From f1ef95f030b17fa142f525abb94382a295bba36e Mon Sep 17 00:00:00 2001
From: Joss Armstrong <joss.armstrong@ericsson.com>
Date: Thu, 21 Feb 2019 17:18:01 +0000
Subject: Increase coverage of Passwords from 42% to 98%

Also fixed some issues around null values and logging

Issue-ID: APPC-1476
Change-Id: I0145b5c973fe9a624962744ff56fd691114779ba
Signed-off-by: Joss Armstrong <joss.armstrong@ericsson.com>
---
 .../java/org/onap/tlv/sdc/security/Passwords.java  | 39 +++++++++-------
 .../org/onap/tlv/sdc/security/PasswordsTest.java   | 53 ++++++++++++++++++++++
 2 files changed, 75 insertions(+), 17 deletions(-)
 create mode 100644 appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java

(limited to 'appc-sdc-listener')

diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java b/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java
index 709b43f40..012bfd8b3 100644
--- a/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java
+++ b/appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/tlv/sdc/security/Passwords.java
@@ -5,6 +5,8 @@
  * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Copyright (C) 2017 Amdocs
+ * ================================================================================
+ * Modifications Copyright (C) 2019 Ericsson
  * =============================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,6 +31,9 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Random;
+import javax.xml.bind.DatatypeConverter;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
 
 /**
  * A copy from the org.onap.sdc:security-utils artifact that works with java 7.
@@ -39,6 +44,7 @@ public class Passwords {
     private static final int SALT = 0;
     private static final int HASH = 1;
     private static final String HASH_ALGORITHM = "SHA-256";
+    private static final EELFLogger log = EELFManager.getInstance().getLogger(Passwords.class);
 
     /**
      * static utility class
@@ -53,10 +59,10 @@ public class Passwords {
      * @return a "salt:hash" value
      */
     public static String hashPassword(String password) {
-        byte[] salt = getNextSalt();
-        byte byteData[] = hash(salt, password.getBytes());
-        if (byteData != null) {
-            return toHex(salt) + ":" + toHex(byteData);
+        if (password != null) {
+            byte[] salt = getNextSalt();
+            byte byteData[] = hash(salt, password.getBytes());
+            return DatatypeConverter.printHexBinary(salt) + ":" + DatatypeConverter.printHexBinary(byteData);
         }
         return null;
 
@@ -84,21 +90,20 @@ public class Passwords {
      * @return true if the password matched the hash
      */
     public static boolean isExpectedPassword(String password, String salt, String hash) {
-        byte[] saltBytes = fromHex(salt);
-        byte[] hashBytes = fromHex(hash);
-
-        byte byteData[] = hash(saltBytes, password.getBytes());
-        if (byteData != null) {
+        byte[] saltBytes = DatatypeConverter.parseHexBinary(salt);
+        byte[] hashBytes = DatatypeConverter.parseHexBinary(hash);
+        if (password != null) {
+            byte byteData[] = hash(saltBytes, password.getBytes());
             return Arrays.equals(byteData, hashBytes);
         }
         return false;
     }
 
     public static void main(String[] args) {
-        if (args.length > 1 || args.length > 0) {
-            System.out.println("[" + hashPassword(args[0]) + "]");
+        if (args.length > 0) {
+            log.info("[" + hashPassword(args[0]) + "]");
         } else {
-            System.out.println("no passward passed.");
+            log.info("no password passed");
         }
 
     }
@@ -130,7 +135,7 @@ public class Passwords {
             md.update(password);
             byteData = md.digest();
         } catch (NoSuchAlgorithmException e) {
-            System.out.println("in vlide algorithem name");
+            log.info("invalid algorithm name", e);
         }
         return byteData;
     }
@@ -142,13 +147,13 @@ public class Passwords {
      *            the hex string
      * @return the hex string decoded into a byte array
      */
-    private static byte[] fromHex(String hex) {
+    /*private static byte[] fromHex(String hex) {
         byte[] binary = new byte[hex.length() / 2];
         for (int i = 0; i < binary.length; i++) {
             binary[i] = (byte) Integer.parseInt(hex.substring(2 * i, 2 * i + 2), 16);
         }
         return binary;
-    }
+    }*/
 
     /**
      * Converts a byte array into a hexadecimal string.
@@ -157,7 +162,7 @@ public class Passwords {
      *            the byte array to convert
      * @return a length*2 character string encoding the byte array
      */
-    private static String toHex(byte[] array) {
+/*    private static String toHex(byte[] array) {
         BigInteger bi = new BigInteger(1, array);
         String hex = bi.toString(16);
         int paddingLength = (array.length * 2) - hex.length();
@@ -165,5 +170,5 @@ public class Passwords {
             return String.format("%0" + paddingLength + "d", 0) + hex;
         else
             return hex;
-    }
+    }*/
 }
diff --git a/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java b/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java
new file mode 100644
index 000000000..7b5fbd101
--- /dev/null
+++ b/appc-sdc-listener/appc-sdc-listener-bundle/src/test/java/org/onap/tlv/sdc/security/PasswordsTest.java
@@ -0,0 +1,53 @@
+/*
+ * ============LICENSE_START=======================================================
+ * ONAP : APPC
+ * ================================================================================
+ * Copyright (C) 2019 Ericsson
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.tlv.sdc.security;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import org.junit.Test;
+
+public class PasswordsTest {
+
+    @Test
+    public void testHashPassword() {
+        Passwords.main(new String[] {"TEST_PASSWORD"});
+        assertEquals(2, Passwords.hashPassword("TEST_PASSWORD").split(":").length);
+    }
+
+    @Test
+    public void testHashPasswordNull() {
+        Passwords.main(new String[] {});
+        assertNull(Passwords.hashPassword(null));
+    }
+
+    @Test
+    public void testIsExpectedPassword() {
+        assertFalse(Passwords.isExpectedPassword("", "11:11"));
+    }
+
+    @Test
+    public void testIsExpectedPasswordNull() {
+        assertFalse(Passwords.isExpectedPassword(null, "1234", "1234"));
+    }
+
+}
-- 
cgit 1.2.3-korg