PasswordDigestTest.java example

Explorer
WaveInCloud-master
/**
 * Copyright 2010 Google Inc.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 *
 */

package org.waveprotocol.box.server.authentication;

import junit.framework.TestCase;

import java.util.Arrays;

/**
 * @author josephg@gmail.com (Joseph Gentle)
 */
public class PasswordDigestTest extends TestCase {
  public void testPasswordValidatesItself() {
    PasswordDigest pwd = new PasswordDigest("internet".toCharArray());
    assertTrue(pwd.verify("internet".toCharArray()));
    assertFalse(pwd.verify("wrongpwd".toCharArray()));
  }

  public void testSerializeDeserialize() {
    PasswordDigest pwd = new PasswordDigest("tubes".toCharArray());

    byte[] digest = pwd.getDigest();
    byte[] salt = pwd.getSalt();
    PasswordDigest roundtripped = PasswordDigest.from(salt, digest);

    assertTrue(pwd.verify("tubes".toCharArray()));
    assertFalse(pwd.verify("wrongpwd".toCharArray()));
  }

  public void testSaltAtLeast10Bytes() {
    PasswordDigest pwd = new PasswordDigest("blogosphere".toCharArray());
    byte[] salt = pwd.getSalt();
    assertTrue(salt.length >= 10);
  }

  public void testReallyLongPasswordWorksRight() {
    char[] reallyLongPassword = new char[1024];

    for (int i = 0; i < reallyLongPassword.length; i++) {
      // We'll make a password filled with junk.
      reallyLongPassword[i] = (char) i;
    }

    PasswordDigest pwd = new PasswordDigest(reallyLongPassword);
    assertTrue(pwd.verify(reallyLongPassword));

    // Make a new password that misses the last character. It shouldn't work.
    char[] shorterPassword = Arrays.copyOf(reallyLongPassword, 1023);
    assertFalse(pwd.verify(shorterPassword));
  }

  public void testEditingExposedBytesDoesntChangeInternalState() {
    PasswordDigest pwd1 = new PasswordDigest("webernets".toCharArray());

    byte[] digest = pwd1.getDigest();
    byte[] salt = pwd1.getSalt();

    PasswordDigest pwd2 = PasswordDigest.from(salt, digest);

    // We'll mess with the digest and salt we got back and make sure both
    // passwords still verify normally.
    digest[digest.length / 2]++;
    salt[salt.length / 2]--;

    assertTrue(pwd1.verify("webernets".toCharArray()));
    assertTrue(pwd2.verify("webernets".toCharArray()));
  }
  
  public void testEmptyPasswordVerifiesCorrectly() {
    PasswordDigest pwd = new PasswordDigest(new char[0]);
    assertTrue(pwd.verify(new char[0]));
    assertFalse(pwd.verify(new char[1]));
  }
}