You are viewing a plain text version of this content. The canonical link for it is here.

Posted to kerby@directory.apache.org by Lars Froböse <la...@t-online.de> on 2022/07/16 12:23:13 UTC

[BUG] - Release Apache Kerby 2.0.2 in EncryptionUtil.orderEtypesByStrength(List)

Hi,
this is my first mail to this mailing list and hopefully this is the 
right place to address my case.

I've found what I consider a bug in module kerb-common of release Apache 
Kerby 2.0.2 in class 
org.apache.kerby.kerberos.kerb.common.EncryptionUtil in method 
orderEtypesByStrength(List<EncryptionType>).

I have written a JUnit test case where the method gets a list of four 
EncryptionType(s) and returns an ordered list of five EncryptionType(s) 
- java.lang.AssertionError: expected:<4> but was <5>:

/**
  *
  */
package org.apache.kerby.kerberos.kerb.common;

import static org.junit.Assert.assertEquals;

import java.util.Arrays;
import java.util.List;

import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.junit.Test;

/**
  * Testing class {@link EncryptionUtil}.
  *
  * @author LarsFroböse
  */
public class EncryptionUtilTest {
     /**
      * Test method for
      * {@link 
org.apache.kerby.kerberos.kerb.common.EncryptionUtil#orderEtypesByStrength(java.util.List)}.
      */
     @Test
     public void testOrderEtypesByStrength() {
         List<EncryptionType> encryptionTypeList = Arrays
                 .asList(new EncryptionType[] 
{EncryptionType.DES3_CBC_SHA1, EncryptionType.AES128_CTS_HMAC_SHA1_96,
                         EncryptionType.ARCFOUR_HMAC, 
EncryptionType.AES256_CTS_HMAC_SHA1_96});
         List<EncryptionType> orderedEncryptionTypeList = 
EncryptionUtil.orderEtypesByStrength(encryptionTypeList);
         // If list is only ordered, resulting list should have as many 
elements as
         // original list, right ?
         assertEquals(encryptionTypeList.size(), 
orderedEncryptionTypeList.size());
         assertEquals(orderedEncryptionTypeList.get(0), 
EncryptionType.ARCFOUR_HMAC);
         assertEquals(orderedEncryptionTypeList.get(1), 
EncryptionType.AES256_CTS_HMAC_SHA1_96);
         assertEquals(orderedEncryptionTypeList.get(2), 
EncryptionType.AES128_CTS_HMAC_SHA1_96);
         assertEquals(orderedEncryptionTypeList.get(3), 
EncryptionType.DES3_CBC_SHA1);
     }
}

This "behaviour" is causing trouble when this method is executed by my 
application using Apache Kerby.

I suggest the following fix which passes the above JUnit test and lets 
my application run flawlessly with a local Apache Kerby version 
including this fix.

In method orderEtypesByStrength(List<EncryptionType>) of class 
org.apache.kerby.kerberos.kerb.common.EncryptionUtil add condition "&& 
!ordered.contains(encType)" in the methods if-statement:

     /**
      * Order a list of EncryptionType in a decreasing strength order
      *
      * @param etypes The ETypes to order
      * @return A list of ordered ETypes. The strongest is on the left.
      */
     public static List<EncryptionType> 
orderEtypesByStrength(List<EncryptionType> etypes) {
         List<EncryptionType> ordered = new ArrayList<>(etypes.size());

         for (String algo : CIPHER_ALGO_MAP.values()) {
             for (EncryptionType encType : etypes) {
                 String foundAlgo = getAlgoNameFromEncType(encType);

                 if (algo.equals(foundAlgo) && !ordered.contains(encType)) {
                     ordered.add(encType);
                 }
             }
         }

         return ordered;
     }

Regards,

Lars Froböse



---------------------------------------------------------------------
To unsubscribe, e-mail: kerby-unsubscribe@directory.apache.org
For additional commands, e-mail: kerby-help@directory.apache.org

Re: [BUG] - Release Apache Kerby 2.0.2 in EncryptionUtil.orderEtypesByStrength(List)

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi Lars,

Could you submit a pull request for this against
https://github.com/apache/directory-kerby ?

