You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/12/12 10:04:21 UTC
svn commit: r1773757 - in /tomcat/tc8.5.x/trunk: ./
java/org/apache/catalina/realm/ test/org/apache/catalina/realm/ webapps/docs/
Author: markt
Date: Mon Dec 12 10:04:20 2016
New Revision: 1773757
URL: http://svn.apache.org/viewvc?rev=1773757&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60446
Handle the case where the stored user credential uses a different key length than the length currently configured for the CredentialHandler.
Based on a patch by Niklas Holm.
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/SecretKeyCredentialHandler.java
tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java
tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestSecretKeyCredentialHandler.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Dec 12 10:04:20 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,1762168,176217
2,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763786,1763798-1763799,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1767903,1767945-1767946,1768123,1768283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,176
9630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750774,1750899,1750975,1750995,1751061,1751097,1751173,1751438,1751447,1751463,1751702,1752212,1752737,1752745,1753078,1753080,1753358,1753363,1754111,1754140-1754141,1754281,1754310,1754445,1754467,1754494,1754496,1754528,1754532-1754533,1754613,1754714,1754874,1754941,1754944,1754950-1754951,1755005,1755007,1755009,1755132,1755180-1755181,1755185,1755190,1755204-1755206,1755208,1755214,1755224,1755227,1755230,1755629,1755646-1755647,1755650,1755653,1755675,1755680,1755683,1755693,1755717,1755731-1755737,1755812,1755828,1755884,1755890,1755918-1755919,1755942,1755958,1755960,1755970,1755993,1756013,1756019,1756039,1756056,1756083-1756114,1756175,1756288-1756289,1756408-1756410,1
756778,1756798,1756878,1756898,1756939,1757123-1757124,1757126,1757128,1757132-1757133,1757136,1757145,1757167-1757168,1757175,1757180,1757182,1757195,1757271,1757278,1757347,1757353-1757354,1757363,1757374,1757399,1757406,1757408,1757485,1757495,1757499,1757527,1757578,1757684,1757722,1757727,1757790,1757799,1757813,1757853,1757883,1757903,1757976,1757997,1758000,1758058,1758072-1758075,1758078-1758079,1758223,1758257,1758261,1758276,1758292,1758369,1758378-1758383,1758421,1758423,1758425-1758427,1758430,1758443,1758448,1758459,1758483,1758486-1758487,1758499,1758525,1758556,1758580,1758582,1758584,1758588,1758842,1759019,1759212,1759224,1759227,1759252,1759274,1759513-1759516,1759611,1759757,1759785-1759790,1760005,1760022,1760109-1760110,1760135,1760200-1760201,1760227,1760300,1760397,1760446,1760454,1760640,1760648,1761057,1761422,1761491,1761498,1761500-1761501,1761550,1761553,1761572,1761574,1761625-1761626,1761628,1761682,1761740,1761752,1762051-1762053,1762123,1762168,176217
2,1762182,1762201-1762202,1762204,1762208,1762288,1762296,1762324,1762348,1762353,1762362,1762374,1762492,1762503,1762505,1762541,1762608,1762710,1762753,1762766,1762769,1762944,1762947,1762953,1763167,1763179,1763232,1763259,1763271-1763272,1763276-1763277,1763319-1763320,1763370,1763372,1763375,1763377,1763393,1763412,1763430,1763450,1763462,1763505,1763511-1763512,1763516,1763518,1763520,1763529,1763559,1763565,1763568,1763574,1763619,1763634-1763635,1763718,1763786,1763798-1763799,1763813,1763815,1763819,1763831,1764083,1764425,1764646,1764648-1764649,1764659,1764663,1764682,1764862,1764866-1764867,1764870,1764897,1765133,1765299,1765358,1765439,1765447,1765495,1765502,1765569-1765571,1765579,1765582,1765589-1765590,1765794,1765801,1765813,1765815,1766276,1766514,1766533,1766535,1766664,1766675,1766698,1766700,1767047,1767328,1767362,1767368,1767429,1767471,1767505,1767641-1767644,1767903,1767945-1767946,1768123,1768283,1768520,1768569,1768651,1768762,1768922,1769191,1769263,176
9630,1769833,1769975,1770047,1770140,1770180,1770258,1770389,1770656,1770666,1770718,1770762,1770952,1770954,1770956,1770961,1771087,1771126,1771139,1771143,1771149,1771156,1771266,1771316,1771386,1771611,1771613,1771711,1771718,1771723-1771724,1771730,1771743,1771752,1771853,1771963,1772170,1772174,1772223,1772229,1772318-1772319,1772353,1772355,1772554,1772603-1772609,1772849,1772865,1772870,1772872,1772875-1772876,1772881,1772886,1772947,1773306,1773344,1773418,1773756
Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java?rev=1773757&r1=1773756&r2=1773757&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java Mon Dec 12 10:04:20 2016
@@ -126,6 +126,13 @@ public abstract class DigestCredentialHa
String serverCredential = mutate(userCredential, salt, iterations);
+ // Failed to generate server credential from user credential. Points to
+ // a configuration issue. The root cause should have been logged in the
+ // mutate() method.
+ if (serverCredential == null) {
+ return null;
+ }
+
if (saltLength == 0 && iterations == 1) {
// Output the simple/old format for backwards compatibility
return serverCredential;
@@ -155,6 +162,13 @@ public abstract class DigestCredentialHa
protected boolean matchesSaltIterationsEncoded(String inputCredentials,
String storedCredentials) {
+ if (storedCredentials == null) {
+ // Stored credentials are invalid
+ // This may be expected if nested credential handlers are being used
+ logInvalidStoredCredentials(storedCredentials);
+ return false;
+ }
+
int sep1 = storedCredentials.indexOf('$');
int sep2 = storedCredentials.indexOf('$', sep1 + 1);
@@ -178,7 +192,13 @@ public abstract class DigestCredentialHa
return false;
}
- String inputHexEncoded = mutate(inputCredentials, salt, iterations);
+ String inputHexEncoded = mutate(inputCredentials, salt, iterations,
+ HexUtils.fromHexString(storedHexEncoded).length * Byte.SIZE);
+ if (inputHexEncoded == null) {
+ // Failed to mutate user credentials. Automatic fail.
+ // Root cause should be logged by mutate()
+ return false;
+ }
return storedHexEncoded.equalsIgnoreCase(inputHexEncoded);
}
@@ -204,7 +224,8 @@ public abstract class DigestCredentialHa
/**
* Generates the equivalent stored credentials for the given input
- * credentials, salt and iterations.
+ * credentials, salt and iterations. If the algorithm requires a key length,
+ * the default will be used.
*
* @param inputCredentials User provided credentials
* @param salt Salt, if any
@@ -214,10 +235,35 @@ public abstract class DigestCredentialHa
* stored credentials
*
* @return The equivalent stored credentials for the given input
- * credentials
+ * credentials or <code>null</code> if the generation fails
*/
protected abstract String mutate(String inputCredentials, byte[] salt, int iterations);
+
+ /**
+ * Generates the equivalent stored credentials for the given input
+ * credentials, salt, iterations and key length. The default implementation
+ * calls ignores the key length and calls
+ * {@link #mutate(String, byte[], int)}. Sub-classes that use the key length
+ * should override this method.
+ *
+ * @param inputCredentials User provided credentials
+ * @param salt Salt, if any
+ * @param iterations Number of iterations of the algorithm associated
+ * with this CredentialHandler applied to the
+ * inputCredentials to generate the equivalent
+ * stored credentials
+ * @param keyLength Length of the produced digest in bits for
+ * implementations where it's applicable
+ *
+ * @return The equivalent stored credentials for the given input
+ * credentials or <code>null</code> if the generation fails
+ */
+ protected String mutate(String inputCredentials, byte[] salt, int iterations, int keyLength) {
+ return mutate(inputCredentials, salt, iterations);
+ }
+
+
/**
* Set the algorithm used to convert input credentials to stored
* credentials.
Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LocalStrings.properties?rev=1773757&r1=1773756&r2=1773757&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LocalStrings.properties (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LocalStrings.properties Mon Dec 12 10:04:20 2016
@@ -93,5 +93,6 @@ combinedRealm.realmStartFail=Failed to s
lockOutRealm.authLockedUser=An attempt was made to authenticate the locked user "{0}"
lockOutRealm.removeWarning=User "{0}" was removed from the failed users cache after {1} seconds to keep the cache size within the limit set
credentialHandler.invalidStoredCredential=The invalid stored credential string [{0}] was provided by the Realm to match with the user provided credentials
+credentialHandler.unableToMutateUserCredential=Failed to mutate user provided credentials. This typically means the CredentialHandler configuration is invalid
mdCredentialHandler.unknownEncoding=The encoding [{0}] is not supported so the current setting of [{1}] will still be used
pbeCredentialHandler.invalidKeySpec=Unable to generate a password based key
\ No newline at end of file
Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java?rev=1773757&r1=1773756&r2=1773757&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java Mon Dec 12 10:04:20 2016
@@ -148,6 +148,11 @@ public class MessageDigestCredentialHand
} else {
// Hex hashes should be compared case-insensitively
String userDigest = mutate(inputCredentials, null, 1);
+ if (userDigest == null) {
+ // Failed to mutate user credentials. Automatic fail.
+ // Root cause should be logged by mutate()
+ return false;
+ }
return storedCredentials.equalsIgnoreCase(userDigest);
}
}
Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/SecretKeyCredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/SecretKeyCredentialHandler.java?rev=1773757&r1=1773756&r2=1773757&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/SecretKeyCredentialHandler.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/SecretKeyCredentialHandler.java Mon Dec 12 10:04:20 2016
@@ -76,12 +76,17 @@ public class SecretKeyCredentialHandler
@Override
protected String mutate(String inputCredentials, byte[] salt, int iterations) {
- KeySpec spec = new PBEKeySpec(inputCredentials.toCharArray(), salt, iterations, getKeyLength());
+ return mutate(inputCredentials, salt, iterations, getKeyLength());
+ }
+
+ @Override
+ protected String mutate(String inputCredentials, byte[] salt, int iterations, int keyLength) {
try {
+ KeySpec spec = new PBEKeySpec(inputCredentials.toCharArray(), salt, iterations, keyLength);
return HexUtils.toHexString(secretKeyFactory.generateSecret(spec).getEncoded());
- } catch (InvalidKeySpecException e) {
- log.warn("pbeCredentialHandler.invalidKeySpec", e);
+ } catch (InvalidKeySpecException | IllegalArgumentException e) {
+ log.warn(sm.getString("pbeCredentialHandler.invalidKeySpec"), e);
return null;
}
}
Modified: tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java?rev=1773757&r1=1773756&r2=1773757&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java (original)
+++ tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java Mon Dec 12 10:04:20 2016
@@ -49,10 +49,12 @@ public class TestMessageDigestCredential
private void doTest(String digest, int saltLength, int iterations) throws NoSuchAlgorithmException {
MessageDigestCredentialHandler mdch = new MessageDigestCredentialHandler();
+ MessageDigestCredentialHandler verifier = new MessageDigestCredentialHandler();
mdch.setAlgorithm(digest);
mdch.setIterations(iterations);
mdch.setSaltLength(saltLength);
+ verifier.setAlgorithm(digest);
String storedCredential = mdch.mutate(PWD);
- Assert.assertTrue(mdch.matches(PWD, storedCredential));
+ Assert.assertTrue(verifier.matches(PWD, storedCredential));
}
}
