/** * Generates a hash of the specified password with the default values * for algorithm, salt-size and number of iterations. * * @param password The password to be hashed. * @return The password hash. * @throws NoSuchAlgorithmException If {@link #DEFAULT_ALGORITHM} is not supported. * @throws UnsupportedEncodingException If utf-8 is not supported. */ public static String buildPasswordHash(@NotNull String password) throws NoSuchAlgorithmException, UnsupportedEncodingException { return buildPasswordHash(password, DEFAULT_ALGORITHM, DEFAULT_SALT_SIZE, DEFAULT_ITERATIONS); }
/** * Generates a hash of the specified password with the default values * for algorithm, salt-size and number of iterations. * * @param password The password to be hashed. * @return The password hash. * @throws NoSuchAlgorithmException If {@link #DEFAULT_ALGORITHM} is not supported. * @throws UnsupportedEncodingException If utf-8 is not supported. */ public static String buildPasswordHash(@Nonnull String password) throws NoSuchAlgorithmException, UnsupportedEncodingException { return buildPasswordHash(password, DEFAULT_ALGORITHM, DEFAULT_SALT_SIZE, DEFAULT_ITERATIONS); }
private static Root createRoot(@Nullable String pw) throws Exception { Tree userTree = Mockito.mock(Tree.class); if (pw != null) { String pwHash = PasswordUtil.buildPasswordHash(pw); when(userTree.getProperty(UserConstants.REP_PASSWORD)).thenReturn(PropertyStates.createProperty(UserConstants.REP_PASSWORD, pwHash)); } Root root = Mockito.mock(Root.class); when(root.getTree(USER_PATH)).thenReturn(userTree); return root; }
@Test public void testBuildPasswordHashInvalidAlgorithm() throws Exception { List<String> invalidAlgorithms = new ArrayList<>(); invalidAlgorithms.add(""); invalidAlgorithms.add("+"); invalidAlgorithms.add("invalid"); for (String invalid : invalidAlgorithms) { try { PasswordUtil.buildPasswordHash("pw", invalid, PasswordUtil.DEFAULT_SALT_SIZE, PasswordUtil.DEFAULT_ITERATIONS); fail("Invalid algorithm " + invalid); } catch (NoSuchAlgorithmException e) { // success } } }
@Test public void testIsSameNoSuchAlgorithmException() throws Exception { String hash = PasswordUtil.buildPasswordHash("pw"); String invalid = "{invalidAlgorithm}" + hash.substring(hash.indexOf('}')+1); assertFalse(PasswordUtil.isSame(invalid, "pw")); }
@Test(expected = ConstraintViolationException.class) public void testPasswordValidationActionOnChange() throws Exception { pwAction.init(securityProvider, ConfigurationParameters.of(PasswordValidationAction.CONSTRAINT, "abc")); String hashed = PasswordUtil.buildPasswordHash("abc"); pwAction.onPasswordChange(user, hashed, Mockito.mock(Root.class), Mockito.mock(NamePathMapper.class)); } }
@Test public void testIsSameEmpty() throws Exception { assertTrue(PasswordUtil.isSame(PasswordUtil.buildPasswordHash(""), "")); }
@Test public void testBuildPasswordHashNoIterations() throws Exception { String hash = PasswordUtil.buildPasswordHash("pw", PasswordUtil.DEFAULT_ALGORITHM, PasswordUtil.DEFAULT_SALT_SIZE, 1); assertTrue(PasswordUtil.isSame(hash, "pw")); }
@Test public void testBuildPasswordHashNoSalt() throws Exception { String hash = PasswordUtil.buildPasswordHash("pw", PasswordUtil.DEFAULT_ALGORITHM, 0, PasswordUtil.DEFAULT_ITERATIONS); assertTrue(PasswordUtil.isSame(hash, "pw")); }
@Test public void testIsSameNullPw() throws Exception { assertFalse(PasswordUtil.isSame(PasswordUtil.buildPasswordHash("pw"), (String) null)); }
@Test public void testIsSameEmptyPw() throws Exception { assertFalse(PasswordUtil.isSame(PasswordUtil.buildPasswordHash("pw"), "")); }
@Test public void testBuildPasswordWithConfig() throws Exception { ConfigurationParameters params = ConfigurationParameters.of( UserConstants.PARAM_PASSWORD_SALT_SIZE, 13, UserConstants.PARAM_PASSWORD_HASH_ITERATIONS, 13); String hash = PasswordUtil.buildPasswordHash("pw", params); assertTrue(PasswordUtil.isSame(hash, "pw")); }
@Test public void testChangingTokenKey() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); NodeUtil tokenTree = new NodeUtil(getTokenTree(info)); try { tokenTree.setString(TOKEN_ATTRIBUTE_KEY, PasswordUtil.buildPasswordHash("anotherValue")); root.commit(CommitMarker.asCommitAttributes()); fail("The token key must never be modified."); } catch (CommitFailedException e) { assertEquals(61, e.getCode()); } }
@Test public void testHandlePasswordOnGroup() throws Exception { init(); Tree groupTree = createGroupTree(); assertFalse(importer.handlePropInfo(groupTree, createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")), mockPropertyDefinition(NT_REP_USER, false))); }
@Test public void testHandlePasswordOnSystemUser() throws Exception { init(); Tree userTree = createUserTree(); userTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_SYSTEM_USER, Type.NAME); assertFalse(importer.handlePropInfo(userTree, createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")), mockPropertyDefinition(NT_REP_USER, false))); }
@Test public void testHandlePasswordOtherDeclNtDef() throws Exception { init(); Tree userTree = createUserTree(); assertFalse(importer.handlePropInfo(userTree, createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")), mockPropertyDefinition(NT_REP_AUTHORIZABLE, false))); assertNull(userTree.getProperty(REP_PASSWORD)); }
@Test public void testHandlePasswordMvPropertyDef() throws Exception { init(); Tree userTree = createUserTree(); assertFalse(importer.handlePropInfo(userTree, createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")), mockPropertyDefinition(NT_REP_USER, true))); assertNull(userTree.getProperty(REP_PASSWORD)); }
@Test public void testPasswordValidationActionOnChange() throws Exception { user = getUserManager(root).createUser("testuser", "testPw123456"); root.commit(); try { pwAction.init(getSecurityProvider(), ConfigurationParameters.of(PasswordValidationAction.CONSTRAINT, "abc")); String hashed = PasswordUtil.buildPasswordHash("abc"); user.changePassword(hashed); fail("Password change must always enforce password validation."); } catch (ConstraintViolationException e) { // success } }
@Test public void testHandlePassword() throws Exception { init(); Tree userTree = createUserTree(); String pwHash = PasswordUtil.buildPasswordHash("pw"); assertTrue(importer.handlePropInfo(userTree, createPropInfo(REP_PASSWORD, pwHash), mockPropertyDefinition(NT_REP_USER, false))); assertEquals(pwHash, userTree.getProperty(REP_PASSWORD).getValue(Type.STRING)); }
@Test public void testPasswordValidationActionOnCreate() throws Exception { String hashed = PasswordUtil.buildPasswordHash("DWkej32H"); user = getUserManager(root).createUser("testuser", hashed); root.commit(); String pwValue = root.getTree(user.getPath()).getProperty(UserConstants.REP_PASSWORD).getValue(Type.STRING); assertFalse(PasswordUtil.isPlainTextPassword(pwValue)); assertTrue(PasswordUtil.isSame(pwValue, hashed)); }