/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.qpid.server.security.auth.sasl;
import junit.framework.TestCase;
import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Properties;
/**
* These tests ensure that the Hex wrapping that the initialiser performs does actually operate when the handle method is called.
*/
public class CRAMMD5HexInitialiserTest extends TestCase
{
public void testHex()
{
//Create User details for testing
String user = "testUser";
String password = "testPassword";
perform(user, password);
}
public void testHashedHex()
{
//Create User details for testing
String user = "testUser";
String password = "testPassword";
//Create a hashed password that we then attempt to put through the call back mechanism.
try
{
password = new String(MessageDigest.getInstance("MD5").digest(password.getBytes()));
}
catch (NoSuchAlgorithmException e)
{
fail(e.getMessage());
}
perform(user, password);
}
public void perform(String user, String password)
{
CRAMMD5HexInitialiser initialiser = new CRAMMD5HexInitialiser();
//Use properties to create a PrincipalDatabase
Properties users = new Properties();
users.put(user, password);
PropertiesPrincipalDatabase db = new PropertiesPrincipalDatabase(users);
initialiser.initialise(db);
//setup the callbacks
PasswordCallback passwordCallback = new PasswordCallback("password:", false);
NameCallback usernameCallback = new NameCallback("user:", user);
Callback[] callbacks = new Callback[]{usernameCallback, passwordCallback};
//Check the
try
{
assertNull("The password was not null before the handle call.", passwordCallback.getPassword());
initialiser.getCallbackHandler().handle(callbacks);
}
catch (IOException e)
{
fail(e.getMessage());
}
catch (UnsupportedCallbackException e)
{
fail(e.getMessage());
}
//Hex the password we initialised with and compare it with the passwordCallback
assertArrayEquals(toHex(password.toCharArray()), passwordCallback.getPassword());
}
private void assertArrayEquals(char[] expected, char[] actual)
{
assertEquals("Arrays are not the same length", expected.length, actual.length);
for (int index = 0; index < expected.length; index++)
{
assertEquals("Characters are not equal", expected[index], actual[index]);
}
}
private char[] toHex(char[] password)
{
StringBuilder sb = new StringBuilder();
for (char c : password)
{
//toHexString does not prepend 0 so we have to
if (((byte) c > -1) && (byte) c < 10)
{
sb.append(0);
}
sb.append(Integer.toHexString(c & 0xFF));
}
//Extract the hex string as char[]
char[] hex = new char[sb.length()];
sb.getChars(0, sb.length(), hex, 0);
return hex;
}
}