SunUnixMD5CryptTest.java

/*
 * JBoss, Home of Professional Open Source
 * Copyright 2014 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.security.password.impl;

import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

import org.junit.Test;
import org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword;
import org.wildfly.security.password.spec.EncryptablePasswordSpec;
import org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec;
import org.wildfly.security.password.util.ModularCrypt;

/**
 * Tests for the Sun variant of Unix MD5 Crypt. The expected results for
 * these test cases were generated using the {@code crypt} function from
 * the Python {@code crypt} module on a Sun Solaris 10 machine.
 *
 * @author <a href="mailto:fjuma@redhat.com">Farah Juma</a>
 */
public class SunUnixMD5CryptTest {

    @Test
    public void testParseCryptStringWithoutRounds() throws NoSuchAlgorithmException, InvalidKeySpecException {
        String cryptString = "$md5$zrdhpMlZ$$wBvMOEqbSjU.hu5T2VEP01";

        // Get the spec by parsing the crypt string
        SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString);
        assertEquals(0, password.getIterationCount());

        // