Skip to content

Commit c2b70e8

Browse files
committed
Merge tag 'tags/commons-codec-1.12'
Tagging commons-codec-1.12 from RC3
2 parents 1588087 + 0082c9e commit c2b70e8

13 files changed

Lines changed: 296 additions & 53 deletions

File tree

README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -46,9 +46,9 @@ Apache Commons Codec
4646
[![Build Status](https://travis-ci.org/apache/commons-codec.svg?branch=trunk)](https://travis-ci.org/apache/commons-codec)
4747
[![Coverage Status](https://coveralls.io/repos/apache/commons-codec/badge.svg?branch=trunk)](https://coveralls.io/r/apache/commons-codec)
4848

49-
The Apache Commons Codec package contains simple encoder and decoders for
50-
various formats such as Base64 and Hexadecimal. In addition to these
51-
widely used encoders and decoders, the codec package also maintains a
49+
The Apache Commons Codec package contains simple encoder and decoders for
50+
various formats such as Base64 and Hexadecimal. In addition to these
51+
widely used encoders and decoders, the codec package also maintains a
5252
collection of phonetic encoding utilities.
5353

5454
Documentation
@@ -68,7 +68,7 @@ Alternatively you can pull it from the central Maven repositories:
6868
<dependency>
6969
<groupId>commons-codec</groupId>
7070
<artifactId>commons-codec</artifactId>
71-
<version>1.11</version>
71+
<version>1.12</version>
7272
</dependency>
7373
```
7474

RELEASE-NOTES.txt

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,33 @@
1+
Apache Commons Codec 1.12 RELEASE NOTES
2+
3+
The Apache Commons Codec team is pleased to announce the commons-codec-1.12 release!
4+
5+
The Apache Commons Codec package contains simple encoder and decoders for
6+
various formats such as Base64 and Hexadecimal. In addition to these
7+
widely used encoders and decoders, the codec package also maintains a
8+
collection of phonetic encoding utilities.
9+
10+
Changes in this version include:
11+
12+
New features:
13+
o Add Percent-Encoding Codec (described in RFC3986 and RFC7578) Issue: CODEC-240. Thanks to Ioannis Sermetziadis.
14+
o Add SHA-3 methods in DigestUtils Issue: CODEC-251. Thanks to Gary Gregory.
15+
16+
Fixed Bugs:
17+
o B64 salt generator: Random -> ThreadLocalRandom Issue: CODEC-252.
18+
o Wrong value calculated by Cologne Phonetic if a special character is placed between equal letters Issue: CODEC-250. Thanks to Alex Volodko.
19+
o ColognePhoneticTest.testIsEncodeEquals missing assertions Issue: CODEC-246. Thanks to Oscar Luis Vera Pérez.
20+
21+
Changes:
22+
o Update from Java 7 to Java 8 Issue: CODEC-253.
23+
24+
25+
Have fun!
26+
-Apache Commons Codec team
27+
28+
29+
-------------------------------------------------------------------------------
30+
131
Apache Commons Codec 1.11 RELEASE NOTES
232

333
The Apache Commons Codec team is pleased to announce the commons-codec-1.11-SNAPSHOT release!

pom.xml

Lines changed: 33 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ limitations under the License.
3030
<groupId>commons-codec</groupId>
3131
<artifactId>commons-codec</artifactId>
3232
<!-- Remember to update the version in default.properties as well -->
33-
<version>1.12-SNAPSHOT</version>
33+
<version>1.12</version>
3434
<name>Apache Commons Codec</name>
3535
<inceptionYear>2002</inceptionYear>
3636
<description>
@@ -45,9 +45,9 @@ limitations under the License.
4545
<url>http://issues.apache.org/jira/browse/CODEC</url>
4646
</issueManagement>
4747
<scm>
48-
<connection>scm:svn:http://svn.apache.org/repos/asf/commons/proper/codec/trunk</connection>
49-
<developerConnection>scm:svn:https://svn.apache.org/repos/asf/commons/proper/codec/trunk</developerConnection>
50-
<url>http://svn.apache.org/viewvc/commons/proper/codec/trunk</url>
48+
<connection>scm:git:https://gitbox.apache.org/repos/asf?p=commons-codec.git</connection>
49+
<developerConnection>scm:git:https://gitbox.apache.org/repos/asf?p=commons-codec.git</developerConnection>
