summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoss Armstrong <joss.armstrong@ericsson.com>2019-02-21 17:18:01 +0000
committerJoss Armstrong <joss.armstrong@ericsson.com>2019-02-21 18:32:14 +0000
commitf1ef95f030b17fa142f525abb94382a295bba36e (patch)
tree0252e3a0c473ffa26f14f4c053e7f097c61cd175
parent6ac907b4b1c6fba52307fb64847efac4706ddc1a (diff)
Increase coverage of Passwords from 42% to 98%
Also fixed some issues around null values and logging Issue-ID: APPC-1476 Change-Id: I0145b5c973fe9a624962744ff56fd691114779ba Signed-off-by: Joss Armstrong <joss.armstrong@ericsson.com>
-rw-r--r--appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java39
-rw-r--r--appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java53
2 files changed, 75 insertions, 17 deletions
diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java b/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java
index 709b43f40..012bfd8b3 100644
--- a/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java
+++ b/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java
@@ -5,6 +5,8 @@
* Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Copyright (C) 2017 Amdocs
+ * ================================================================================
+ * Modifications Copyright (C) 2019 Ericsson
* =============================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -29,6 +31,9 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Random;
+import javax.xml.bind.DatatypeConverter;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
/**
* A copy from the org.onap.sdc:security-utils artifact that works with java 7.
@@ -39,6 +44,7 @@ public class Passwords {
private static final int SALT = 0;
private static final int HASH = 1;
private static final String HASH_ALGORITHM = "SHA-256";
+ private static final EELFLogger log = EELFManager.getInstance().getLogger(Passwords.class);
/**
* static utility class
@@ -53,10 +59,10 @@ public class Passwords {
* @return a "salt:hash" value
*/
public static String hashPassword(String password) {
- byte[] salt = getNextSalt();
- byte byteData[] = hash(salt, password.getBytes());
- if (byteData != null) {
- return toHex(salt) + ":" + toHex(byteData);
+ if (password != null) {
+ byte[] salt = getNextSalt();
+ byte byteData[] = hash(salt, password.getBytes());
+ return DatatypeConverter.printHexBinary(salt) + ":" + DatatypeConverter.printHexBinary(byteData);
}
return null;
@@ -84,21 +90,20 @@ public class Passwords {
* @return true if the password matched the hash
*/
public static boolean isExpectedPassword(String password, String salt, String hash) {
- byte[] saltBytes = fromHex(salt);
- byte[] hashBytes = fromHex(hash);
-
- byte byteData[] = hash(saltBytes, password.getBytes());
- if (byteData != null) {
+ byte[] saltBytes = DatatypeConverter.parseHexBinary(salt);
+ byte[] hashBytes = DatatypeConverter.parseHexBinary(hash);
+ if (password != null) {
+ byte byteData[] = hash(saltBytes, password.getBytes());
return Arrays.equals(byteData, hashBytes);
}
return false;
}
public static void main(String[] args) {
- if (args.length > 1 || args.length > 0) {
- System.out.println("[" + hashPassword(args[0]) + "]");
+ if (args.length > 0) {
+ log.info("[" + hashPassword(args[0]) + "]");
} else {
- System.out.println("no passward passed.");
+ log.info("no password passed");
}
}
@@ -130,7 +135,7 @@ public class Passwords {
md.update(password);
byteData = md.digest();
} catch (NoSuchAlgorithmException e) {
- System.out.println("in vlide algorithem name");
+ log.info("invalid algorithm name", e);
}
return byteData;
}
@@ -142,13 +147,13 @@ public class Passwords {
* the hex string
* @return the hex string decoded into a byte array
*/
- private static byte[] fromHex(String hex) {
+ /*private static byte[] fromHex(String hex) {
byte[] binary = new byte[hex.length() / 2];
for (int i = 0; i < binary.length; i++) {
binary[i] = (byte) Integer.parseInt(hex.substring(2 * i, 2 * i + 2), 16);
}
return binary;
- }
+ }*/
/**
* Converts a byte array into a hexadecimal string.
@@ -157,7 +162,7 @@ public class Passwords {
* the byte array to convert
* @return a length*2 character string encoding the byte array
*/
- private static String toHex(byte[] array) {
+/* private static String toHex(byte[] array) {
BigInteger bi = new BigInteger(1, array);
String hex = bi.toString(16);
int paddingLength = (array.length * 2) - hex.length();
@@ -165,5 +170,5 @@ public class Passwords {
return String.format("%0" + paddingLength + "d", 0) + hex;
else
return hex;
- }
+ }*/
}
diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java b/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java
new file mode 100644
index 000000000..7b5fbd101
--- /dev/null
+++ b/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java
@@ -0,0 +1,53 @@
+/*
+ * ============LICENSE_START=======================================================
+ * ONAP : APPC
+ * ================================================================================
+ * Copyright (C) 2019 Ericsson
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.tlv.sdc.security;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import org.junit.Test;
+
+public class PasswordsTest {
+
+ @Test
+ public void testHashPassword() {
+ Passwords.main(new String[] {"TEST_PASSWORD"});
+ assertEquals(2, Passwords.hashPassword("TEST_PASSWORD").split(":").length);
+ }
+
+ @Test
+ public void testHashPasswordNull() {
+ Passwords.main(new String[] {});
+ assertNull(Passwords.hashPassword(null));
+ }
+
+ @Test
+ public void testIsExpectedPassword() {
+ assertFalse(Passwords.isExpectedPassword("", "11:11"));
+ }
+
+ @Test
+ public void testIsExpectedPasswordNull() {
+ assertFalse(Passwords.isExpectedPassword(null, "1234", "1234"));
+ }
+
+}