From 8c3882dd90a170047c608de560feecca7b34a15e Mon Sep 17 00:00:00 2001
From: Sinisa Veseli <sveseli@aps.anl.gov>
Date: Fri, 6 Nov 2015 20:42:18 +0000
Subject: [PATCH] refactored utilities; use classes from common area wherever
possible
---
.../portal/utilities/CollectionUtility.java | 66 --------------
.../aps/dm/portal/utilities/CryptUtility.java | 76 ----------------
.../aps/dm/portal/utilities/DateUtility.java | 12 ---
.../aps/dm/portal/utilities/LdapUtility.java | 67 --------------
.../dm/portal/utilities/NoOpTrustManager.java | 32 -------
.../NoServerVerificationSSLSocketFactory.java | 89 -------------------
.../dm/portal/utilities/ObjectUtility.java | 15 ----
.../dm/portal/utilities/StringUtility.java | 15 ----
8 files changed, 372 deletions(-)
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CollectionUtility.java
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CryptUtility.java
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/DateUtility.java
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/LdapUtility.java
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoOpTrustManager.java
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoServerVerificationSSLSocketFactory.java
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/ObjectUtility.java
delete mode 100644 src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/StringUtility.java
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CollectionUtility.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CollectionUtility.java
deleted file mode 100644
index 2031bf45..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CollectionUtility.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package gov.anl.aps.dm.portal.utilities;
-
-import java.util.List;
-import java.util.ListIterator;
-import javax.faces.model.SelectItem;
-
-public class CollectionUtility
-{
-
- public static SelectItem[] getSelectItems(List<?> entities, boolean selectOne) {
- int size = selectOne ? entities.size() + 1 : entities.size();
- SelectItem[] items = new SelectItem[size];
- int i = 0;
- if (selectOne) {
- items[0] = new SelectItem("", "Select");
- i++;
- }
- for (Object x : entities) {
- items[i++] = new SelectItem(x, x.toString());
- }
- return items;
- }
-
- public static String displayItemList(List<?> list, String beginDelimiter, String itemDelimiter, String endDelimiter) {
- String result = beginDelimiter;
- boolean addItemDelimiter = false;
- if (list != null) {
- for (Object item : list) {
- if (!addItemDelimiter) {
- addItemDelimiter = true;
- }
- else {
- result += itemDelimiter;
- }
- result += item.toString();
- }
- }
- result += endDelimiter;
- return result;
- }
-
- public static String displayItemListWithoutOutsideDelimiters(List<?> list, String itemDelimiter) {
- String beginDelimiter = "";
- String endDelimiter = "";
- return displayItemList(list, beginDelimiter, itemDelimiter, endDelimiter);
- }
-
- public static String displayItemListWithoutDelimiters(List<?> list) {
- String beginDelimiter = "";
- String itemDelimiter = "";
- String endDelimiter = "";
- return displayItemList(list, beginDelimiter, itemDelimiter, endDelimiter);
- }
-
- public static void removeNullReferencesFromList(List<?> list) {
- if (list == null) {
- return;
- }
- ListIterator iterator = list.listIterator();
- while (iterator.hasNext()) {
- if (iterator.next() == null) {
- iterator.remove();
- }
- }
- }
-}
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CryptUtility.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CryptUtility.java
deleted file mode 100644
index a6600e8b..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/CryptUtility.java
+++ /dev/null
@@ -1,76 +0,0 @@
-package gov.anl.aps.dm.portal.utilities;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.spec.InvalidKeySpecException;
-import java.util.Random;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import org.apache.log4j.Logger;
-import org.primefaces.util.Base64;
-
-public class CryptUtility {
-
- private static final Logger logger = Logger.getLogger(CryptUtility.class.getName());
-
- private static final String SECRET_KEY_FACTORY_TYPE = "PBKDF2WithHmacSHA1";
- private static final int PBDKF2_ITERATIONS = 1003;
- private static final int PBDKF2_KEY_LENGTH_IN_BITS = 192;
- private static final int SALT_LENGTH_IN_BYTES = 4;
- private static final char[] SALT_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".toCharArray();
- private static final String SALT_DELIMITER = "$";
-
- public static String randomString(char[] characterSet, int length) {
- Random random = new SecureRandom();
- char[] result = new char[length];
- for (int i = 0; i < result.length; i++) {
- // picks a random index out of character set > random character
- int randomCharIndex = random.nextInt(characterSet.length);
- result[i] = characterSet[randomCharIndex];
- }
- return new String(result);
- }
-
- public static String cryptPasswordWithPbkdf2(String password) {
- String salt = randomString(SALT_CHARSET, SALT_LENGTH_IN_BYTES);