Modified: tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestSecretKeyCredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestSecretKeyCredentialHandler.java?rev=1773757&r1=1773756&r2=1773757&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestSecretKeyCredentialHandler.java (original)
+++ tomcat/tc8.5.x/trunk/test/org/apache/catalina/realm/TestSecretKeyCredentialHandler.java Mon Dec 12 10:04:20 2016
@@ -23,29 +23,62 @@ import org.junit.Test;
public class TestSecretKeyCredentialHandler {
- private static final String[] ALGORITHMS =
- new String[] {"PBKDF2WithHmacSHA1", "PBEWithMD5AndDES"};
-
- private static final String PWD = "password";
+ private static final String[] ALGORITHMS = { "PBKDF2WithHmacSHA1", "PBEWithMD5AndDES" };
+ private static final String[] PASSWORDS = { "password", "$!&#%!%@$#@*^$%&%%#!!*%$%&#@!^" };
+ private static final int[] KEYLENGTHS = { 8, 111, 256 };
+ private static final int[] SALTLENGTHS = { 1, 7, 12, 20 };
+ private static final int[] ITERATIONS = { 1, 2111, 10000 };
@Test
public void testGeneral() throws Exception {
for (String digest : ALGORITHMS) {
- for (int saltLength = 1; saltLength < 20; saltLength++) {
- for (int iterations = 1; iterations < 10000; iterations += 1000)
- doTest(digest, saltLength, iterations);
+ for (String password : PASSWORDS) {
+ for (int saltLength : SALTLENGTHS) {
+ for (int iterations : ITERATIONS) {
+ for (int keyLength : KEYLENGTHS) {
+ doTest(password, digest, saltLength, iterations, keyLength, true);
+ }
+ }
+ }
}
}
}
- private void doTest(String digest, int saltLength, int iterations)
- throws NoSuchAlgorithmException {
+ @Test
+ public void testZeroSalt() throws NoSuchAlgorithmException {
+ doTest(PASSWORDS[0], ALGORITHMS[0], 0, ITERATIONS[0], KEYLENGTHS[0], false);
+ }
+
+ @Test
+ public void testZeroIterations() throws NoSuchAlgorithmException {
+ doTest(PASSWORDS[0], ALGORITHMS[0], SALTLENGTHS[0], 0, KEYLENGTHS[0], false);
+ }
+
+ @Test
+ public void testZeroKeyLength() throws NoSuchAlgorithmException {
+ doTest(PASSWORDS[0], ALGORITHMS[0], SALTLENGTHS[0], ITERATIONS[0], 0, false);
+ }
+
+ private void doTest(String password, String digest, int saltLength, int iterations,
+ int keyLength, boolean expectMatch) throws NoSuchAlgorithmException {
SecretKeyCredentialHandler pbech = new SecretKeyCredentialHandler();
+ SecretKeyCredentialHandler verifier = new SecretKeyCredentialHandler();
pbech.setAlgorithm(digest);
pbech.setIterations(iterations);
pbech.setSaltLength(saltLength);
- String storedCredential = pbech.mutate(PWD);
- Assert.assertTrue("[" + digest + "] [" + saltLength + "] [" + iterations + "] [" + PWD +
- "] [" + storedCredential +"]", pbech.matches(PWD, storedCredential));
+ pbech.setKeyLength(keyLength);
+ verifier.setAlgorithm(digest);
+ String storedCredential = pbech.mutate(password);
+ if (expectMatch) {
+ Assert.assertTrue(
+ "[" + digest + "] [" + saltLength + "] [" + iterations + "] [" + keyLength + "] ["
+ + password + "] [" + storedCredential + "]",
+ verifier.matches(password, storedCredential));
+ } else {
+ Assert.assertFalse(
+ "[" + digest + "] [" + saltLength + "] [" + iterations + "] [" + keyLength + "] ["
+ + password + "] [" + storedCredential + "]",
+ verifier.matches(password, storedCredential));
+ }
}
}
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1773757&r1=1773756&r2=1773757&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Mon Dec 12 10:04:20 2016
@@ -45,6 +45,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 8.5.10 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ <bug>60446</bug>: Handle the case where the stored user credential uses
+ a different key length than the length currently configured for the
+ <code>CredentialHandler</code>. Based on a patch by Niklas Holm. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org