CompositePasswordEncryptorTest.java

/**
 * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
 *
 * This library is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 2.1 of the License, or (at your option)
 * any later version.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 */

package com.liferay.portal.security.pwd;

import com.liferay.portal.kernel.security.pwd.PasswordEncryptor;
import com.liferay.portal.kernel.security.pwd.PasswordEncryptorUtil;
import com.liferay.portal.kernel.util.DigesterUtil;
import com.liferay.portal.kernel.util.StringPool;
import com.liferay.portal.util.DigesterImpl;
import com.liferay.portal.util.PropsUtil;

import java.util.ArrayList;
import java.util.List;

import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;

/**
 * @author Tomas Polesovsky
 */
@PowerMockIgnore("javax.crypto.*")
@PrepareForTest(PropsUtil.class)
@RunWith(PowerMockRunner.class)
public class CompositePasswordEncryptorTest extends PowerMockito {

	@Before
	public void setUp() {
		DigesterUtil digesterUtil = new DigesterUtil();

		digesterUtil.setDigester(new DigesterImpl());

		PasswordEncryptorUtil passwordEncryptorUtil =
			new PasswordEncryptorUtil();

		CompositePasswordEncryptor compositePasswordEncryptor =
			new CompositePasswordEncryptor();

		compositePasswordEncryptor.setDefaultPasswordEncryptor(
			new DefaultPasswordEncryptor());

		List<PasswordEncryptor> passwordEncryptors = new ArrayList<>();

		passwordEncryptors.add(new BCryptPasswordEncryptor());
		passwordEncryptors.add(new CryptPasswordEncryptor());
		passwordEncryptors.add(new NullPasswordEncryptor());
		passwordEncryptors.add(new PBKDF2PasswordEncryptor());
		passwordEncryptors.add(new SSHAPasswordEncryptor());

		compositePasswordEncryptor.setPasswordEncryptors(passwordEncryptors);

		passwordEncryptorUtil.setPasswordEncryptor(compositePasswordEncryptor);
	}

	@Test
	public void testEncryptBCrypt() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_BCRYPT;

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password",
			"$2a$10$/ST7LsB.7AAHsn/tlK6hr.nudQaBbJhPX9KfRSSzsn.1ij45lVzaK");
	}

	@Test
	public void testEncryptBCryptWith10Rounds() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_BCRYPT + "/10";

		testEncrypt(algorithm);
	}

	@Test
	public void testEncryptBCryptWith12Rounds() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_BCRYPT + "/12";

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password",
			"$2a$12$2dD/NrqCEBlVgFEkkFCbzOll2a9vrdl8tTTqGosm26wJK1eCtsjnO");
	}

	@Test
	public void testEncryptCRYPT() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_UFC_CRYPT;

		testEncrypt(algorithm);

		testEncrypt(algorithm, "password", "SNbUMVY9kKQpY");
	}

	@Test
	public void testEncryptFailure() throws Exception {
		testEncryptFailure(
			"Some Nonexistent Algorithm", StringPool.BLANK, StringPool.BLANK);

		testEncryptFailure(null, null, null);

		testEncryptFailure(null, null, StringPool.BLANK);

		testEncryptFailure(null, StringPool.BLANK, null);

		testEncryptFailure(StringPool.BLANK, null, null);

		testEncryptFailure(StringPool.BLANK, null, StringPool.BLANK);

		testEncryptFailure(StringPool.BLANK, StringPool.BLANK, null);

		testEncryptFailure(null, StringPool.BLANK, StringPool.BLANK);

		testEncryptFailure(
			StringPool.BLANK, StringPool.BLANK, StringPool.BLANK);
	}

	@Test
	public void testEncryptMD2() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_MD2;

		testEncrypt(algorithm);

		testEncrypt(algorithm, "password", "8DiBqIxuORNfDsxg79YJuQ==");
	}

	@Test
	public void testEncryptMD5() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_MD5;

		testEncrypt(algorithm);

		testEncrypt(algorithm, "password", "X03MO1qnZdYdgyfeuILPmQ==");
	}

	@Test
	public void testEncryptNONE() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_NONE;

		testEncrypt(algorithm);

		testEncrypt(algorithm, "password", "password");
	}

	@Test
	public void testEncryptPBKDF2() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_PBKDF2 + "WithHmacSHA1";

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password",
			"AAAAoAAB9ADJZ16OuMAPPHe2CUbP0HPyXvagoKHumh7iHU3c");
	}

	@Test
	public void testEncryptPBKDF2With50000Rounds() throws Exception {
		String algorithm =
			PasswordEncryptorUtil.TYPE_PBKDF2 + "WithHmacSHA1/50000";

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password",
			"AAAAoAAAw1B+jxO3UiVsWdBk4B9xGd/Ko3GKHW2afYhuit49");
	}

	@Test
	public void testEncryptPBKDF2With50000RoundsAnd128Key() throws Exception {
		String algorithm =
			PasswordEncryptorUtil.TYPE_PBKDF2 + "WithHmacSHA1/128/50000";

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password",
			"AAAAoAAAw1AbW1e1Str9wSLWIX5X9swLn+j5/5+m6auSPdva");
	}

	@Test
	public void testEncryptSHA() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_SHA;

		testEncrypt(algorithm);

		testEncrypt(algorithm, "password", "W6ph5Mm5Pz8GgiULbPgzG37mj9g=");
	}

	@Test
	public void testEncryptSHA1() throws Exception {
		String algorithm = "SHA-1";

		testEncrypt(algorithm);

		testEncrypt(algorithm, "password", "W6ph5Mm5Pz8GgiULbPgzG37mj9g=");
	}

	@Test
	public void testEncryptSHA256() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_SHA_256;

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password",
			"XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=");
	}

	@Test
	public void testEncryptSHA384() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_SHA_384;

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password",
			"qLZLq9CsqRpZvbt3YbQh1PK7OCgNOnW6DyHyvrxFWD1EbFmGYMlM5oDEfRnDB4On");
	}

	@Test
	public void testEncryptSSHA() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_SSHA;

		testEncrypt(algorithm);

		testEncrypt(
			algorithm, "password", "2EWEKeVpSdd79PkTX5vaGXH5uQ028Smy/H1NmA==");
	}

	@Test
	public void testEncryptUFCCRYPT() throws Exception {
		String algorithm = PasswordEncryptorUtil.TYPE_UFC_CRYPT;

		testEncrypt(algorithm);

		testEncrypt(algorithm, "password", "2lrTlR/pWPUOQ");
	}

	protected void testEncrypt(String algorithm) throws Exception {
		String password = "password";

		String encrypted = PasswordEncryptorUtil.encrypt(
			algorithm, password, null);

		testEncrypt(algorithm, password, encrypted);
	}

	protected void testEncrypt(
			String algorithm, String plainTextPassword,
			String encryptedPassword)
		throws Exception {

		Assert.assertEquals(
			encryptedPassword,
			PasswordEncryptorUtil.encrypt(
				algorithm, plainTextPassword, encryptedPassword));
	}

	protected void testEncryptFailure(
		String algorithm, String plainTextPassword, String encryptedPassword) {

		try {
			PasswordEncryptorUtil.encrypt(
				algorithm, plainTextPassword, encryptedPassword);

			Assert.fail();
		}
		catch (Exception e) {
		}
	}

}