- return saltAndCryptPasswordWithPbkdf2(password, salt);
- }
-
- public static String saltAndCryptPasswordWithPbkdf2(String password, String salt) {
- char[] passwordChars = password.toCharArray();
- byte[] saltBytes = salt.getBytes();
-
- PBEKeySpec spec = new PBEKeySpec(
- passwordChars,
- saltBytes,
- PBDKF2_ITERATIONS,
- PBDKF2_KEY_LENGTH_IN_BITS
- );
- SecretKeyFactory key;
- try {
- key = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_TYPE);
- byte[] hashedPassword = key.generateSecret(spec).getEncoded();
- String encodedPassword = Base64.encodeToString(hashedPassword, true);
- return salt + SALT_DELIMITER + encodedPassword;
- } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {
- // Should not happen
- logger.error("Password cannot be crypted: " + ex);
- }
- return null;
- }
-
- public static boolean verifyPasswordWithPbkdf2(String password, String cryptedPassword) {
- int saltEnd = cryptedPassword.indexOf(SALT_DELIMITER);
- String salt = cryptedPassword.substring(0,saltEnd);
- return cryptedPassword.equals(saltAndCryptPasswordWithPbkdf2(password, salt));
- }
-
-
- public static void main(String[] args) {
- String password = "cdb";
- System.out.println("Original password: " + password);
- String cryptedPassword = cryptPasswordWithPbkdf2(password);
- System.out.println("Crypted password: " + cryptedPassword);
- System.out.println("Verified: " + verifyPasswordWithPbkdf2(password, cryptedPassword));
- }
-}
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/DateUtility.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/DateUtility.java
deleted file mode 100644
index db70bd90..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/DateUtility.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package gov.anl.aps.dm.portal.utilities;
-
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-public class DateUtility
-{
- private static final SimpleDateFormat DateTimeFormat = new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
- public static String getCurrentDateTime() {
- return DateTimeFormat.format(new Date());
- }
-}
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/LdapUtility.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/LdapUtility.java
deleted file mode 100644
index dfc07180..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/LdapUtility.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
-package gov.anl.aps.dm.portal.utilities;
-
-import java.util.Hashtable;
-import javax.naming.Context;
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import org.apache.log4j.Logger;
-
-/**
- *
- * @author sveseli
- */
-public class LdapUtility
-{
-
- private static final String LdapUrlPropertyName = "dm.portal.ldapUrl";
- private static final String LdapDnStringPropertyName = "dm.portal.ldapDnString";
- private static final String ldapUrl = ConfigurationUtility.getPortalProperty(LdapUrlPropertyName);
- private static final String ldapDnString = ConfigurationUtility.getPortalProperty(LdapDnStringPropertyName);
-
- private static final Logger logger = Logger.getLogger(LdapUtility.class.getName());
-
- /**
- * Use username and password to attempt initial connection and bind with APS
- * LDAP server. Successful connection implies that credentials are accepted.
- *
- * @param username username
- * @param password password
- *
- * @return true if valid, false otherwise
- */
- public final static boolean validateCredentials(String username, String password) {
-
- // dump out immediately if not given password
- if (password.isEmpty()) {
- return false;
- }
-
- boolean validated = false;
- Hashtable env = new Hashtable();
- String dn = ldapDnString.replace("USERNAME", username);
- logger.debug("Authenticating: " + dn);
- env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.PROVIDER_URL, ldapUrl);
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_PRINCIPAL, dn);
- env.put(Context.SECURITY_CREDENTIALS, password);
- // the below property allows us to circumvent server certificate checks
- env.put("java.naming.ldap.factory.socket", "gov.anl.aps.dm.portal.utilities.NoServerVerificationSSLSocketFactory");
-
- try {
- DirContext ctx = new InitialDirContext(env);
- validated = true;
- }
- catch (NamingException ex) {
- ex.printStackTrace();
- }
- return validated;
- }
-
-}
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoOpTrustManager.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoOpTrustManager.java
deleted file mode 100644
index 972792fb..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoOpTrustManager.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package gov.anl.aps.dm.portal.utilities;
-
-import java.security.cert.X509Certificate;
-import javax.net.ssl.X509TrustManager;
-
-/**
- * A trivial implementation of <code>X509TrustManager</code> that doesn't
- * actually check the validity of a certificate. This allows us to make
- * SSL connections to internal servers without requiring the installation
- * and maintenance of certificates in the client keystore.
