You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/25 21:32:45 UTC
svn commit: r1627602 - in /tomcat/trunk:
java/org/apache/catalina/realm/CredentialHandlerBase.java
test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java
Author: markt
Date: Thu Sep 25 19:32:45 2014
New Revision: 1627602
URL: http://svn.apache.org/r1627602
Log:
Add some tests. Fix a bug and handle an edge case.
Added:
tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java
Modified: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java?rev=1627602&r1=1627601&r2=1627602&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java Thu Sep 25 19:32:45 2014
@@ -45,7 +45,9 @@ public abstract class CredentialHandlerB
public String generate(int saltLength, String userCredential) {
byte[] salt = null;
int iterations = getIterations();
- if (saltLength > 0) {
+ if (saltLength == 0) {
+ salt = new byte[0];
+ } else if (saltLength > 0) {
if (random == null) {
random = new SecureRandom();
}
@@ -62,7 +64,7 @@ public abstract class CredentialHandlerB
protected boolean matchesSaltIterationsEncoded(String inputCredentials, String storedCredentials) {
int sep1 = storedCredentials.indexOf('$');
- int sep2 = storedCredentials.indexOf('$', sep1);
+ int sep2 = storedCredentials.indexOf('$', sep1 + 1);
String hexSalt = storedCredentials.substring(0, sep1);
Added: tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java?rev=1627602&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java (added)
+++ tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java Thu Sep 25 19:32:45 2014
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.realm;
+
+import java.security.NoSuchAlgorithmException;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.tomcat.util.security.ConcurrentMessageDigest;
+
+public class TestMessageDigestCredentialHandler {
+
+ private static final String[] DIGESTS = new String[] {"MD5", "SHA-1", "SHA-512"};
+
+ private static final String PWD = "password";
+
+ static {
+ try {
+ ConcurrentMessageDigest.init("SHA-512");
+ } catch (NoSuchAlgorithmException e) {
+ throw new IllegalArgumentException(e);
+ }
+ }
+
+ @Test
+ public void testGeneral() throws Exception {
+ for (String digest : DIGESTS) {
+ for (int saltLength = 0; saltLength < 20; saltLength++) {
+ for (int iterations = 1; iterations < 100; iterations += 10)
+ doTest(digest, saltLength, iterations);
+ }
+ }
+ }
+
+ private void doTest(String digest, int saltLength, int iterations) throws NoSuchAlgorithmException {
+ MessageDigestCredentialHandler mdch = new MessageDigestCredentialHandler();
+ mdch.setAlgorithm(digest);
+ mdch.setIterations(iterations);
+ String storedCredential = mdch.generate(saltLength, PWD);
+ Assert.assertTrue(mdch.matches(PWD, storedCredential));
+ }
+}
Propchange: tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org