50+
<url>https://github.com/apache/commons-codec</url>
5151
</scm>
5252
<distributionManagement>
5353
<site>
@@ -112,6 +112,11 @@ limitations under the License.
112112
<id>tn</id>
113113
<email>tn@apache.org</email>
114114
</developer>
115+
<developer>
116+
<name>Rob Tompkins</name>
117+
<id>chtompki</id>
118+
<email>chtompki@apache.org</email>
119+
</developer>
115120
</developers>
116121
<contributors>
117122
<contributor>
@@ -223,9 +228,6 @@ limitations under the License.
223228
<maven.compiler.target>1.7</maven.compiler.target>
224229
<commons.componentid>codec</commons.componentid>
225230
<commons.module.name>org.apache.commons.codec</commons.module.name>
226-
<commons.release.version>1.12</commons.release.version>
227-
<!-- The RC version used in the staging repository URL. -->
228-
<commons.rc.version>RC1</commons.rc.version>
229231
<commons.jira.id>CODEC</commons.jira.id>
230232
<commons.jira.pid>12310464</commons.jira.pid>
231233
<!-- Ensure copies work OK (can be removed later when this is in parent POM) -->
@@ -234,6 +236,23 @@ limitations under the License.
234236
<commons.encoding>UTF-8</commons.encoding>
235237
<checkstyle.header.file>${basedir}/LICENSE-header.txt</checkstyle.header.file>
236238
<checkstyle.version>2.17</checkstyle.version>
239+
240+
<commons.jacoco.version>0.8.3</commons.jacoco.version>
241+
242+
<!-- generate report even if there are binary incompatible changes -->
243+
<commons.japicmp.breakBuildOnBinaryIncompatibleModifications>false</commons.japicmp.breakBuildOnBinaryIncompatibleModifications>
244+
<!-- 0.12.0 dies with a NullPointerException -->
245+
<commons.japicmp.version>0.13.0</commons.japicmp.version>
246+
<japicmp.skip>false</japicmp.skip>
247+
248+
<!-- Commons Release Plugin -->
249+
<commons.bc.version>1.11</commons.bc.version>
250+
<commons.rc.version>RC3</commons.rc.version>
251+
<commons.release-plugin.version>1.5</commons.release-plugin.version>
252+
<commons.release.isDistModule>true</commons.release.isDistModule>
253+
<commons.distSvnStagingUrl>scm:svn:https://dist.apache.org/repos/dist/dev/commons/${commons.componentid}</commons.distSvnStagingUrl>
254+
<commons.releaseManagerName>Rob Tompkins</commons.releaseManagerName>
255+
<commons.releaseManagerKey>B6E73D84EA4FCC47166087253FAAD2CD5ECBB314</commons.releaseManagerKey>
237256
</properties>
238257
<build>
239258
<defaultGoal>clean verify apache-rat:check clirr:check javadoc:javadoc</defaultGoal>
@@ -249,6 +268,13 @@ limitations under the License.
249268
</ignorePathsToDelete>
250269
</configuration>
251270
</plugin>
271+
<plugin>
272+
<groupId>com.github.siom79.japicmp</groupId>
273+
<artifactId>japicmp-maven-plugin</artifactId>
274+
<configuration>
275+
<skip>false</skip>
276+
</configuration>
277+
</plugin>
252278
</plugins>
253279
</pluginManagement>
254280
<plugins>

src/changes/changes.xml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,11 @@ The <action> type attribute can be add,update,fix,remove.
4242
<author>Apache Commons Developers</author>
4343
</properties>
4444
<body>
45-
<release version="1.12" date="2019-MM-DD" description="Feature and fix release.">
45+
46+
<release version="1.12" date="2019-02-04" description="Feature and fix release.">
4647
<!-- The first attribute below should be the issue id; makes it easier to navigate in the IDE outline -->
48+
<action issue="CODEC-253" dev="chtompki" type="update">Update from Java 7 to Java 8</action>
49+
<action issue="CODEC-252" dev="chtompki" type="fix">B64 salt generator: Random -> ThreadLocalRandom</action>
4750
<action issue="CODEC-250" dev="sebb" type="fix" due-to="Alex Volodko">Wrong value calculated by Cologne Phonetic if a special character is placed between equal letters</action>
4851
<action issue="CODEC-244" dev="ggregory" type="update">Update from Java 6 to Java 7</action>
4952
