DERBY-4483: Make toHexByte() private to discourage its use in new code

git-svn-id: https://svn.apache.org/repos/asf/db/derby/code/trunk@926520 13f79535-47bb-0310-9956-ffa450edef68
apache · Mar 23, 2010 · 178ca0c · 178ca0c
1 parent cdf2811
commit 178ca0c
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 39 deletions.
diff --git a/java/engine/org/apache/derby/iapi/util/StringUtil.java b/java/engine/org/apache/derby/iapi/util/StringUtil.java
@@ -227,39 +227,6 @@ public static String toHexString(byte[] data, int offset, int length)
 		return s.toString();
 	}
 
-    /**
-
-        Convert a string into a byte array in hex format.
-        <BR>
-        For each character (b) two bytes are generated, the first byte 
-        represents the high nibble (4 bits) in hexidecimal (<code>b & 0xf0</code>),
-        the second byte represents the low nibble (<code>b & 0x0f</code>).
-        <BR>
-        The character at <code>str.charAt(0)</code> is represented by the first two bytes 
-        in the returned String.
-
-        @param	str string 
-        @param	offset	starting character (zero based) to convert.
-        @param	length	number of characters to convert.
-
-        @return the byte[]  (with hexidecimal format) form of the string (str) 
-    */
-    public static byte[] toHexByte(String str, int offset, int length)
-    {
-        byte[] data = new byte[(length - offset) * 2];
-        int end = offset+length;
-
-        for (int i = offset; i < end; i++)
-        {
-            char ch = str.charAt(i);
-            int high_nibble = (ch & 0xf0) >>> 4;
-            int low_nibble = (ch & 0x0f);
-            data[i] = (byte)high_nibble;
-            data[i+1] = (byte)low_nibble;
-        }
-        return data;
-    }
-
 	/**
 		Convert a hexidecimal string generated by toHexString() back
 		into a byte array.

diff --git a/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java b/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
@@ -468,8 +468,7 @@ protected String encryptPasswordSHA1Scheme(String plainTxtUserPassword)
 
 		algorithm.reset();
 		byte[] bytePasswd = null;
-        bytePasswd = StringUtil.toHexByte(
-                plainTxtUserPassword,0,plainTxtUserPassword.length());
+        bytePasswd = toHexByte(plainTxtUserPassword);
 		algorithm.update(bytePasswd);
 		byte[] encryptVal = algorithm.digest();
         String hexString = ID_PATTERN_SHA1_SCHEME +
@@ -478,6 +477,47 @@ protected String encryptPasswordSHA1Scheme(String plainTxtUserPassword)
 
 	}
 
+    /**
+     * <p>
+     * Convert a string into a byte array in hex format.
+     * </p>
+     *
+     * <p>
+     * For each character (b) two bytes are generated, the first byte
+     * represents the high nibble (4 bits) in hexadecimal ({@code b & 0xf0}),
+     * the second byte represents the low nibble ({@code b & 0x0f}).
+     * </p>
+     *
+     * <p>
+     * The character at {@code str.charAt(0)} is represented by the first two
+     * bytes in the returned String.
+     * </p>
+     *
+     * <p>
+     * New code is encouraged to use {@code String.getBytes(String)} or similar
+     * methods instead, since this method does not preserve all bits for
+     * characters whose codepoint exceeds 8 bits. This method is preserved for
+     * compatibility with the SHA-1 authentication scheme.
+     * </p>
+     *
+     * @param str string
+     * @return the byte[] (with hexadecimal format) form of the string (str)
+     */
+    private static byte[] toHexByte(String str)
+    {
+        byte[] data = new byte[str.length() * 2];
+
+        for (int i = 0; i < str.length(); i++)
+        {
+            char ch = str.charAt(i);
+            int high_nibble = (ch & 0xf0) >>> 4;
+            int low_nibble = (ch & 0x0f);
+            data[i] = (byte)high_nibble;
+            data[i+1] = (byte)low_nibble;
+        }
+        return data;
+    }
+
     /**
      * <p>
      * Encrypt a password using the specified hash algorithm and with the
@@ -671,7 +711,7 @@ protected String substitutePassword(
         messageDigest.reset();
 
         byte[] bytePasswd = null;
-        byte[] userBytes = StringUtil.toHexByte(userName, 0, userName.length());
+        byte[] userBytes = toHexByte(userName);
 
         if (SanityManager.DEBUG)
         {
@@ -699,7 +739,7 @@ protected String substitutePassword(
         // substitute generation right afterwards.
         if (!databaseUser)
         {
-            bytePasswd = StringUtil.toHexByte(password, 0, password.length());
+            bytePasswd = toHexByte(password);
             messageDigest.update(bytePasswd);
             byte[] encryptVal = messageDigest.digest();
             hexString = ID_PATTERN_SHA1_SCHEME +
@@ -722,8 +762,7 @@ protected String substitutePassword(
 
         // Generate some 20-byte password token
         messageDigest.update(userBytes);
-        messageDigest.update(
-                StringUtil.toHexByte(hexString, 0, hexString.length()));
+        messageDigest.update(toHexByte(hexString));
         byte[] passwordToken = messageDigest.digest();
 
         // Now we generate the 20-byte password substitute