diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java index 64e358ff7..45c109944 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Checksum.java @@ -1,9 +1,28 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2014 Jeremy Long. All Rights Reserved. + */ package org.owasp.dependencycheck.utils; +import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.security.DigestInputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.logging.Level; @@ -12,19 +31,16 @@ import java.util.logging.Logger; /** * Includes methods to generate the MD5 and SHA1 checksum. * - * This code was copied from Real's How To. It has been slightly modified. - * - * Written and compiled by Réal Gagnon ©1998-2012 - * - * @author Real's How To: http://www.rgagnon.com/javadetails/java-0416.html + * @author Jeremy Long * */ public final class Checksum { - + /** * The logger. */ private static final Logger LOGGER = Logger.getLogger(Checksum.class.getName()); + /** * Private constructor for a utility class. */ @@ -32,30 +48,25 @@ public final class Checksum { } /** - *

Creates the cryptographic checksum of a given file using the specified - * algorithm.

This algorithm was copied and heavily modified from - * Real's How To: http://www.rgagnon.com/javadetails/java-0416.html

+ *

+ * Creates the cryptographic checksum of a given file using the specified algorithm.

* * @param algorithm the algorithm to use to calculate the checksum * @param file the file to calculate the checksum for * @return the checksum * @throws IOException when the file does not exist - * @throws NoSuchAlgorithmException when an algorithm is specified that does - * not exist + * @throws NoSuchAlgorithmException when an algorithm is specified that does not exist */ public static byte[] getChecksum(String algorithm, File file) throws NoSuchAlgorithmException, IOException { + MessageDigest digest = MessageDigest.getInstance(algorithm); InputStream fis = null; - byte[] buffer = new byte[1024]; - MessageDigest complete = MessageDigest.getInstance(algorithm); - int numRead; try { fis = new FileInputStream(file); - do { - numRead = fis.read(buffer); - if (numRead > 0) { - complete.update(buffer, 0, numRead); - } - } while (numRead != -1); + BufferedInputStream bis = new BufferedInputStream(fis); + DigestInputStream dis = new DigestInputStream(bis, digest); + //yes, we are reading in a buffer for performance reasons - 1 byte at a time is SLOW + byte[] buffer = new byte[8192]; + while (dis.read(buffer) != -1); } finally { if (fis != null) { try { @@ -65,7 +76,7 @@ public final class Checksum { } } } - return complete.digest(); + return digest.digest(); } /** @@ -93,12 +104,17 @@ public final class Checksum { byte[] b = getChecksum("SHA1", file); return getHex(b); } + /** + * Hex code characters used in getHex. + */ private static final String HEXES = "0123456789ABCDEF"; /** - *

Converts a byte array into a hex string.

+ *

+ * Converts a byte array into a hex string.

* - *

This method was copied from + * This method was copied from http://www.rgagnon.com/javadetails/java-0596.html

* * @param raw a byte array