Colm.

On Sat, Jul 16, 2022 at 1:23 PM Lars Froböse <la...@t-online.de> wrote:
>
> Hi,
> this is my first mail to this mailing list and hopefully this is the
> right place to address my case.
>
> I've found what I consider a bug in module kerb-common of release Apache
> Kerby 2.0.2 in class
> org.apache.kerby.kerberos.kerb.common.EncryptionUtil in method
> orderEtypesByStrength(List<EncryptionType>).
>
> I have written a JUnit test case where the method gets a list of four
> EncryptionType(s) and returns an ordered list of five EncryptionType(s)
> - java.lang.AssertionError: expected:<4> but was <5>:
>
> /**
>   *
>   */
> package org.apache.kerby.kerberos.kerb.common;
>
> import static org.junit.Assert.assertEquals;
>
> import java.util.Arrays;
> import java.util.List;
>
> import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
> import org.junit.Test;
>
> /**
>   * Testing class {@link EncryptionUtil}.
>   *
>   * @author LarsFroböse
>   */
> public class EncryptionUtilTest {
>      /**
>       * Test method for
>       * {@link
> org.apache.kerby.kerberos.kerb.common.EncryptionUtil#orderEtypesByStrength(java.util.List)}.
>       */
>      @Test
>      public void testOrderEtypesByStrength() {
>          List<EncryptionType> encryptionTypeList = Arrays
>                  .asList(new EncryptionType[]
> {EncryptionType.DES3_CBC_SHA1, EncryptionType.AES128_CTS_HMAC_SHA1_96,
>                          EncryptionType.ARCFOUR_HMAC,
> EncryptionType.AES256_CTS_HMAC_SHA1_96});
>          List<EncryptionType> orderedEncryptionTypeList =
> EncryptionUtil.orderEtypesByStrength(encryptionTypeList);
>          // If list is only ordered, resulting list should have as many
> elements as
>          // original list, right ?
>          assertEquals(encryptionTypeList.size(),
> orderedEncryptionTypeList.size());
>          assertEquals(orderedEncryptionTypeList.get(0),
> EncryptionType.ARCFOUR_HMAC);
>          assertEquals(orderedEncryptionTypeList.get(1),
> EncryptionType.AES256_CTS_HMAC_SHA1_96);
>          assertEquals(orderedEncryptionTypeList.get(2),
> EncryptionType.AES128_CTS_HMAC_SHA1_96);
>          assertEquals(orderedEncryptionTypeList.get(3),
> EncryptionType.DES3_CBC_SHA1);
>      }
> }
>
> This "behaviour" is causing trouble when this method is executed by my
> application using Apache Kerby.
>
> I suggest the following fix which passes the above JUnit test and lets
> my application run flawlessly with a local Apache Kerby version
> including this fix.
>
> In method orderEtypesByStrength(List<EncryptionType>) of class
> org.apache.kerby.kerberos.kerb.common.EncryptionUtil add condition "&&
> !ordered.contains(encType)" in the methods if-statement:
>
>      /**
>       * Order a list of EncryptionType in a decreasing strength order
>       *
>       * @param etypes The ETypes to order
>       * @return A list of ordered ETypes. The strongest is on the left.
>       */
>      public static List<EncryptionType>
> orderEtypesByStrength(List<EncryptionType> etypes) {
>          List<EncryptionType> ordered = new ArrayList<>(etypes.size());
>
>          for (String algo : CIPHER_ALGO_MAP.values()) {
>              for (EncryptionType encType : etypes) {
>                  String foundAlgo = getAlgoNameFromEncType(encType);
>
>                  if (algo.equals(foundAlgo) && !ordered.contains(encType)) {
>                      ordered.add(encType);
>                  }
>              }
>          }
>
>          return ordered;
>      }
>
> Regards,
>
> Lars Froböse
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: kerby-unsubscribe@directory.apache.org
> For additional commands, e-mail: kerby-help@directory.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: kerby-unsubscribe@directory.apache.org
For additional commands, e-mail: kerby-help@directory.apache.org