directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1508106 - in /directory/apacheds/trunk: core-integ/src/test/java/org/apache/directory/server/core/operations/add/ interceptors/hash/src/main/java/org/apache/directory/server/core/hash/
Date Mon, 29 Jul 2013 15:45:17 GMT
Author: elecharny
Date: Mon Jul 29 15:45:17 2013
New Revision: 1508106

URL: http://svn.apache.org/r1508106
Log:
Fix for DIRSERVER-1876

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java
    directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java?rev=1508106&r1=1508105&r2=1508106&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java
Mon Jul 29 15:45:17 2013
@@ -22,6 +22,7 @@ package org.apache.directory.server.core
 
 
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Arrays;
@@ -45,112 +46,139 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.apache.directory.server.core.integ.IntegrationUtils;
-import org.junit.AfterClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+
 /**
  * Test case for checking PasswordHashingInterceptor.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 @RunWith(FrameworkRunner.class)
-@CreateDS(name = "PasswordHashingInterceptorTest-DS", additionalInterceptors=Md5PasswordHashingInterceptor.class)
-@ApplyLdifs( {
-    "dn: cn=test,ou=system",
-    "objectClass: person",
-    "cn: test",
-    "sn: sn_test",
-    "userPassword: secret"
+@CreateDS(name = "PasswordHashingInterceptorTest-DS", additionalInterceptors = Md5PasswordHashingInterceptor.class)
+@ApplyLdifs(
+    {
+        "dn: cn=test,ou=system",
+        "objectClass: person",
+        "cn: test",
+        "sn: sn_test",
+        "userPassword: secret",
+        "userPassword: secret2"
 })
 public class PasswordHashingInterceptorTest extends AbstractLdapTestUnit
 {
-    @Test
-    public void testAddWithPlainPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+@Test
+public void testAddWithPlainPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
 
-        byte[] plainPwd = "secret".getBytes();
-        Dn dn = new Dn( "cn=test,ou=system" );
+    byte[] plainPwd = "secret".getBytes();
+    Dn dn = new Dn( "cn=test,ou=system" );
 
-        Entry entry = connection.lookup( dn );
-        Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
-        
-        assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
-    
-    
-    @Test
-    public void testModifyWithPlainPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+    Entry entry = connection.lookup( dn );
+    Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
 
-        byte[] plainPwd = "newsecret".getBytes();
-        Dn dn = new Dn( "cn=test,ou=system" );
+    assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
 
-        AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
SchemaConstants.USER_PASSWORD_AT );
-        
-        Attribute pwdAt = new DefaultAttribute( pwdAtType );
-        pwdAt.add( plainPwd );
-        
-        Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
pwdAt );
-        connection.modify( dn, mod );
-        
-        Entry entry = connection.lookup( dn );
-        pwdAt = entry.get( pwdAtType );
-        
-        assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
-
-    
-    @Test
-    public void testAddWithHashedPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
 
-        byte[] plainPwd = "secret".getBytes();
-        byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA
);
-        
-        Dn dn = new Dn( "cn=testHash,ou=system" );
-        Entry entry = new DefaultEntry( getService().getSchemaManager(), dn );
-        entry.add( "ObjectClass", "top", "person" );
-        entry.add( "sn", "TEST" );
-        entry.add( "cn", "testHash" );
-        entry.add( SchemaConstants.USER_PASSWORD_AT, hashedPwd );
-
-        connection.add( entry );
-
-        entry = connection.lookup( dn );
-        Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
-        assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
-    
-    
-    @Test
-    public void testModifyWithHashedPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+@Test
+public void testModifyWithPlainPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    byte[] plainPwd = "newsecret".getBytes();
+    Dn dn = new Dn( "cn=test,ou=system" );
+
+    AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
+        SchemaConstants.USER_PASSWORD_AT );
+
+    Attribute pwdAt = new DefaultAttribute( pwdAtType );
+    pwdAt.add( plainPwd );
+
+    Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
pwdAt );
+    connection.modify( dn, mod );
+
+    Entry entry = connection.lookup( dn );
+    pwdAt = entry.get( pwdAtType );
+
+    assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
+
+
+@Test
+public void testModifyWithEmptyPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    Dn dn = new Dn( "cn=test,ou=system" );
 
-        byte[] plainPwd = "xyzsecret".getBytes();
-        byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA256
);
+    AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
+        SchemaConstants.USER_PASSWORD_AT );
 
-        Dn dn = new Dn( "cn=test,ou=system" );
+    Attribute pwdAt = new DefaultAttribute( pwdAtType );
+    pwdAt.add( ( byte[] ) null );
 
