input for XML.
*
* @param input the input to escape.
* @return the XML escaped variant of input.
* @deprecated use {@link #escapeForXml(CharSequence)} instead.
*/
// Remove in 4.3.
@Deprecated
public static CharSequence escapeForXML(CharSequence input) {
return escapeForXml(input);
}
/**
* Escape input for XML.
*
* @param input the input to escape.
* @return the XML escaped variant of input.
*/
public static CharSequence escapeForXml(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.safe);
}
/**
* Escape input for XML.
*
* @param input the input to escape.
* @return the XML escaped variant of input.
* @since 4.2
*/
public static CharSequence escapeForXmlAttribute(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.forAttribute);
}
/**
* Escape input for XML.
* * This is an optimized variant of {@link #escapeForXmlAttribute(CharSequence)} for XML where the * XML attribute is quoted using ''' (Apos). *
* * @param input the input to escape. * @return the XML escaped variant ofinput.
* @since 4.2
*/
public static CharSequence escapeForXmlAttributeApos(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.forAttributeApos);
}
/**
* Escape input for XML.
*
* @param input the input to escape.
* @return the XML escaped variant of input.
* @since 4.2
*/
public static CharSequence escapeForXmlText(CharSequence input) {
return escapeForXml(input, XmlEscapeMode.forText);
}
private enum XmlEscapeMode {
safe,
forAttribute,
forAttributeApos,
forText,
;
}
/**
* Escapes all necessary characters in the CharSequence so that it can be used
* in an XML doc.
*
* @param input the CharSequence to escape.
* @return the string with appropriate characters escaped.
*/
private static CharSequence escapeForXml(final CharSequence input, final XmlEscapeMode xmlEscapeMode) {
if (input == null) {
return null;
}
final int len = input.length();
final StringBuilder out = new StringBuilder((int) (len * 1.3));
CharSequence toAppend;
char ch;
int last = 0;
int i = 0;
while (i < len) {
toAppend = null;
ch = input.charAt(i);
switch (xmlEscapeMode) {
case safe:
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '>':
toAppend = GT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
case '"':
toAppend = QUOTE_ENCODE;
break;
case '\'':
toAppend = APOS_ENCODE;
break;
default:
break;
}
break;
case forAttribute:
// No need to escape '>' for attributes.
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
case '"':
toAppend = QUOTE_ENCODE;
break;
case '\'':
toAppend = APOS_ENCODE;
break;
default:
break;
}
break;
case forAttributeApos:
// No need to escape '>' and '"' for attributes using '\'' as quote.
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
case '\'':
toAppend = APOS_ENCODE;
break;
default:
break;
}
break;
case forText:
// No need to escape '"', '\'', and '>' for text.
switch (ch) {
case '<':
toAppend = LT_ENCODE;
break;
case '&':
toAppend = AMP_ENCODE;
break;
default:
break;
}
break;
}
if (toAppend != null) {
if (i > last) {
out.append(input, last, i);
}
out.append(toAppend);
last = ++i;
} else {
i++;
}
}
if (last == 0) {
return input;
}
if (i > last) {
out.append(input, last, i);
}
return out;
}
/**
* Hashes a String using the SHA-1 algorithm and returns the result as a
* String of hexadecimal numbers. This method is synchronized to avoid
* excessive MessageDigest object creation. If calling this method becomes
* a bottleneck in your code, you may wish to maintain a pool of
* MessageDigest objects instead of using this method.
*
* A hash is a one-way function -- that is, given an
* input, an output is easily computed. However, given the output, the
* input is almost impossible to compute. This is useful for passwords
* since we can store the hash and a hacker will then have a very hard time
* determining the original password.
*
* @param data the String to compute the hash of.
* @return a hashed version of the passed-in String
* @deprecated use {@link org.jivesoftware.smack.util.SHA1#hex(String)} instead.
*/
@Deprecated
public synchronized static String hash(String data) {
return org.jivesoftware.smack.util.SHA1.hex(data);
}
/**
* Encodes an array of bytes as String representation of hexadecimal.
*
* @param bytes an array of bytes to convert to a hex string.
* @return generated hex string.
*/
public static String encodeHex(byte[] bytes) {
char[] hexChars = new char[bytes.length * 2];
for (int j = 0; j < bytes.length; j++) {
int v = bytes[j] & 0xFF;
hexChars[j * 2] = HEX_CHARS[v >>> 4];
hexChars[j * 2 + 1] = HEX_CHARS[v & 0x0F];
}
return new String(hexChars);
}
public static byte[] toBytes(String string) {
try {
return string.getBytes(StringUtils.UTF8);
}
catch (UnsupportedEncodingException e) {
throw new IllegalStateException("UTF-8 encoding not supported by platform", e);
}
}
/**
* Pseudo-random number generator object for use with randomString().
* The Random class is not considered to be cryptographically secure, so
* only use these random Strings for low to medium security applications.
*/
private static final ThreadLocal
*
* The specified length must be at least one. If not, the method will return
* null.
*
* @param length the desired length of the random String to return.
* @return a random String of numbers and letters of the specified length.
*/
public static String insecureRandomString(int length) {
if (length < 1) {
return null;
}
final Random random = randGen.get();
// Create a char buffer to put random letters and numbers in.
char[] randBuffer = new char[length];
for (int i = 0; i < randBuffer.length; i++) {
randBuffer[i] = numbersAndLetters[random.nextInt(numbersAndLetters.length)];
}
return new String(randBuffer);
}
private static final ThreadLocalcs or null.
*/
public static String maybeToString(CharSequence cs) {
if (cs == null) {
return null;
}
return cs.toString();
}
}