You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/25 21:32:45 UTC

svn commit: r1627602 - in /tomcat/trunk: java/org/apache/catalina/realm/CredentialHandlerBase.java test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java

Author: markt
Date: Thu Sep 25 19:32:45 2014
New Revision: 1627602

URL: http://svn.apache.org/r1627602
Log:
Add some tests. Fix a bug and handle an edge case.

Added:
    tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java   (with props)
Modified:
    tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java?rev=1627602&r1=1627601&r2=1627602&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java Thu Sep 25 19:32:45 2014
@@ -45,7 +45,9 @@ public abstract class CredentialHandlerB
     public String generate(int saltLength, String userCredential) {
         byte[] salt = null;
         int iterations = getIterations();
-        if (saltLength > 0) {
+        if (saltLength == 0) {
+            salt = new byte[0];
+        } else if (saltLength > 0) {
             if (random == null) {
                 random = new SecureRandom();
             }
@@ -62,7 +64,7 @@ public abstract class CredentialHandlerB
     protected boolean matchesSaltIterationsEncoded(String inputCredentials, String storedCredentials) {
 
         int sep1 = storedCredentials.indexOf('$');
-        int sep2 = storedCredentials.indexOf('$', sep1);
+        int sep2 = storedCredentials.indexOf('$', sep1 + 1);
 
         String hexSalt = storedCredentials.substring(0,  sep1);
 

Added: tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java?rev=1627602&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java (added)
+++ tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java Thu Sep 25 19:32:45 2014
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.realm;
+
+import java.security.NoSuchAlgorithmException;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.tomcat.util.security.ConcurrentMessageDigest;
+
+public class TestMessageDigestCredentialHandler {
+
+    private static final String[] DIGESTS = new String[] {"MD5", "SHA-1", "SHA-512"};
+
+    private static final String PWD = "password";
+
+    static {
+        try {
+            ConcurrentMessageDigest.init("SHA-512");
+        } catch (NoSuchAlgorithmException e) {
+            throw new IllegalArgumentException(e);
+        }
+    }
+
+    @Test
+    public void testGeneral() throws Exception {
+        for (String digest : DIGESTS) {
+            for (int saltLength = 0; saltLength < 20; saltLength++) {
+                for (int iterations = 1; iterations < 100; iterations += 10)
+                doTest(digest, saltLength, iterations);
+            }
+        }
+    }
+
+    private void doTest(String digest, int saltLength, int iterations) throws NoSuchAlgorithmException {
+        MessageDigestCredentialHandler mdch = new MessageDigestCredentialHandler();
+        mdch.setAlgorithm(digest);
+        mdch.setIterations(iterations);
+        String storedCredential = mdch.generate(saltLength, PWD);
+        Assert.assertTrue(mdch.matches(PWD, storedCredential));
+    }
+}

Propchange: tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org