From: Mathieu Baudier Date: Wed, 24 Jun 2020 07:13:50 +0000 (+0200) Subject: Adapt unit tests to PBKDF2_SHA256 password scheme support. X-Git-Tag: argeo-commons-2.1.89~120 X-Git-Url: https://git.argeo.org/?p=lgpl%2Fargeo-commons.git;a=commitdiff_plain;h=164c1973ae47df75031cc55b15b52de0226ff035 Adapt unit tests to PBKDF2_SHA256 password scheme support. --- diff --git a/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/LdifUserAdminTest.java b/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/LdifUserAdminTest.java index 1d6b0f3a5..126125b85 100644 --- a/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/LdifUserAdminTest.java +++ b/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/LdifUserAdminTest.java @@ -5,13 +5,13 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.net.URI; +import java.nio.charset.StandardCharsets; import java.nio.file.FileVisitResult; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.SimpleFileVisitor; import java.nio.file.attribute.BasicFileAttributes; import java.util.Arrays; -import java.util.Base64; import java.util.Dictionary; import java.util.Hashtable; import java.util.List; @@ -31,7 +31,7 @@ import junit.framework.TestCase; public class LdifUserAdminTest extends TestCase implements BasicTestConstants { // We have to keep using JUnit because of // https://issues.apache.org/jira/browse/SUREFIRE-1669 - + final static int TM_SIMPLE = 0; final static int TM_BITRONIX = 1; @@ -134,10 +134,10 @@ public class LdifUserAdminTest extends TestCase implements BasicTestConstants { assert "root@localhost".equals(rootUser.getProperties().get("mail")); // credentials - byte[] hashedPassword = ("{SHA}" + Base64.getEncoder().encodeToString(DigestUtils.sha1("demo".getBytes()))) - .getBytes(); - assert rootUser.hasCredential(LdapAttrs.userPassword.name(), hashedPassword); - assert demoUser.hasCredential(LdapAttrs.userPassword.name(), hashedPassword); + // {SHA} + assert rootUser.hasCredential(LdapAttrs.userPassword.name(), "demo".getBytes(StandardCharsets.UTF_8)); + // {PBKDF2_SHA256} + assert demoUser.hasCredential(LdapAttrs.userPassword.name(), "demo".getBytes(StandardCharsets.UTF_8)); // search Role[] search = userAdmin.getRoles(null); diff --git a/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/basic.ldif b/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/basic.ldif index b7328b0b9..e5b561540 100644 --- a/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/basic.ldif +++ b/org.argeo.enterprise/ext/test/org/argeo/osgi/useradmin/basic.ldif @@ -25,7 +25,14 @@ givenName: Demo mail: demo@localhost sn: User uid: demo -userPassword:: e1NIQX1pZVNWNTVRYytlUU9hWURSU2hhL0Fqek5USkU9 +userPassword:: e1BCS0RGMl9TSEEyNTZ9QUFBSUFOMEtpaTA5Z0h5SHA4Q1Y2bHZhbE5DOWJPcjZTVGVpSFU3UDB + 5UGVxVUVIdnR2c2pIVmVadW5YV3FNNG5MV090U1gvWS9Jc1FsdXdjR3lFclBJVTRBVWlRVytNb1 + Y0TTYzaWlPNnlkcXRFZ2dzSGlNK1lPamFZZGl2YUMrRERqRkNBeEN5VFdsdEFYNXZKaWZMMlBwa + S93OXFkTWI4YjgyRFFJMUIxZG9IMEdPZ2ZISFQwT2luYm95QlNjUmhvaDN6WGVPd1ZabWlqNHlH + Y1JPazhta1lRVm5SQXlyR2pvSHVsSXIwR3ovMnlhR3VFdWJSL2NLOUtsYTQyWWo5RTNRdmJJbkE + 3Y0Rjc2xYTlJHTENMZVBhYTdsSWUxc3pUR2JGRVZ4aVQ2M2xQck9RcHNwamRubEFlSjkvWUx5Z3 + VFTHIrZDJoNmN1SzNmdGFLbmpiRWxTRFJBMy9OanIwRVVzUHBxZDFibWIxbmxMRHR3Mlo5Y3h0Y + WljQTdSOHE3eXVhZzFQc0xac2dxdk9HR1hsZ1RVSk4rVitkWkVYdk1BSEgra0YvY1hhU05Q dn: uid=root,ou=users,dc=example,dc=com objectClass: inetOrgPerson diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java index f18c148f8..b3e7f5955 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java @@ -118,12 +118,12 @@ class LdifUser implements DirectoryUser { int index = storedBase64.indexOf('}'); if (index > 0) { passwordScheme = storedBase64.substring(1, index); - byte[] storedValueBytes = Base64.getDecoder().decode(storedBase64.substring(index + 1)); + String storedValueBase64 = storedBase64.substring(index + 1); + byte[] storedValueBytes = Base64.getDecoder().decode(storedValueBase64); char[] passwordValue = DigestUtils.bytesToChars((byte[]) value); byte[] valueBytes; if (DigestUtils.PASSWORD_SCHEME_SHA.equals(passwordScheme)) { - valueBytes = DigestUtils.toPasswordScheme(passwordScheme, passwordValue, null, null, - null); + valueBytes = DigestUtils.toPasswordScheme(passwordScheme, passwordValue, null, null, null); } else if (DigestUtils.PASSWORD_SCHEME_PBKDF2_SHA256.equals(passwordScheme)) { // see https://www.thesubtlety.com/post/a-389-ds-pbkdf2-password-checker/ byte[] iterationsArr = Arrays.copyOfRange(storedValueBytes, 0, 4);