Return-Path: 
 <commits-return-37123-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-commits-archive@www.apache.org
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C4A9D105C0
	for <apmail-directory-commits-archive@www.apache.org>;
 Mon, 29 Jul 2013 15:45:42 +0000 (UTC)
Received: (qmail 68824 invoked by uid 500); 29 Jul 2013 15:45:42 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 68774 invoked by uid 500); 29 Jul 2013 15:45:40 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 68763 invoked by uid 99); 29 Jul 2013 15:45:39 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jul 2013 15:45:39 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jul 2013 15:45:37 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id D411823888CD;
	Mon, 29 Jul 2013 15:45:17 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1508106 - in /directory/apacheds/trunk:
 core-integ/src/test/java/org/apache/directory/server/core/operations/add/
 interceptors/hash/src/main/java/org/apache/directory/server/core/hash/
Date: Mon, 29 Jul 2013 15:45:17 -0000
To: commits@directory.apache.org
From: elecharny@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20130729154517.D411823888CD@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: elecharny
Date: Mon Jul 29 15:45:17 2013
New Revision: 1508106

URL: http://svn.apache.org/r1508106
Log:
Fix for DIRSERVER-1876

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java
    directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java?rev=1508106&r1=1508105&r2=1508106&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/operations/add/PasswordHashingInterceptorTest.java Mon Jul 29 15:45:17 2013
@@ -22,6 +22,7 @@ package org.apache.directory.server.core
 
 
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Arrays;
@@ -45,112 +46,139 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.apache.directory.server.core.integ.IntegrationUtils;
-import org.junit.AfterClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+
 /**
  * Test case for checking PasswordHashingInterceptor.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 @RunWith(FrameworkRunner.class)
-@CreateDS(name = "PasswordHashingInterceptorTest-DS", additionalInterceptors=Md5PasswordHashingInterceptor.class)
-@ApplyLdifs( {
-    "dn: cn=test,ou=system",
-    "objectClass: person",
-    "cn: test",
-    "sn: sn_test",
-    "userPassword: secret"
+@CreateDS(name = "PasswordHashingInterceptorTest-DS", additionalInterceptors = Md5PasswordHashingInterceptor.class)
+@ApplyLdifs(
+    {
+        "dn: cn=test,ou=system",
+        "objectClass: person",
+        "cn: test",
+        "sn: sn_test",
+        "userPassword: secret",
+        "userPassword: secret2"
 })
 public class PasswordHashingInterceptorTest extends AbstractLdapTestUnit
 {
-    @Test
-    public void testAddWithPlainPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+@Test
+public void testAddWithPlainPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
 
-        byte[] plainPwd = "secret".getBytes();
-        Dn dn = new Dn( "cn=test,ou=system" );
+    byte[] plainPwd = "secret".getBytes();
+    Dn dn = new Dn( "cn=test,ou=system" );
 
-        Entry entry = connection.lookup( dn );
-        Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
-        
-        assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
-    
-    
-    @Test
-    public void testModifyWithPlainPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+    Entry entry = connection.lookup( dn );
+    Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
 
-        byte[] plainPwd = "newsecret".getBytes();
-        Dn dn = new Dn( "cn=test,ou=system" );
+    assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
 
-        AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry( SchemaConstants.USER_PASSWORD_AT );
-        
-        Attribute pwdAt = new DefaultAttribute( pwdAtType );
-        pwdAt.add( plainPwd );
-        
-        Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, pwdAt );
-        connection.modify( dn, mod );
-        
-        Entry entry = connection.lookup( dn );
-        pwdAt = entry.get( pwdAtType );
-        
-        assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
-
-    
-    @Test
-    public void testAddWithHashedPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
 
-        byte[] plainPwd = "secret".getBytes();
-        byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA );
-        
-        Dn dn = new Dn( "cn=testHash,ou=system" );
-        Entry entry = new DefaultEntry( getService().getSchemaManager(), dn );
-        entry.add( "ObjectClass", "top", "person" );
-        entry.add( "sn", "TEST" );
-        entry.add( "cn", "testHash" );
-        entry.add( SchemaConstants.USER_PASSWORD_AT, hashedPwd );
-
-        connection.add( entry );
-
-        entry = connection.lookup( dn );
-        Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
-        assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
-    
-    
-    @Test
-    public void testModifyWithHashedPassword() throws Exception
-    {
-        LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+@Test
+public void testModifyWithPlainPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    byte[] plainPwd = "newsecret".getBytes();
+    Dn dn = new Dn( "cn=test,ou=system" );
+
+    AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
+        SchemaConstants.USER_PASSWORD_AT );
+
+    Attribute pwdAt = new DefaultAttribute( pwdAtType );
+    pwdAt.add( plainPwd );
+
+    Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, pwdAt );
+    connection.modify( dn, mod );
+
+    Entry entry = connection.lookup( dn );
+    pwdAt = entry.get( pwdAtType );
+
+    assertFalse( Arrays.equals( plainPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
+
+
+@Test
+public void testModifyWithEmptyPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    Dn dn = new Dn( "cn=test,ou=system" );
 
-        byte[] plainPwd = "xyzsecret".getBytes();
-        byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA256 );
+    AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
+        SchemaConstants.USER_PASSWORD_AT );
 