- *
- * @see NoServerVerificationSSLSocketFactory
- */
-public class NoOpTrustManager implements X509TrustManager
-{
-
- @Override
- public void checkClientTrusted(X509Certificate[] cert, String authType)
- {
- }
-
- @Override
- public void checkServerTrusted(X509Certificate[] cert, String authType)
- {
- }
-
- @Override
- public X509Certificate[] getAcceptedIssuers()
- {
- return new X509Certificate[0];
- }
-}
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoServerVerificationSSLSocketFactory.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoServerVerificationSSLSocketFactory.java
deleted file mode 100644
index d13f7f6c..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/NoServerVerificationSSLSocketFactory.java
+++ /dev/null
@@ -1,89 +0,0 @@
-package gov.anl.aps.dm.portal.utilities;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
-/**
- * A minor extension of <code>SSLSocketFactory</code> that installs
- * a dummy trust manager. This allows creation of SSL sockets that don't
- * verify the server certificates.
- *
- * @see NoOpTrustManager
- */
-public class NoServerVerificationSSLSocketFactory extends SSLSocketFactory
-{
- private SSLSocketFactory factory;
- public NoServerVerificationSSLSocketFactory()
- {
- try {
- TrustManager tm = new NoOpTrustManager();
- SSLContext sslcontext = SSLContext.getInstance("TLS");
- sslcontext.init( null, // No KeyManager required
- new TrustManager[] {tm},
- new java.security.SecureRandom());
-
- factory = (SSLSocketFactory)sslcontext.getSocketFactory();
-
- }
- catch(KeyManagementException | NoSuchAlgorithmException ex) {
- ex.printStackTrace();
- }
- }
-
- public static SocketFactory getDefault() {
- return new NoServerVerificationSSLSocketFactory();
- }
-
- @Override
- public Socket createSocket(Socket socket, String s, int i, boolean flag)
- throws IOException
- {
- return factory.createSocket( socket, s, i, flag);
- }
-
- @Override
- public Socket createSocket(InetAddress inaddr, int i, InetAddress inaddr1, int j)
- throws IOException
- {
- return factory.createSocket(inaddr, i, inaddr1, j);
- }
-
- @Override
- public Socket createSocket(InetAddress inaddr, int i) throws IOException
- {
- return factory.createSocket(inaddr, i);
- }
-
- @Override
- public Socket createSocket(String s, int i, InetAddress inaddr, int j)
- throws IOException
- {
- return factory.createSocket(s, i, inaddr, j);
- }
-
- @Override
- public Socket createSocket(String s, int i) throws IOException
- {
- return factory.createSocket(s, i);
- }
-
- @Override
- public String[] getDefaultCipherSuites()
- {
- return factory.getSupportedCipherSuites();
- }
-
- @Override
- public String[] getSupportedCipherSuites()
- {
- return factory.getSupportedCipherSuites();
- }
-
-}
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/ObjectUtility.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/ObjectUtility.java
deleted file mode 100644
index 6950b455..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/ObjectUtility.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package gov.anl.aps.dm.portal.utilities;
-
-
-public class ObjectUtility
-{
- public static <Type> boolean equals(Type object1, Type object2) {
- if (object1 == null && object2 == null) {
- return true;
- }
- if (object1 == null || object2 == null) {
- return false;
- }
- return object1.equals(object2);
- }
-}
diff --git a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/StringUtility.java b/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/StringUtility.java
deleted file mode 100644
index aeedb7b5..00000000
--- a/src/java/DmWebPortal/src/java/gov/anl/aps/dm/portal/utilities/StringUtility.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package gov.anl.aps.dm.portal.utilities;
-
-
-public class StringUtility
-{
- public static boolean equals(CharSequence cs1, CharSequence cs2) {
- if (cs1 == null && cs2 == null) {
- return true;
- }
- if (cs1 == null || cs2 == null) {
- return false;
- }
- return cs1.equals(cs2);
- }
-}
--
GitLab