You are viewing a plain text version of this content. The canonical link for it is here.
Posted to kerby@directory.apache.org by Lars Froböse <la...@t-online.de> on 2022/07/16 12:23:13 UTC
[BUG] - Release Apache Kerby 2.0.2 in EncryptionUtil.orderEtypesByStrength(List)
Hi,
this is my first mail to this mailing list and hopefully this is the
right place to address my case.
I've found what I consider a bug in module kerb-common of release Apache
Kerby 2.0.2 in class
org.apache.kerby.kerberos.kerb.common.EncryptionUtil in method
orderEtypesByStrength(List<EncryptionType>).
I have written a JUnit test case where the method gets a list of four
EncryptionType(s) and returns an ordered list of five EncryptionType(s)
- java.lang.AssertionError: expected:<4> but was <5>:
/**
*
*/
package org.apache.kerby.kerberos.kerb.common;
import static org.junit.Assert.assertEquals;
import java.util.Arrays;
import java.util.List;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.junit.Test;
/**
* Testing class {@link EncryptionUtil}.
*
* @author LarsFroböse
*/
public class EncryptionUtilTest {
/**
* Test method for
* {@link
org.apache.kerby.kerberos.kerb.common.EncryptionUtil#orderEtypesByStrength(java.util.List)}.
*/
@Test
public void testOrderEtypesByStrength() {
List<EncryptionType> encryptionTypeList = Arrays
.asList(new EncryptionType[]
{EncryptionType.DES3_CBC_SHA1, EncryptionType.AES128_CTS_HMAC_SHA1_96,
EncryptionType.ARCFOUR_HMAC,
EncryptionType.AES256_CTS_HMAC_SHA1_96});
List<EncryptionType> orderedEncryptionTypeList =
EncryptionUtil.orderEtypesByStrength(encryptionTypeList);
// If list is only ordered, resulting list should have as many
elements as
// original list, right ?
assertEquals(encryptionTypeList.size(),
orderedEncryptionTypeList.size());
assertEquals(orderedEncryptionTypeList.get(0),
EncryptionType.ARCFOUR_HMAC);
assertEquals(orderedEncryptionTypeList.get(1),
EncryptionType.AES256_CTS_HMAC_SHA1_96);
assertEquals(orderedEncryptionTypeList.get(2),
EncryptionType.AES128_CTS_HMAC_SHA1_96);
assertEquals(orderedEncryptionTypeList.get(3),
EncryptionType.DES3_CBC_SHA1);
}
}
This "behaviour" is causing trouble when this method is executed by my
application using Apache Kerby.
I suggest the following fix which passes the above JUnit test and lets
my application run flawlessly with a local Apache Kerby version
including this fix.
In method orderEtypesByStrength(List<EncryptionType>) of class
org.apache.kerby.kerberos.kerb.common.EncryptionUtil add condition "&&
!ordered.contains(encType)" in the methods if-statement:
/**
* Order a list of EncryptionType in a decreasing strength order
*
* @param etypes The ETypes to order
* @return A list of ordered ETypes. The strongest is on the left.
*/
public static List<EncryptionType>
orderEtypesByStrength(List<EncryptionType> etypes) {
List<EncryptionType> ordered = new ArrayList<>(etypes.size());
for (String algo : CIPHER_ALGO_MAP.values()) {
for (EncryptionType encType : etypes) {
String foundAlgo = getAlgoNameFromEncType(encType);
if (algo.equals(foundAlgo) && !ordered.contains(encType)) {
ordered.add(encType);
}
}
}
return ordered;
}
Regards,
Lars Froböse
---------------------------------------------------------------------
To unsubscribe, e-mail: kerby-unsubscribe@directory.apache.org
For additional commands, e-mail: kerby-help@directory.apache.org
Re: [BUG] - Release Apache Kerby 2.0.2 in EncryptionUtil.orderEtypesByStrength(List)
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Lars,
Could you submit a pull request for this against
https://github.com/apache/directory-kerby ?
