ScramFormatterTest.java example

Explorer
kafka-master
- kafka-trunk
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements. See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.kafka.common.security.scram;

import org.junit.Test;

import javax.xml.bind.DatatypeConverter;

import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;

import org.apache.kafka.common.security.scram.ScramMessages.ClientFinalMessage;
import org.apache.kafka.common.security.scram.ScramMessages.ClientFirstMessage;
import org.apache.kafka.common.security.scram.ScramMessages.ServerFinalMessage;
import org.apache.kafka.common.security.scram.ScramMessages.ServerFirstMessage;

public class ScramFormatterTest {

    /**
     * Tests that the formatter implementation produces the same values for the
     * example included in <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 7677</a>
     */
    @Test
    public void rfc7677Example() throws Exception {
        ScramFormatter formatter = new ScramFormatter(ScramMechanism.SCRAM_SHA_256);

        String password = "pencil";
        String c1 = "n,,n=user,r=rOprNGfwEbeRWgbNEkqO";
        String s1 = "r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096";
        String c2 = "c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=";
        String s2 = "v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=";
        ClientFirstMessage clientFirst = new ClientFirstMessage(formatter.toBytes(c1));
        ServerFirstMessage serverFirst = new ServerFirstMessage(formatter.toBytes(s1));
        ClientFinalMessage clientFinal = new ClientFinalMessage(formatter.toBytes(c2));
        ServerFinalMessage serverFinal = new ServerFinalMessage(formatter.toBytes(s2));

        String username = clientFirst.saslName();
        assertEquals("user", username);
        String clientNonce = clientFirst.nonce();
        assertEquals("rOprNGfwEbeRWgbNEkqO", clientNonce);
        String serverNonce = serverFirst.nonce().substring(clientNonce.length());
        assertEquals("%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0", serverNonce);
        byte[] salt = serverFirst.salt();
        assertArrayEquals(DatatypeConverter.parseBase64Binary("W22ZaJ0SNY7soEsUEjb6gQ=="), salt);
        int iterations = serverFirst.iterations();
        assertEquals(4096, iterations);
        byte[] channelBinding = clientFinal.channelBinding();
        assertArrayEquals(DatatypeConverter.parseBase64Binary("biws"), channelBinding);
        byte[] serverSignature = serverFinal.serverSignature();
        assertArrayEquals(DatatypeConverter.parseBase64Binary("6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4="), serverSignature);

        byte[] saltedPassword = formatter.saltedPassword(password, salt, iterations);
        byte[] serverKey = formatter.serverKey(saltedPassword);
        byte[] computedProof = formatter.clientProof(saltedPassword, clientFirst, serverFirst, clientFinal);
        assertArrayEquals(clientFinal.proof(), computedProof);
        byte[] computedSignature = formatter.serverSignature(serverKey, clientFirst, serverFirst, clientFinal);
        assertArrayEquals(serverFinal.serverSignature(), computedSignature);

        // Minimum iterations defined in RFC-7677
        assertEquals(4096, ScramMechanism.SCRAM_SHA_256.minIterations());
    }

    /**
     * Tests encoding of username
     */
    @Test
    public void saslName() throws Exception {
        String[] usernames = {"user1", "123", "1,2", "user=A", "user==B", "user,1", "user 1", ",", "=", ",=", "=="};
        ScramFormatter formatter = new ScramFormatter(ScramMechanism.SCRAM_SHA_256);
        for (String username : usernames) {
            String saslName = formatter.saslName(username);
            // There should be no commas in saslName (comma is used as field separator in SASL messages)
            assertEquals(-1, saslName.indexOf(','));
            // There should be no "=" in the saslName apart from those used in encoding (comma is =2C and equals is =3D)
            assertEquals(-1, saslName.replace("=2C", "").replace("=3D", "").indexOf('='));
            assertEquals(username, formatter.username(saslName));
        }
    }
}