Author: orudyy
Date: Thu Mar 26 13:23:45 2015
New Revision: 1669340
URL: http://svn.apache.org/r1669340
Log:
QPID-6465: Fix ArrayIndexOutOfBoundsException thrown on attempt to hexify
password in MD5AuthenticationProvider
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java?rev=1669340&r1=1669339&r2=1669340&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
Thu Mar 26 13:23:45 2015
@@ -183,9 +183,9 @@ public class MD5AuthenticationProvider
char[] password;
if(_hexify)
{
- password = new char[passwordBytes.length];
+ password = new char[passwordBytes.length * 2];
- for(int i = 0; i < passwordBytes.length; i--)
+ for(int i = 0; i < passwordBytes.length; i++)
{
password[2*i] =
HEX_CHARACTERS[(((int)passwordBytes[i]) & 0xf0)>>4];
password[(2*i)+1] =
HEX_CHARACTERS[(((int)passwordBytes[i]) & 0x0f)];
Modified:
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java?rev=1669340&r1=1669339&r2=1669340&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java
Thu Mar 26 13:23:45 2015
@@ -20,10 +20,20 @@
*/
package org.apache.qpid.server.security.auth.manager;
+import javax.security.sasl.SaslServer;
+import java.util.HashMap;
import java.util.Map;
+import org.apache.qpid.server.model.User;
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.sasl.SaslUtil;
+
public class MD5AuthenticationManagerTest extends
ManagedAuthenticationManagerTestBase
{
+
+ public static final String USER_NAME = "test";
+ public static final String USER_PASSWORD = "password";
+
@Override
public void setUp() throws Exception
{
@@ -48,6 +58,46 @@ public class MD5AuthenticationManagerTes
super.tearDown();
}
+ public void testMD5HexAuthenticationWithValidCredentials() throws Exception
+ {
+ createUser(USER_NAME, USER_PASSWORD);
+ AuthenticationResult result = authenticate("CRAM-MD5-HEX", USER_NAME,
USER_PASSWORD);
+ assertEquals("Unexpected authentication result",
AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
+ }
+
+ public void testMD5HexAuthenticationWithInvalidPassword() throws Exception
+ {
+ createUser(USER_NAME, USER_PASSWORD);
+ AuthenticationResult result = authenticate("CRAM-MD5-HEX", USER_NAME,
"invalid");
+ assertEquals("Unexpected authentication result",
AuthenticationResult.AuthenticationStatus.ERROR, result.getStatus());
+ }
+
+ public void testMD5HexAuthenticationWithInvalidUsername() throws Exception
+ {
+ createUser(USER_NAME, USER_PASSWORD);
+ AuthenticationResult result = authenticate("CRAM-MD5-HEX", "invalid",
USER_PASSWORD);
+ assertEquals("Unexpected authentication result",
AuthenticationResult.AuthenticationStatus.ERROR, result.getStatus());
+ }
+ private AuthenticationResult authenticate(String mechanism, String
userName, String userPassword) throws Exception
+ {
+ SaslServer ss = getAuthManager().createSaslServer(mechanism, "test",
null);
+ byte[] challenge = ss.evaluateResponse(new byte[0]);
+ byte[] response = SaslUtil.generateCramMD5HexClientResponse(userName,
userPassword, challenge);;
+
+ return getAuthManager().authenticate(ss, response);
+ }
+
+ private User createUser(String userName, String userPassword)
+ {
+ final Map<String, Object> childAttrs = new HashMap<String, Object>();
+
+ childAttrs.put(User.NAME, userName);
+ childAttrs.put(User.PASSWORD, userPassword);
+ User user = getAuthManager().addChild(User.class, childAttrs);
+ assertNotNull("User should be created but addChild returned null",
user);
+ assertEquals(userName, user.getName());
+ return user;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
