c714 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,6 @@
 		<maven.compiler.target>1.8</maven.compiler.target>
 		<jersey.version>2.15</jersey.version>
 		<mysql.version>5.1.34</mysql.version>
-		<commons.codec.version>1.10</commons.codec.version>
 		<commons.dbcp.version>1.4</commons.dbcp.version>
 		<java.servlet.version>3.0.1</java.servlet.version>
 		<junit.version>4.12</junit.version>
@@ -55,12 +54,6 @@
 			<version>${mysql.version}</version>
 		</dependency>
 
-		<dependency>
-			<groupId>commons-codec</groupId>
-			<artifactId>commons-codec</artifactId>
-			<version>${commons.codec.version}</version>
-		</dependency>
-
 		<!-- Test Scope -->
 		<dependency>
 			<groupId>junit</groupId>
diff --git a/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java b/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java
index b05fdd4..7015600 100644
--- a/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java
+++ b/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java
@@ -1,15 +1,15 @@
 package es.uvigo.esei.daa.dao;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.util.Base64;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
-
 public class UsersDAO extends DAO {
 	private final static Logger LOG = Logger.getLogger("UsersDAO");
 	
@@ -23,10 +23,10 @@ public class UsersDAO extends DAO {
 				try (ResultSet result = statement.executeQuery()) {
 					if (result.next()) {
 						final String dbPassword = result.getString("password");
-						final String shaPassword = DigestUtils.sha256Hex(password);
+						final String shaPassword = encodeSha256(password);
 						
 						if (shaPassword.equals(dbPassword)) {
-							return new String(Base64.encodeBase64((login + ":" + password).getBytes()));
+							return encodeBase64(login + ":" + password);
 						} else {
 							return null;
 						}
@@ -43,7 +43,7 @@ public class UsersDAO extends DAO {
 	
 	public String checkToken(String token)
 	throws DAOException, IllegalArgumentException {
-		final String decodedToken = new String(Base64.decodeBase64(token.getBytes()));
+		final String decodedToken = decodeBase64(token);
 		final int colonIndex = decodedToken.indexOf(':');
 		
 		if (colonIndex < 0 || colonIndex == decodedToken.length()-1) {
@@ -51,9 +51,7 @@ public class UsersDAO extends DAO {
 		}
 		
 		final String login = decodedToken.substring(0, decodedToken.indexOf(':'));
-		final String password = DigestUtils.sha256Hex(
-			decodedToken.substring(decodedToken.indexOf(':') + 1)
-		);
+		final String password = encodeSha256(decodedToken.substring(decodedToken.indexOf(':') + 1));
 		
 		try (final Connection conn = this.getConnection()) {
 			final String query = "SELECT password FROM users WHERE login=?";
@@ -76,4 +74,34 @@ public class UsersDAO extends DAO {
 			throw new DAOException(e);
 		}
 	}
+	
+	private final static String decodeBase64(String text) {
+		return new String(Base64.getDecoder().decode(text.getBytes()));
+	}
+	
+	private final static String encodeBase64(String text) {
+		return Base64.getEncoder().encodeToString(text.getBytes());
+	}
+	
+	private final static String encodeSha256(String text) {
+		try {
+			final MessageDigest digest = MessageDigest.getInstance("SHA-256");
+			final byte[] digested = digest.digest(text.getBytes());
+			
+			return hexToString(digested);
+		} catch (NoSuchAlgorithmException e) {
+			LOG.log(Level.SEVERE, "SHA-256 not supported", e);
+			throw new RuntimeException(e);
+		}
+	}
+	
+	private final static String hexToString(byte[] hex) {
+		final StringBuilder sb = new StringBuilder();
+		
+		for (byte b : hex) {
+			sb.append(String.format("%02x", b & 0xff));
+		}
+		
+		return sb.toString();
+	}
 }
-- 
2.18.1