<action issue="CODEC-240" dev="ggregory" type="add" due-to="Ioannis Sermetziadis">Add Percent-Encoding Codec (described in RFC3986 and RFC7578)</action>

src/main/java/org/apache/commons/codec/digest/B64.java

Lines changed: 26 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,9 @@
1616
*/
1717
package org.apache.commons.codec.digest;
1818

19-
import java.util.concurrent.ThreadLocalRandom;
19+
import java.security.NoSuchAlgorithmException;
20+
import java.security.SecureRandom;
21+
import java.util.Random;
2022

2123
/**
2224
* Base64-like method to convert binary bytes into ASCII chars.
@@ -68,21 +70,34 @@ static void b64from24bit(final byte b2, final byte b1, final byte b0, final int
6870
}
6971
}
7072

73+
/**
74+
* Generates a string of random chars from the B64T set.
75+
* <p>
76+
* The salt is generated with {@link SecureRandom}.
77+
* </p>
78+
*
79+
* @param num Number of chars to generate.
80+
* @return a random salt {@link String}.
81+
*/
82+
static String getRandomSalt(final int num) {
83+
return getRandomSalt(num, new SecureRandom());
84+
}
85+
7186
/**
7287
* Generates a string of random chars from the B64T set.
7388
* <p>
74-
* The salt is generated with {@link ThreadLocalRandom}.
89+
* The salt is generated with the {@link Random} provided.
7590
* </p>
7691
*
77-
* @param num
78-
* Number of chars to generate.
92+
* @param num Number of chars to generate.
93+
* @param random an instance of {@link Random}.
94+
* @return a random salt {@link String}.
7995
*/
80-
static String getRandomSalt(final int num) {
81-
final StringBuilder saltString = new StringBuilder(num);
82-
final ThreadLocalRandom current = ThreadLocalRandom.current();
83-
for (int i = 1; i <= num; i++) {
84-
saltString.append(B64T_ARRAY[current.nextInt(B64T_ARRAY.length)]);
85-
}
86-
return saltString.toString();
96+
static String getRandomSalt(final int num, final Random random) {
97+
final StringBuilder saltString = new StringBuilder(num);
98+
for (int i = 1; i <= num; i++) {
99+
saltString.append(B64T_STRING.charAt(random.nextInt(B64T_STRING.length())));
100+
}
101+
return saltString.toString();
87102
}
88103
}

src/main/java/org/apache/commons/codec/digest/Md5Crypt.java

Lines changed: 75 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
import java.security.MessageDigest;
2020
import java.security.SecureRandom;
2121
import java.util.Arrays;
22+
import java.util.Random;
2223
import java.util.concurrent.ThreadLocalRandom;
2324
import java.util.regex.Matcher;
2425
import java.util.regex.Pattern;
@@ -64,8 +65,8 @@ public class Md5Crypt {
6465
/**
6566
* See {@link #apr1Crypt(byte[], String)} for details.
6667
* <p>
67-
* A salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
68-
* {@link SecureRandom} to generate your own salts and calling {@link #apr1Crypt(byte[], String)}.
68+
* A salt is generated for you using {@link SecureRandom}; your own {@link Random} in
69+
* {@link #apr1Crypt(byte[], Random)}.
6970
* </p>
7071
*
7172
* @param keyBytes plaintext string to hash.
@@ -77,11 +78,27 @@ public static String apr1Crypt(final byte[] keyBytes) {
7778
return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8));
7879
}
7980

81+
/**
82+
* See {@link #apr1Crypt(byte[], String)} for details.
83+
* <p>
84+
* A salt is generated for you using the user provided {@link Random}.
85+
* </p>
86+
*
87+
* @param keyBytes plaintext string to hash.
88+
* @param random an arbitrary {@link Random} for the user's reason.
89+
* @param random the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom}
90+
* or {@link ThreadLocalRandom}.
91+
* @throws IllegalArgumentException when a {@link java.security.NoSuchAlgorithmException} is caught. *
92+
* @see #apr1Crypt(byte[], String)
93+
*/
94+
public static String apr1Crypt(final byte[] keyBytes, final Random random) {
95+
return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8, random));
96+
}
97+
8098
/**
8199
* See {@link #apr1Crypt(String, String)} for details.
