input for XML.
*
* @param input the input to escape.
* @return the XML escaped variant of input.
*/
public static CharSequence escapeForXml(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.safe);
}
/**
* Escape input for XML.
*
* @param input the input to escape.
* @return the XML escaped variant of input.
* @since 4.2
*/
public static CharSequence escapeForXmlAttribute(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.forAttribute);
}
/**
* Escape input for XML.
* * This is an optimized variant of {@link #escapeForXmlAttribute(CharSequence)} for XML where the * XML attribute is quoted using ''' (Apos). *
* * @param input the input to escape. * @return the XML escaped variant ofinput.
* @since 4.2
*/
public static CharSequence escapeForXmlAttributeApos(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.forAttributeApos);
}
/**
* Escape input for XML.
*
* @param input the input to escape.
* @return the XML escaped variant of input.
* @since 4.2
*/
public static CharSequence escapeForXmlText(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.forText);
}
private enum XmlEscapeMode {
safe,
forAttribute,
forAttributeApos,
forText,
}
/**
* Escapes all necessary characters in the CharSequence so that it can be used
* in an XML doc.
*
* @param input the CharSequence to escape.
* @return the string with appropriate characters escaped.
*/
private static CharSequence escapeForXml(final CharSequence input, final XmlEscapeMode xmlEscapeMode) {
if (input == null) {
return null;
}
final int len = input.length();
final StringBuilder out = new StringBuilder((int) (len * 1.3));
CharSequence toAppend;
char ch;
int last = 0;
int i = 0;
while (i < len) {
toAppend = null;
ch = input.charAt(i);
switch (xmlEscapeMode) {
case safe:
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '>':
toAppend = GT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
case '"':
toAppend = QUOTE_ENCODE;
break;
case '\'':
toAppend = APOS_ENCODE;
break;
default:
break;
}
break;
case forAttribute:
// No need to escape '>' for attributes.
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
case '"':
toAppend = QUOTE_ENCODE;
break;
case '\'':
toAppend = APOS_ENCODE;
break;
default:
break;
}
break;
case forAttributeApos:
// No need to escape '>' and '"' for attributes using '\'' as quote.
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
case '\'':
toAppend = APOS_ENCODE;
break;
default:
break;
}
break;
case forText:
// No need to escape '"', '\'', and '>' for text.
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
default:
break;
}
break;
}
if (toAppend != null) {
if (i > last) {
out.append(input, last, i);
}
out.append(toAppend);
last = ++i;
} else {
i++;
}
}
if (last == 0) {
return input;
}
if (i > last) {
out.append(input, last, i);
}
return out;
}
public static String removeNewLines(String s) {
return s.trim().replaceAll("\n", "");
}
/**
* Hashes a String using the SHA-1 algorithm and returns the result as a
* String of hexadecimal numbers. This method is synchronized to avoid
* excessive MessageDigest object creation. If calling this method becomes
* a bottleneck in your code, you may wish to maintain a pool of
* MessageDigest objects instead of using this method.
* * A hash is a one-way function -- that is, given an * input, an output is easily computed. However, given the output, the * input is almost impossible to compute. This is useful for passwords * since we can store the hash and a hacker will then have a very hard time * determining the original password. * * @param data the String to compute the hash of. * @return a hashed version of the passed-in String * @deprecated use {@link org.jivesoftware.smack.util.SHA1#hex(String)} instead. */ @Deprecated public static synchronized String hash(String data) { return org.jivesoftware.smack.util.SHA1.hex(data); } /** * Encodes an array of bytes as String representation of hexadecimal. * * @param bytes an array of bytes to convert to a hex string. * @return generated hex string. */ public static String encodeHex(byte[] bytes) { char[] hexChars = new char[bytes.length * 2]; for (int j = 0; j < bytes.length; j++) { int v = bytes[j] & 0xFF; hexChars[j * 2] = HEX_CHARS[v >>> 4]; hexChars[j * 2 + 1] = HEX_CHARS[v & 0x0F]; } return new String(hexChars); } public static byte[] toUtf8Bytes(String string) { return string.getBytes(StandardCharsets.UTF_8); } /** * 24 upper case characters from the latin alphabet and numbers without '0' and 'O'. */ private static final char[] UNAMBIGUOUS_NUMBERS_AND_LETTER = "123456789ABCDEFGHIJKLMNPQRSTUVWXYZ".toCharArray(); /** * Returns a random String of numbers and letters (lower and upper case) * of the specified length. The method uses the Random class that is * built-in to Java which is suitable for low to medium grade security uses. * This means that the output is only pseudo random, i.e., each number is * mathematically generated so is not truly random.
* * The specified length must be at least one. If not, the method will return * null. * * @param length the desired length of the random String to return. * @return a random String of numbers and letters of the specified length. */ public static String insecureRandomString(int length) { return randomString(length, RandomUtil.RANDOM.get()); } public static String secureOnlineAttackSafeRandomString() { // 34^10 = 2.06e15 possible combinations. Which is enough to protect against online brute force attacks. // See also https://www.grc.com/haystack.htm final int REQUIRED_LENGTH = 10; return randomString(RandomUtil.SECURE_RANDOM.get(), UNAMBIGUOUS_NUMBERS_AND_LETTER, REQUIRED_LENGTH); } public static String secureUniqueRandomString() { // 34^13 = 8.11e19 possible combinations, which is > 2^64. final int REQUIRED_LENGTH = 13; return randomString(RandomUtil.SECURE_RANDOM.get(), UNAMBIGUOUS_NUMBERS_AND_LETTER, REQUIRED_LENGTH); } /** * Generate a secure random string with is human readable. The resulting string consists of 24 upper case characters * from the Latin alphabet and numbers without '0' and 'O', grouped into 4-characters chunks, e.g. * "TWNK-KD5Y-MT3T-E1GS-DRDB-KVTW". The characters are randomly selected by a cryptographically secure pseudorandom * number generator (CSPRNG). *
* The string can be used a backup "code" for secrets, and is in fact the same as the one backup code specified in * XEP-0373 and the one used by the Backup * Format v2 of OpenKeychain. *
* * @see XEP-0373 ยง5.4 Encrypting the Secret * Key Backup * @return a human readable secure random string. */ public static String secureOfflineAttackSafeRandomString() { // 34^24 = 2^122.10 possible combinations. Which is enough to protect against offline brute force attacks. // See also https://www.grc.com/haystack.htm final int REQUIRED_LENGTH = 24; return randomString(RandomUtil.SECURE_RANDOM.get(), UNAMBIGUOUS_NUMBERS_AND_LETTER, REQUIRED_LENGTH); } private static final int RANDOM_STRING_CHUNK_SIZE = 4; private static String randomString(Random random, char[] alphabet, int numRandomChars) { // The buffer most hold the size of the requested number of random chars and the chunk separators ('-'). int bufferSize = numRandomChars + ((numRandomChars - 1) / RANDOM_STRING_CHUNK_SIZE); CharBuffer charBuffer = CharBuffer.allocate(bufferSize); try { randomString(charBuffer, random, alphabet, numRandomChars); } catch (IOException e) { // This should never happen if we calcuate the buffer size correctly. throw new AssertionError(e); } return charBuffer.flip().toString(); } private static void randomString(Appendable appendable, Random random, char[] alphabet, int numRandomChars) throws IOException { for (int randomCharNum = 1; randomCharNum <= numRandomChars; randomCharNum++) { int randomIndex = random.nextInt(alphabet.length); char randomChar = alphabet[randomIndex]; appendable.append(randomChar); if (randomCharNum % RANDOM_STRING_CHUNK_SIZE == 0 && randomCharNum < numRandomChars) { appendable.append('-'); } } } public static String randomString(final int length) { return randomString(length, RandomUtil.SECURE_RANDOM.get()); } public static String randomString(final int length, Random random) { if (length == 0) { return ""; } char[] randomChars = new char[length]; for (int i = 0; i < length; i++) { int index = random.nextInt(UNAMBIGUOUS_NUMBERS_AND_LETTER.length); randomChars[i] = UNAMBIGUOUS_NUMBERS_AND_LETTER[index]; } return new String(randomChars); } /** * Returns true if CharSequence is not null and is not empty, false otherwise. * Examples: * isNotEmpty(null) - false * isNotEmpty("") - false * isNotEmpty(" ") - true * isNotEmpty("empty") - true * * @param cs checked CharSequence * @return true if string is not null and is not empty, false otherwise */ public static boolean isNotEmpty(CharSequence cs) { return !isNullOrEmpty(cs); } /** * Returns true if the given CharSequence is null or empty. * * @param cs * @return true if the given CharSequence is null or empty */ public static boolean isNullOrEmpty(CharSequence cs) { return cs == null || isEmpty(cs); } /** * Returns true if all given CharSequences are not empty. * * @param css the CharSequences to test. * @return true if all given CharSequences are not empty. */ public static boolean isNotEmpty(CharSequence... css) { for (CharSequence cs : css) { if (StringUtils.isNullOrEmpty(cs)) { return false; } } return true; } /** * Returns true if all given CharSequences are either null or empty. * * @param css the CharSequences to test. * @return true if all given CharSequences are null or empty. */ public static boolean isNullOrEmpty(CharSequence... css) { for (CharSequence cs : css) { if (StringUtils.isNotEmpty(cs)) { return false; } } return true; } /** * Returns true if the given CharSequence is empty. * * @param cs * @return true if the given CharSequence is empty */ public static boolean isEmpty(CharSequence cs) { return cs.length() == 0; } /** * Transform a collection of objects to a whitespace delimited String. * * @param collection the collection to transform. * @return a String with all the elements of the collection. */ public static String collectionToString(Collection collection) { return toStringBuilder(collection, " ").toString(); } /** * Transform a collection of objects to a delimited String. * * @param collection the collection to transform. * @param delimiter the delimiter used to delimit the Strings. * @return a StringBuilder with all the elements of the collection. */ public static StringBuilder toStringBuilder(Collection collection, String delimiter) { StringBuilder sb = new StringBuilder(collection.size() * 20); for (Iterator it = collection.iterator(); it.hasNext();) { Object cs = it.next(); sb.append(cs); if (it.hasNext()) { sb.append(delimiter); } } return sb; } public static String returnIfNotEmptyTrimmed(String string) { if (string == null) return null; String trimmedString = string.trim(); if (trimmedString.length() > 0) { return trimmedString; } else { return null; } } public static boolean nullSafeCharSequenceEquals(CharSequence csOne, CharSequence csTwo) { return nullSafeCharSequenceComparator(csOne, csTwo) == 0; } public static int nullSafeCharSequenceComparator(CharSequence csOne, CharSequence csTwo) { if (csOne == null ^ csTwo == null) { return (csOne == null) ? -1 : 1; } if (csOne == null && csTwo == null) { return 0; } return csOne.toString().compareTo(csTwo.toString()); } /** * Require a {@link CharSequence} to be neither null, nor empty. * * @deprecated use {@link #requireNotNullNorEmpty(CharSequence, String)} instead. * @param cs CharSequence * @param message error message * @paramcs or null.
*/
public static String maybeToString(CharSequence cs) {
if (cs == null) {
return null;
}
return cs.toString();
}
}