-        Dn dn = new Dn( "cn=test,ou=system" );
+    Attribute pwdAt = new DefaultAttribute( pwdAtType );
+    pwdAt.add( ( byte[] ) null );
 
-        AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry( SchemaConstants.USER_PASSWORD_AT );
-        
-        Attribute pwdAt = new DefaultAttribute( pwdAtType );
-        pwdAt.add( hashedPwd );
-        
-        Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, pwdAt );
-        connection.modify( dn, mod );
-        
-        Entry entry = connection.lookup( dn );
-        pwdAt = entry.get( pwdAtType );
-        
-        assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
-        assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
-    }
+    Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, pwdAt );
+    connection.modify( dn, mod );
+
+    Entry entry = connection.lookup( dn );
+    pwdAt = entry.get( pwdAtType );
+
+    assertNull( pwdAt );
+}
+
+
+@Test
+public void testAddWithHashedPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    byte[] plainPwd = "secret".getBytes();
+    byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA );
+
+    Dn dn = new Dn( "cn=testHash,ou=system" );
+    Entry entry = new DefaultEntry( getService().getSchemaManager(), dn );
+    entry.add( "ObjectClass", "top", "person" );
+    entry.add( "sn", "TEST" );
+    entry.add( "cn", "testHash" );
+    entry.add( SchemaConstants.USER_PASSWORD_AT, hashedPwd );
+
+    connection.add( entry );
+
+    entry = connection.lookup( dn );
+    Attribute pwdAt = entry.get( SchemaConstants.USER_PASSWORD_AT );
+    assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
+
+
+@Test
+public void testModifyWithHashedPassword() throws Exception
+{
+    LdapConnection connection = IntegrationUtils.getAdminConnection( getService() );
+
+    byte[] plainPwd = "xyzsecret".getBytes();
+    byte[] hashedPwd = PasswordUtil.createStoragePassword( plainPwd, LdapSecurityConstants.HASH_METHOD_SSHA256 );
+
+    Dn dn = new Dn( "cn=test,ou=system" );
+
+    AttributeType pwdAtType = getService().getSchemaManager().lookupAttributeTypeRegistry(
+        SchemaConstants.USER_PASSWORD_AT );
+
+    Attribute pwdAt = new DefaultAttribute( pwdAtType );
+    pwdAt.add( hashedPwd );
+
+    Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, pwdAt );
+    connection.modify( dn, mod );
+
+    Entry entry = connection.lookup( dn );
+    pwdAt = entry.get( pwdAtType );
+
+    assertTrue( Arrays.equals( hashedPwd, pwdAt.getBytes() ) );
+    assertTrue( PasswordUtil.compareCredentials( plainPwd, pwdAt.getBytes() ) );
+}
 }

Modified: directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java?rev=1508106&r1=1508105&r2=1508106&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java Mon Jul 29 15:45:17 2013
@@ -27,8 +27,10 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.entry.Attribute;
 import org.apache.directory.api.ldap.model.entry.BinaryValue;
+import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.Value;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.password.PasswordUtil;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
@@ -105,7 +107,13 @@ public abstract class PasswordHashingInt
             // check for modification on 'userPassword' AT
             if ( SchemaConstants.USER_PASSWORD_AT_OID.equals( oid ) )
             {
-                includeHashedPassword( mod.getAttribute() );
+                Attribute newPwd = includeHashedPassword( mod.getAttribute() );
+
+                if ( newPwd != null )
+                {
+                    mod.setAttribute( newPwd );
+                }
+
                 break;
             }
         }
@@ -119,25 +127,41 @@ public abstract class PasswordHashingInt
      *
      * @param pwdAt the password attribute
      */
-    private void includeHashedPassword( Attribute pwdAt ) throws LdapException
+    private Attribute includeHashedPassword( Attribute pwdAt ) throws LdapException
     {
         if ( pwdAt == null )
         {
-            return;
+            return null;
         }
 
-        BinaryValue userPassword = ( BinaryValue ) pwdAt.get();
-
-        // check if the given password is already hashed
-        LdapSecurityConstants existingAlgo = PasswordUtil.findAlgorithm( userPassword.getValue() );
+        Attribute newPwd = new DefaultAttribute( pwdAt.getAttributeType() );
 
-        // if there exists NO algorithm, then hash the password
-        if ( existingAlgo == null )
+        // Special case : deal with a potential empty value. We may have more than one
+        for ( Value<?> userPassword : pwdAt )
         {
-            byte[] hashedPassword = PasswordUtil.createStoragePassword( userPassword.getValue(), algorithm );
+            if ( userPassword.getValue() == null )
+            {
+                continue;
+            }
+
+            // check if the given password is already hashed
+            LdapSecurityConstants existingAlgo = PasswordUtil.findAlgorithm( ( ( BinaryValue ) userPassword )
+                .getValue() );
 
-            pwdAt.clear();
-            pwdAt.add( hashedPassword );
+            // if there exists NO algorithm, then hash the password
+            if ( existingAlgo == null )
+            {
+                byte[] hashedPassword = PasswordUtil.createStoragePassword(
+                    ( ( BinaryValue ) userPassword ).getValue(), algorithm );
+
+                newPwd.add( hashedPassword );
+            }
+            else
+            {
+                newPwd.add( ( ( BinaryValue ) userPassword ).getValue() );
+            }
         }
+
+        return newPwd;
     }
 }