X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUser.java;h=392b17428b00b748be25de7f2c8b04000438c120;hb=4e5217621733b3f8b9c2427a688a18c68dbc1e5d;hp=90b8daa0eff0603c3f50e1398586a505e9dee192;hpb=2111a76162534100967eb0e7733632e80d9ddc5f;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java
index 90b8daa0e..392b17428 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java
@@ -1,7 +1,5 @@
 package org.argeo.osgi.useradmin;
 
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -76,7 +74,7 @@ class LdifUser implements DirectoryUser {
 			// TODO check other sources (like PKCS12)
 			// String pwd = new String((char[]) value);
 			// authPassword (RFC 312 https://tools.ietf.org/html/rfc3112)
-			char[] password = toChars(value);
+			char[] password = DigestUtils.bytesToChars(value);
 			AuthPassword authPassword = AuthPassword.matchAuthValue(getAttributes(), password);
 			if (authPassword != null) {
 				if (authPassword.getAuthScheme().equals(SharedSecret.X_SHARED_SECRET)) {
@@ -154,35 +152,38 @@ class LdifUser implements DirectoryUser {
 
 	/** Hash and clear the password */
 	private byte[] hash(char[] password) {
-		byte[] hashedPassword = ("{SHA}" + Base64.getEncoder().encodeToString(DigestUtils.sha1(toBytes(password))))
-				.getBytes(StandardCharsets.UTF_8);
+		byte[] hashedPassword = ("{SHA}"
+				+ Base64.getEncoder().encodeToString(DigestUtils.sha1(DigestUtils.charsToBytes(password))))
+						.getBytes(StandardCharsets.UTF_8);
 		// Arrays.fill(password, '\u0000');
 		return hashedPassword;
 	}
 
-	private byte[] toBytes(char[] chars) {
-		CharBuffer charBuffer = CharBuffer.wrap(chars);
-		ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
-		byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
-		// Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
-		Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
-		return bytes;
-	}
-
-	private char[] toChars(Object obj) {
-		if (obj instanceof char[])
-			return (char[]) obj;
-		if (!(obj instanceof byte[]))
-			throw new IllegalArgumentException(obj.getClass() + " is not a byte array");
-		ByteBuffer fromBuffer = ByteBuffer.wrap((byte[]) obj);
-		CharBuffer toBuffer = StandardCharsets.UTF_8.decode(fromBuffer);
-		char[] res = Arrays.copyOfRange(toBuffer.array(), toBuffer.position(), toBuffer.limit());
-		Arrays.fill(fromBuffer.array(), (byte) 0); // clear sensitive data
-		Arrays.fill((byte[]) obj, (byte) 0); // clear sensitive data
-		Arrays.fill(toBuffer.array(), '\u0000'); // clear sensitive data
-		return res;
-	}
-
+	// private byte[] toBytes(char[] chars) {
+	// CharBuffer charBuffer = CharBuffer.wrap(chars);
+	// ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
+	// byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(),
+	// byteBuffer.limit());
+	// // Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
+	// Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
+	// return bytes;
+	// }
+	//
+	// private char[] toChars(Object obj) {
+	// if (obj instanceof char[])
+	// return (char[]) obj;
+	// if (!(obj instanceof byte[]))
+	// throw new IllegalArgumentException(obj.getClass() + " is not a byte array");
+	// ByteBuffer fromBuffer = ByteBuffer.wrap((byte[]) obj);
+	// CharBuffer toBuffer = StandardCharsets.UTF_8.decode(fromBuffer);
+	// char[] res = Arrays.copyOfRange(toBuffer.array(), toBuffer.position(),
+	// toBuffer.limit());
+	// Arrays.fill(fromBuffer.array(), (byte) 0); // clear sensitive data
+	// Arrays.fill((byte[]) obj, (byte) 0); // clear sensitive data
+	// Arrays.fill(toBuffer.array(), '\u0000'); // clear sensitive data
+	// return res;
+	// }
+	//
 	@Override
 	public LdapName getDn() {
 		return dn;
@@ -346,7 +347,7 @@ class LdifUser implements DirectoryUser {
 		public Object put(String key, Object value) {
 			if (key == null) {
 				// TODO persist to other sources (like PKCS12)
-				char[] password = toChars(value);
+				char[] password = DigestUtils.bytesToChars(value);
 				byte[] hashedPassword = hash(password);
 				return put(LdapAttrs.userPassword.name(), hashedPassword);
 			}
@@ -368,8 +369,8 @@ class LdifUser implements DirectoryUser {
 
 			try {
 				Attribute attribute = getModifiedAttributes().get(key.toString());
-				if (attribute == null)
-					attribute = new BasicAttribute(key.toString());
+				// if (attribute == null) // block unit tests
+				attribute = new BasicAttribute(key.toString());
 				if (value instanceof String && !isAsciiPrintable(((String) value)))
 					attribute.add(((String) value).getBytes(StandardCharsets.UTF_8));
 				else