diff options
author | Joss Armstrong <joss.armstrong@ericsson.com> | 2019-02-21 17:18:01 +0000 |
---|---|---|
committer | Joss Armstrong <joss.armstrong@ericsson.com> | 2019-02-21 18:32:14 +0000 |
commit | f1ef95f030b17fa142f525abb94382a295bba36e (patch) | |
tree | 0252e3a0c473ffa26f14f4c053e7f097c61cd175 | |
parent | 6ac907b4b1c6fba52307fb64847efac4706ddc1a (diff) |
Increase coverage of Passwords from 42% to 98%
Also fixed some issues around null values and logging
Issue-ID: APPC-1476
Change-Id: I0145b5c973fe9a624962744ff56fd691114779ba
Signed-off-by: Joss Armstrong <joss.armstrong@ericsson.com>
2 files changed, 75 insertions, 17 deletions
diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java b/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java index 709b43f40..012bfd8b3 100644 --- a/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java +++ b/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java @@ -5,6 +5,8 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Copyright (C) 2017 Amdocs + * ================================================================================ + * Modifications Copyright (C) 2019 Ericsson * ============================================================================= * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,6 +31,9 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Arrays; import java.util.Random; +import javax.xml.bind.DatatypeConverter; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; /** * A copy from the org.onap.sdc:security-utils artifact that works with java 7. @@ -39,6 +44,7 @@ public class Passwords { private static final int SALT = 0; private static final int HASH = 1; private static final String HASH_ALGORITHM = "SHA-256"; + private static final EELFLogger log = EELFManager.getInstance().getLogger(Passwords.class); /** * static utility class @@ -53,10 +59,10 @@ public class Passwords { * @return a "salt:hash" value */ public static String hashPassword(String password) { - byte[] salt = getNextSalt(); - byte byteData[] = hash(salt, password.getBytes()); - if (byteData != null) { - return toHex(salt) + ":" + toHex(byteData); + if (password != null) { + byte[] salt = getNextSalt(); + byte byteData[] = hash(salt, password.getBytes()); + return DatatypeConverter.printHexBinary(salt) + ":" + DatatypeConverter.printHexBinary(byteData); } return null; @@ -84,21 +90,20 @@ public class Passwords { * @return true if the password matched the hash */ public static boolean isExpectedPassword(String password, String salt, String hash) { - byte[] saltBytes = fromHex(salt); - byte[] hashBytes = fromHex(hash); - - byte byteData[] = hash(saltBytes, password.getBytes()); - if (byteData != null) { + byte[] saltBytes = DatatypeConverter.parseHexBinary(salt); + byte[] hashBytes = DatatypeConverter.parseHexBinary(hash); + if (password != null) { + byte byteData[] = hash(saltBytes, password.getBytes()); return Arrays.equals(byteData, hashBytes); } return false; } public static void main(String[] args) { - if (args.length > 1 || args.length > 0) { - System.out.println("[" + hashPassword(args[0]) + "]"); + if (args.length > 0) { + log.info("[" + hashPassword(args[0]) + "]"); } else { - System.out.println("no passward passed."); + log.info("no password passed"); } } @@ -130,7 +135,7 @@ public class Passwords { md.update(password); byteData = md.digest(); } catch (NoSuchAlgorithmException e) { - System.out.println("in vlide algorithem name"); + log.info("invalid algorithm name", e); } return byteData; } @@ -142,13 +147,13 @@ public class Passwords { * the hex string * @return the hex string decoded into a byte array */ - private static byte[] fromHex(String hex) { + /*private static byte[] fromHex(String hex) { byte[] binary = new byte[hex.length() / 2]; for (int i = 0; i < binary.length; i++) { binary[i] = (byte) Integer.parseInt(hex.substring(2 * i, 2 * i + 2), 16); } return binary; - } + }*/ /** * Converts a byte array into a hexadecimal string. @@ -157,7 +162,7 @@ public class Passwords { * the byte array to convert * @return a length*2 character string encoding the byte array */ - private static String toHex(byte[] array) { +/* private static String toHex(byte[] array) { BigInteger bi = new BigInteger(1, array); String hex = bi.toString(16); int paddingLength = (array.length * 2) - hex.length(); @@ -165,5 +170,5 @@ public class Passwords { return String.format("%0" + paddingLength + "d", 0) + hex; else return hex; - } + }*/ } diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java b/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java new file mode 100644 index 000000000..7b5fbd101 --- /dev/null +++ b/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java @@ -0,0 +1,53 @@ +/* + * ============LICENSE_START======================================================= + * ONAP : APPC + * ================================================================================ + * Copyright (C) 2019 Ericsson + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END========================================================= + */ + +package org.onap.tlv.sdc.security; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import org.junit.Test; + +public class PasswordsTest { + + @Test + public void testHashPassword() { + Passwords.main(new String[] {"TEST_PASSWORD"}); + assertEquals(2, Passwords.hashPassword("TEST_PASSWORD").split(":").length); + } + + @Test + public void testHashPasswordNull() { + Passwords.main(new String[] {}); + assertNull(Passwords.hashPassword(null)); + } + + @Test + public void testIsExpectedPassword() { + assertFalse(Passwords.isExpectedPassword("", "11:11")); + } + + @Test + public void testIsExpectedPasswordNull() { + assertFalse(Passwords.isExpectedPassword(null, "1234", "1234")); + } + +} |