-        AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
SchemaConstants.USER_PASSWORD_AT );
-        
-        Attribute pwdAt = new DefaultAttribute( pwdAtType );
-        pwdAt.add( hashedPwd );
-        
-        Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
pwdAt );
-        connection.modify( dn, mod );
-        
-        Entry entry = connection.lookup( dn );
-        pwdAt = entry.get( pwdAtType );
-        
-        assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
+    Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
pwdAt );
+    connection.modify( dn, mod );
+
+    Entry entry = connection.lookup( dn );
+    pwdAt = entry.get( pwdAtType );
+
+    assertNull( pwdAt );
+}
+
+
+@Test
+public void testAddWithHashedPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    byte[] plainPwd = "secret".getBytes();
+    byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA
);
+
+    Dn dn = new Dn( "cn=testHash,ou=system" );
+    Entry entry = new DefaultEntry( getService().getSchemaManager(), dn );
+    entry.add( "ObjectClass", "top", "person" );
+    entry.add( "sn", "TEST" );
+    entry.add( "cn", "testHash" );
+    entry.add( SchemaConstants.USER_PASSWORD_AT, hashedPwd );
+
+    connection.add( entry );
+
+    entry = connection.lookup( dn );
+    Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
+    assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
+
+
+@Test
+public void testModifyWithHashedPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    byte[] plainPwd = "xyzsecret".getBytes();
+    byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA256
);
+
+    Dn dn = new Dn( "cn=test,ou=system" );
+
+    AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
+        SchemaConstants.USER_PASSWORD_AT );
+
+    Attribute pwdAt = new DefaultAttribute( pwdAtType );
+    pwdAt.add( hashedPwd );
+
+    Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
pwdAt );
+    connection.modify( dn, mod );
+
+    Entry entry = connection.lookup( dn );
+    pwdAt = entry.get( pwdAtType );
+
+    assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
 }

Modified: directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java?rev=1508106&r1=1508105&r2=1508106&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java
Mon Jul 29 15:45:17 2013
@@ -27,8 +27,10 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.entry.Attribute;
 import org.apache.directory.api.ldap.model.entry.BinaryValue;
+import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.Value;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.password.PasswordUtil;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
@@ -105,7 +107,13 @@ public abstract class PasswordHashingInt
             // check for modification on 'userPassword' AT
             if ( SchemaConstants.USER_PASSWORD_AT_OID.equals( oid ) )
             {
-                includeHashedPassword( mod.getAttribute() );
+                Attribute newPwd = includeHashedPassword( mod.getAttribute() );
+
+                if ( newPwd != null )
+                {
+                    mod.setAttribute( newPwd );
+                }
+
                 break;
             }
         }
@@ -119,25 +127,41 @@ public abstract class PasswordHashingInt
      *
      * @param pwdAt the password attribute
      */
-    private void includeHashedPassword( Attribute pwdAt ) throws LdapException
+    private Attribute includeHashedPassword( Attribute pwdAt ) throws LdapException
     {
         if ( pwdAt == null )
         {
-            return;
+            return null;
         }
 
-        BinaryValue userPassword = ( BinaryValue ) pwdAt.get();
-
-        // check if the given password is already hashed
-        LdapSecurityConstants existingAlgo = PasswordUtil.findAlgorithm( userPassword.getValue()
);
+        Attribute newPwd = new DefaultAttribute( pwdAt.getAttributeType() );
 
-        // if there exists NO algorithm, then hash the password
-        if ( existingAlgo == null )
+        // Special case : deal with a potential empty value. We may have more than one
+        for ( Value<?> userPassword : pwdAt )
         {
-            byte[] hashedPassword = PasswordUtil.createStoragePassword( userPassword.getValue(),
algorithm );
+            if ( userPassword.getValue() == null )
+            {
+                continue;
+            }
+
+            // check if the given password is already hashed
+            LdapSecurityConstants existingAlgo = PasswordUtil.findAlgorithm( ( ( BinaryValue
) userPassword )
+                .getValue() );
 
-            pwdAt.clear();
-            pwdAt.add( hashedPassword );
+            // if there exists NO algorithm, then hash the password
+            if ( existingAlgo == null )
+            {
+                byte[] hashedPassword = PasswordUtil.createStoragePassword(
+                    ( ( BinaryValue ) userPassword ).getValue(), algorithm );
+
+                newPwd.add( hashedPassword );
+            }
+            else
+            {
+                newPwd.add( ( ( BinaryValue ) userPassword ).getValue() );
+            }
         }
+
+        return newPwd;
     }
 }



Mime
View raw message