Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.mayo.bsi.ngsportal.shared
Class Encryptor

java.lang.Object
  extended by edu.mayo.bsi.ngsportal.shared.Encryptor

public class Encryptor
extends Object

@author Gregory Dougherty

Constructor Summary
Encryptor(byte[] flipper, int rotateBits)
          Create an encryptor / decryptor for this session
 
Method Summary
 String convertByteStringToPassword(String byteString)
          Javascript apparently can't handle the non-utf8 strings that encoding creates, so on the client side we return a string of bytes (as integers) separated by "\t", and on the server side we decode that format
 String convertPassword(byte[] pwdBytes, boolean encoding)
          Convert password call to make when you have a byte string
 String convertPassword(String password, boolean encoding)
          Passing passwords as plain text is exceedingly poor security.
 String convertPasswordToByteString(String password)
          Javascript apparently can't handle the non-utf8 strings that this creates, so on the client side we return a string of bytes (as integers) separated by "\t"
 byte[] getFlipper()
           
 byte[] getFlipperBuild()
          Return bytes that can be used by Encryptor(byte[], int) to create a new matching Encryptor.
 int getRotateBits()
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Encryptor

public Encryptor(byte[] flipper,
                 int rotateBits)
Create an encryptor / decryptor for this session

Parameters:
flipper - The bytes to xor with
rotateBits - How many bits to rotate
Method Detail

getFlipper

public final byte[] getFlipper()
Returns:
the flipper

getFlipperBuild

public final byte[] getFlipperBuild()
Return bytes that can be used by Encryptor(byte[], int) to create a new matching Encryptor.

Returns:
An array of bytes

getRotateBits

public final int getRotateBits()
Returns:
the rotateBits

convertPassword

public final String convertPassword(String password,
                                    boolean encoding)
Passing passwords as plain text is exceedingly poor security. So we used Random nextBytes () to get 64 random bytes, and concatenated them into 32 random chars. Since the xor of the xor of a number gives the original value, we convert the password before sending, and convert it again after getting receiving it, giving us the user's password back. After xoring the password, we rotate each char by rotateBits bits, just to make an intercepter have to work a little bit harder. Doing something more secure that this would require writing our own encryption code, since GWT does not support any of the Java.Security classes. While we could do that, it does not seem like it would be worth the time. Consider this a point for future enhancement.

Parameters:
password - the string that needs to either be encoded or decoded
encoding - True if encoding the password, false if decoding the password
Returns:
Returns a string that has been converted into bytes, xored with the object's xor bytes, and then converted back into a string.

convertPassword

public final String convertPassword(byte[] pwdBytes,
                                    boolean encoding)
Convert password call to make when you have a byte string

Parameters:
pwdBytes - The bytes that would be turned into a string
encoding - If true then encoding the string, else decoding
Returns:
The converted string

convertPasswordToByteString

public final String convertPasswordToByteString(String password)
Javascript apparently can't handle the non-utf8 strings that this creates, so on the client side we return a string of bytes (as integers) separated by "\t"

Parameters:
password - the string that needs to be encoded
Returns:
A string of numbers separated by tabs

convertByteStringToPassword

public final String convertByteStringToPassword(String byteString)
Javascript apparently can't handle the non-utf8 strings that encoding creates, so on the client side we return a string of bytes (as integers) separated by "\t", and on the server side we decode that format

Parameters:
byteString - A string of numbers separated by tabs that needs to be decoded
Returns:
A decoded password
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD