NarrowString HTMLEntityCodec::encodeCharacter(const StringArray& immune, const NarrowString& ch) const
    // ASSERT(!immune.empty());

      return NarrowString();

    // check for immune characters
    StringArray::const_iterator it1 = std::find(immune.begin(), immune.end(), ch);
    if(it1 != immune.end())
      return ch;

    // check for simple alphanumeric characters
    if(ch.length() == 1 && ::isalnum(ch[0]))
      return ch;

    // check for illegal characterss
    //if ( ( c <= 0x1f && c != L'\t' && c != L'\n' && c != L'\r' ) || ( c >= 0x7f && c <= 0x9f ) )
    // hex = REPLACEMENT_HEX(); // Let's entity encode this instead of returning it
    // c = REPLACEMENT_CHAR();

    // check if there's a defined entity
    const EntityMap& map = getCharacterToEntityMap();
    EntityMapIterator it2 = map.find(ch);
    if(it2 != map.end())
      return String("&") + it2->second + String(";");

    // return the hex entity as suggested in the spec
    return NarrowString("&#x") + toHex(ch) + NarrowString(";");
  * Return true if specified cipher mode is one of those specified in the
  * {@code} file that supports both confidentiality
  * <b>and</b> authenticity (i.e., a "combined cipher mode" as NIST refers
  * to it).
  * @param cipherMode     The specified cipher mode to be used for the encryption
  *                       or decryption operation.
  * @return     true if the specified cipher mode is in the comma-separated list
  *             of cipher modes supporting both confidentiality and authenticity;
  *             otherwise false.
  * @see org.owasp.esapi.SecurityConfiguration#getCombinedCipherModes()
 bool CryptoHelper::isCombinedCipherMode(const NarrowString& cipherMode)
   ESAPI_ASSERT2( !cipherMode.empty(), "cipherMode is not valid" );
     throw IllegalArgumentException("Cipher mode is not valid");
   DummyConfiguration config;
   const StringList& cipherModes = config.getCombinedCipherModes();
   StringList::const_iterator it = std::find(cipherModes.begin(), cipherModes.end(), cipherMode);
   return it != cipherModes.end();
status_t UDF_ReadFromReader(Reader& origReader, UniversalDataFormat& out)
    BufferedReader reader(origReader, 1024);
    ulong_t lineNo = 0;
    ulong_t controlDataLength = 0;
    bool eof = false;
    while (!eof)
        NarrowString line;
        status_t error = reader.readLine(eof, line);
        if (errNone != error)
            return error;
        if (eof && line.empty()) //writer puts '\n' after last line... 

        error = parseUniversalDataFormatTextLine(, line.length(), out, lineNo, controlDataLength);
        if (errNone != error)
            return error;
    assert(controlDataLength == out.dataLength());
    if (controlDataLength != out.dataLength())
        return SocketConnection::errResponseMalformed
    return errNone;
  * Constructs a secure random number generator (RNG) implementing the named
  * random number algorithm.
 SecureRandomBase::SecureRandomBase(const NarrowString& algorithm, const byte*, size_t)
     : m_catastrophic(false), m_algorithm(algorithm)
     ASSERT( !algorithm.empty() );
  * Constructs a secure random number generator (RNG) implementing the named
  * random number algorithm if specified
 SecureRandom::SecureRandom(const NarrowString& algorithm)   
     : m_lock(new Mutex),
       m_impl(SecureRandomBase::createInstance(AlgorithmName::normalizeAlgorithm(algorithm), nullptr, 0))    
     ASSERT( !algorithm.empty() );
     ASSERT(m_lock.get() != nullptr);
     ASSERT(m_impl.get() != nullptr);
     * Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
    SecureRandom SecureRandom::getInstance(const NarrowString& algorithm)
        ASSERT( !algorithm.empty() );

        const NarrowString alg(AlgorithmName::normalizeAlgorithm(algorithm));
        SecureRandomBase* impl = SecureRandomBase::createInstance(alg, nullptr, 0);

        ASSERT(impl != nullptr);
        return SecureRandom(impl);
   * Generate a random secret key appropriate to the specified cipher algorithm
   * and key size.
   * @param alg        The cipher algorithm or cipher transformation. (If the latter is
   *                   passed, the cipher algorithm is determined from it.) Cannot be empty.
   * @param keyBits    The key size, in bits.
   * @return           A random {@code SecretKey} is returned.
  SecretKey CryptoHelper::generateSecretKey(const NarrowString& alg, unsigned int keyBits)
    ASSERT( !alg.empty() );
    ASSERT( keyBits >= 56 );
    ASSERT( (keyBits % 8) == 0 );

    KeyGenerator kgen(KeyGenerator::getInstance(alg));

    return kgen.generateKey();
  AlgorithmName::AlgorithmName(const NarrowString& algorithm, bool cipherOnly)
    : m_normal(normalizeAlgorithm(algorithm))
    ASSERT( !algorithm.empty() );

    // We'd prefer to throw in the ctor, but its a limitation, not a feature!
    // Actually, we need to narmalize first (in case of throw), so maybe it is a feature.
    NarrowString cipher;

    if(cipherOnly && m_normal != cipher)
      throw NoSuchAlgorithmException(m_normal + " not available");
  * Returns a KeyGenerator object that generates secret keys for the specified algorithm.
  KeyGenerator KeyGenerator::getInstance(const NarrowString& algorithm)
    ASSERT( !algorithm.empty() );
    KeyGenerator kgen(algorithm);

    // "This class provides the functionality of a secret (symmetric) key generator."
    NarrowString cipher = kgen.getAlgorithm();
    if(cipher != "DES" && cipher != "DES_ede" && cipher != "Blowfish" && cipher != "AES" &&
      cipher != "Camellia" && cipher != "HmacSHA1" && cipher != "HmacSHA224" &&
      cipher != "HmacSHA256" && cipher != "HmacSHA384"&& cipher != "HmacSHA512" &&
      cipher != "HmacWhirlpoo" )
      throw NoSuchAlgorithmException(cipher + " KeyGenerator not available");

    return kgen;
Beispiel #10
status_t resolve(SocketAddress& out, NetLibrary& netLib, const char* address, ushort_t port, ulong_t timeout)
    NarrowString validAddress;
    status_t error = validateAddress(address, validAddress, port);
    if (error)
        return error;
    INetSocketAddress addr;
    // TODO: the assumption that the ip address is numeric if the first
    // letter is a digit is incorrect. A symbolic name can also start
    // with a digit. Better test would be to check if the whole name
    // consists of digits or "."
    if (!validAddress.empty() && isDigit(validAddress[0]))
        error=netLib.addrAToIN(validAddress.c_str(), addr);
        if (error)
            return error;
        return errNone;
    return blockingResolve(out, netLib, validAddress, port, timeout);
 PushbackString::PushbackString(const NarrowString& input)
   : input(input), varPushback(0), varTemp(0), varIndex(0), varMark(0) {
  NarrowString AlgorithmName::normalizeAlgorithm(const NarrowString& algorithm)

    NarrowString alg(algorithm), mode, padding, temp;

    // Cut out whitespace
    NarrowString::iterator it = std::remove_if(alg.begin(), alg.end(), ::isspace);
    if(it != alg.end())
      alg.erase(it, alg.end());

    // Save the trimmed string
    NarrowString trimmed(alg);

    // Normalize the case
    std::transform(alg.begin(), alg.end(), alg.begin(), ::tolower);

    std::vector<std::string> parts;
    split(alg, "\\/:", parts);

    if(parts.size() == 0)
      throw NoSuchAlgorithmException("Invalid transformation format: '<empty>'");

    // An algorithm is either CIPHER or CIPHER/MODE/PADDING
    if(!(parts.size() == 1 || parts.size() == 3))
        std::ostringstream oss;
        oss << "Invalid transformation format: '" << trimmed << "'";
        throw NoSuchAlgorithmException(oss.str());

    // Clear algorithm for final processing
    alg = mode = padding = "";

    // We should see a CIPHER (ie, HmacSHA1), or a CIPHER/MODE/PADDING.
    temp = parts[0];

    //////// Symmetric Ciphers ////////

    if(temp == "aes")
      alg = "AES";
    else if(temp == "camellia")
      alg = "Camellia";
    else if(temp == "blowfish")
      alg = "Blowfish";
    else if(temp == "des_ede" || temp == "desede")
      alg = "DES_ede";
    else if(temp == "des")
      alg = "DES";

    //////// Hashes ////////

    else if(temp == "md-5" || temp == "md5")
      alg = "MD5";
    else if(temp == "sha-1" || temp == "sha1" || temp == "sha")
      alg = "SHA-1";
    else if(temp == "sha-224" || temp == "sha224")
      alg = "SHA-224";
    else if(temp == "sha-256" || temp == "sha256")
      alg = "SHA-256";
    else if(temp == "sha-384" || temp == "sha384")
      alg = "SHA-384";
    else if(temp == "sha-512" || temp == "sha512")
      alg = "SHA-512";
    else if(temp == "whirlpoo")
      alg = "Whirlpoo";

    //////// HMACs ////////

    else if(temp == "hmacsha-1" || temp == "hmacsha1" || temp == "hmacsha")
      alg = "HmacSHA1";
    else if(temp == "hmacsha-224" || temp == "hmacsha224")
      alg = "HmacSHA224";
    else if(temp == "hmacsha-256" || temp == "hmacsha256")
      alg = "HmacSHA256";
    else if(temp == "hmacsha-384" || temp == "hmacsha384")
      alg = "HmacSHA384";
    else if(temp == "hmacsha-512" || temp == "hmacsha512")
      alg = "HmacSHA512";
    else if(temp == "hmacwhirlpoo")
      alg = "HmacWhirlpoo";

    //////// PBE Hmacs ////////

    else if(temp == "pbewithsha1")
      alg = "PBEWithSHA1";
    else if(temp == "pbewithsha224")
      alg = "PBEWithSHA224";
    else if(temp == "pbewithsha256")
      alg = "PBEWithSHA256";
    else if(temp == "pbewithsha384")
      alg = "PBEWithSHA384";
    else if(temp == "pbewithsha512")
      alg = "PBEWithSHA512";
    else if(temp == "pbewithwhirlpoo")
      alg = "PBEWithWhirlpoo";

    //////// Key Agreement ////////

    else if(temp == "diffiehellman")
      alg = "DiffieHellman";

    //////// SecureRandom ////////

    else if(temp == "sha1prng")
      alg = "SHA1PRNG";

    //////// Oh shit! ////////

    else {
      std::ostringstream oss;
      oss << "Invalid transformation format: '" << trimmed << "', cipher '" << temp << "'";
      ESAPI_ASSERT2(false, oss.str());
      throw NoSuchAlgorithmException(oss.str());

    if(parts.size() == 1)
      return alg;

    // Mode
    temp = parts[1];

    if(temp == "none")
      mode = "NONE";
    else if(temp == "ecb")
      mode = "ECB";
    else if(temp == "cbc")
      mode = "CBC";
    else if(temp == "ofb")
      mode = "OFB";
    else if(temp == "cfb")
      mode = "CFB";
    else if(temp == "ctr")
      mode = "CTR";
#if 0
    // Uncomment in the future
    else if(temp == "ccm")
      mode = "CCM";
    else if(temp == "gcm")
      mode = "GCM";
    else if(temp == "eax")
      mode = "EAX";

    else {
      std::ostringstream oss;
      oss << "Invalid transformation format: '" << trimmed << "', mode '" << temp << "'";
      ESAPI_ASSERT2(false, oss.str());
      throw NoSuchAlgorithmException(oss.str());

    // Padding
    temp = parts[2];

    if(temp == "nopadding" || temp == "none")
      padding = "NoPadding";
    else if(temp == "pkcs5padding")
      padding = "PKCS5Padding";
    else if(temp == "ssl3padding")
      padding = "SSL3Padding";

    else {
      std::ostringstream oss;
      oss << "Invalid transformation format: '" << trimmed << "', padding '" << temp << "'";
      ESAPI_ASSERT2(false, oss.str());
      throw NoSuchAlgorithmException(oss.str());

    // Remove if we ever get around to adding SSL3 padding.
    if(padding == "SSL3Padding") {
      std::ostringstream oss;
      oss << "Unsupported transformation format: '" << trimmed << "', padding '" << temp << "'";
      throw NoSuchAlgorithmException(oss.str());

    // Final return string
    alg += "/" + mode;
    alg += "/" + padding;

    return alg;
 MessageDigestImpl<HASH>::MessageDigestImpl(const NarrowString& algorithm)
   : MessageDigestBase(algorithm), m_hash()
   ASSERT( !algorithm.empty() );