82100
* <p>
83-
* A salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
84-
* {@link SecureRandom} to generate your own salts.
101+
* A salt is generated for you using {@link SecureRandom}
85102
* </p>
86103
*
87104
* @param keyBytes
@@ -164,10 +181,33 @@ public static String md5Crypt(final byte[] keyBytes) {
164181
return md5Crypt(keyBytes, MD5_PREFIX + B64.getRandomSalt(8));
165182
}
166183

184+
/**
185+
* Generates a libc6 crypt() compatible "$1$" hash value.
186+
* <p>
187+
* See {@link #md5Crypt(byte[], String)} for details.
188+
*</p>
189+
* <p>
190+
* A salt is generated for you using the instance of {@link Random} you supply.
191+
* </p>
192+
* @param keyBytes
193+
* plaintext string to hash.
194+
* @param random
195+
* the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom}
196+
* or {@link ThreadLocalRandom}.
197+
* @return the hash value
198+
* @throws IllegalArgumentException
199+
* when a {@link java.security.NoSuchAlgorithmException} is caught.
200+
* @see #md5Crypt(byte[], String)
201+
*/
202+
public static String md5Crypt(final byte[] keyBytes, final Random random) {
203+
return md5Crypt(keyBytes, MD5_PREFIX + B64.getRandomSalt(8, random));
204+
}
205+
167206
/**
168207
* Generates a libc crypt() compatible "$1$" MD5 based hash value.
169208
* <p>
170-
* See {@link Crypt#crypt(String, String)} for details.
209+
* See {@link Crypt#crypt(String, String)} for details. We use {@link SecureRandom} for seed generation by
210+
* default.
171211
* </p>
172212
*
173213
* @param keyBytes
@@ -189,7 +229,8 @@ public static String md5Crypt(final byte[] keyBytes, final String salt) {
189229
/**
190230
* Generates a libc6 crypt() "$1$" or Apache htpasswd "$apr1$" hash value.
191231
* <p>
192-
* See {@link Crypt#crypt(String, String)} or {@link #apr1Crypt(String, String)} for details.
232+
* See {@link Crypt#crypt(String, String)} or {@link #apr1Crypt(String, String)} for details. We use
233+
* {@link SecureRandom by default}.
193234
* </p>
194235
*
195236
* @param keyBytes
@@ -207,12 +248,39 @@ public static String md5Crypt(final byte[] keyBytes, final String salt) {
207248
* when a {@link java.security.NoSuchAlgorithmException} is caught.
208249
*/
209250
public static String md5Crypt(final byte[] keyBytes, final String salt, final String prefix) {
251+
return md5Crypt(keyBytes, salt, prefix, new SecureRandom());
252+
}
253+
254+
/**
255+
* Generates a libc6 crypt() "$1$" or Apache htpasswd "$apr1$" hash value.
256+
* <p>
257+
* See {@link Crypt#crypt(String, String)} or {@link #apr1Crypt(String, String)} for details.
258+
* </p>
259+
*
260+
* @param keyBytes
261+
* plaintext string to hash.
262+
* @param salt
263+
* real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for
264+
* you using {@link ThreadLocalRandom}; for more secure salts consider using {@link SecureRandom} to
265+
* generate your own salts.
266+
* @param prefix
267+
* salt prefix
268+
* @param random
269+
* the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom}
270+
* or {@link ThreadLocalRandom}.
271+
* @return the hash value
272+
* @throws IllegalArgumentException
273+
* if the salt does not match the allowed pattern
274+
* @throws IllegalArgumentException
275+
* when a {@link java.security.NoSuchAlgorithmException} is caught.
276+
*/
277+
public static String md5Crypt(final byte[] keyBytes, final String salt, final String prefix, final Random random) {
210278
final int keyLen = keyBytes.length;
211279

212280
// Extract the real salt from the given string which can be a complete hash string.
213281
String saltString;
214282
if (salt == null) {
215-
saltString = B64.getRandomSalt(8);
283+
saltString = B64.getRandomSalt(8, random);
216284
} else {
217285
final Pattern p = Pattern.compile("^" + prefix.replace("$", "\\$") + "([\\.\\/a-zA-Z0-9]{1,8}).*");
218286
final Matcher m = p.matcher(salt);

0 commit comments

Comments
 (0)