Colm.
On Sat, Jul 16, 2022 at 1:23 PM Lars Froböse <la...@t-online.de> wrote:
>
> Hi,
> this is my first mail to this mailing list and hopefully this is the
> right place to address my case.
>
> I've found what I consider a bug in module kerb-common of release Apache
> Kerby 2.0.2 in class
> org.apache.kerby.kerberos.kerb.common.EncryptionUtil in method
> orderEtypesByStrength(List<EncryptionType>).
>
> I have written a JUnit test case where the method gets a list of four
> EncryptionType(s) and returns an ordered list of five EncryptionType(s)
> - java.lang.AssertionError: expected:<4> but was <5>:
>
> /**
> *
> */
> package org.apache.kerby.kerberos.kerb.common;
>
> import static org.junit.Assert.assertEquals;
>
> import java.util.Arrays;
> import java.util.List;
>
> import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
> import org.junit.Test;
>
> /**
> * Testing class {@link EncryptionUtil}.
> *
> * @author LarsFroböse
> */
> public class EncryptionUtilTest {
> /**
> * Test method for
> * {@link
> org.apache.kerby.kerberos.kerb.common.EncryptionUtil#orderEtypesByStrength(java.util.List)}.
> */
> @Test
> public void testOrderEtypesByStrength() {
> List<EncryptionType> encryptionTypeList = Arrays
> .asList(new EncryptionType[]
> {EncryptionType.DES3_CBC_SHA1, EncryptionType.AES128_CTS_HMAC_SHA1_96,
> EncryptionType.ARCFOUR_HMAC,
> EncryptionType.AES256_CTS_HMAC_SHA1_96});
> List<EncryptionType> orderedEncryptionTypeList =
> EncryptionUtil.orderEtypesByStrength(encryptionTypeList);
> // If list is only ordered, resulting list should have as many
> elements as
> // original list, right ?
> assertEquals(encryptionTypeList.size(),
> orderedEncryptionTypeList.size());
> assertEquals(orderedEncryptionTypeList.get(0),
> EncryptionType.ARCFOUR_HMAC);
> assertEquals(orderedEncryptionTypeList.get(1),
> EncryptionType.AES256_CTS_HMAC_SHA1_96);
> assertEquals(orderedEncryptionTypeList.get(2),
> EncryptionType.AES128_CTS_HMAC_SHA1_96);
> assertEquals(orderedEncryptionTypeList.get(3),
> EncryptionType.DES3_CBC_SHA1);
> }
> }
>
> This "behaviour" is causing trouble when this method is executed by my
> application using Apache Kerby.
>
> I suggest the following fix which passes the above JUnit test and lets
> my application run flawlessly with a local Apache Kerby version
> including this fix.
>
> In method orderEtypesByStrength(List<EncryptionType>) of class
> org.apache.kerby.kerberos.kerb.common.EncryptionUtil add condition "&&
> !ordered.contains(encType)" in the methods if-statement:
>
> /**
> * Order a list of EncryptionType in a decreasing strength order
> *
> * @param etypes The ETypes to order
> * @return A list of ordered ETypes. The strongest is on the left.
> */
> public static List<EncryptionType>
> orderEtypesByStrength(List<EncryptionType> etypes) {
> List<EncryptionType> ordered = new ArrayList<>(etypes.size());
>
> for (String algo : CIPHER_ALGO_MAP.values()) {
> for (EncryptionType encType : etypes) {
> String foundAlgo = getAlgoNameFromEncType(encType);
>
> if (algo.equals(foundAlgo) && !ordered.contains(encType)) {
> ordered.add(encType);
> }
> }
> }
>
> return ordered;
> }
>
> Regards,
>
> Lars Froböse
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: kerby-unsubscribe@directory.apache.org
> For additional commands, e-mail: kerby-help@directory.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: kerby-unsubscribe@directory.apache.org
For additional commands, e-mail: kerby-help@directory.apache.org