Author: markt Date: Thu Sep 25 19:32:45 2014 New Revision: 1627602 URL: http://svn.apache.org/r1627602 Log: Add some tests. Fix a bug and handle an edge case.
Added: tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java (with props) Modified: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java Modified: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java?rev=1627602&r1=1627601&r2=1627602&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java Thu Sep 25 19:32:45 2014 @@ -45,7 +45,9 @@ public abstract class CredentialHandlerB public String generate(int saltLength, String userCredential) { byte[] salt = null; int iterations = getIterations(); - if (saltLength > 0) { + if (saltLength == 0) { + salt = new byte[0]; + } else if (saltLength > 0) { if (random == null) { random = new SecureRandom(); } @@ -62,7 +64,7 @@ public abstract class CredentialHandlerB protected boolean matchesSaltIterationsEncoded(String inputCredentials, String storedCredentials) { int sep1 = storedCredentials.indexOf('$'); - int sep2 = storedCredentials.indexOf('$', sep1); + int sep2 = storedCredentials.indexOf('$', sep1 + 1); String hexSalt = storedCredentials.substring(0, sep1); Added: tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java?rev=1627602&view=auto ============================================================================== --- tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java (added) +++ tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java Thu Sep 25 19:32:45 2014 @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.realm; + +import java.security.NoSuchAlgorithmException; + +import org.junit.Assert; +import org.junit.Test; + +import org.apache.tomcat.util.security.ConcurrentMessageDigest; + +public class TestMessageDigestCredentialHandler { + + private static final String[] DIGESTS = new String[] {"MD5", "SHA-1", "SHA-512"}; + + private static final String PWD = "password"; + + static { + try { + ConcurrentMessageDigest.init("SHA-512"); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException(e); + } + } + + @Test + public void testGeneral() throws Exception { + for (String digest : DIGESTS) { + for (int saltLength = 0; saltLength < 20; saltLength++) { + for (int iterations = 1; iterations < 100; iterations += 10) + doTest(digest, saltLength, iterations); + } + } + } + + private void doTest(String digest, int saltLength, int iterations) throws NoSuchAlgorithmException { + MessageDigestCredentialHandler mdch = new MessageDigestCredentialHandler(); + mdch.setAlgorithm(digest); + mdch.setIterations(iterations); + String storedCredential = mdch.generate(saltLength, PWD); + Assert.assertTrue(mdch.matches(PWD, storedCredential)); + } +} Propchange: tomcat/trunk/test/org/apache/catalina/realm/TestMessageDigestCredentialHandler.java ------------------------------------------------------------------------------ svn:eol-style = native --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org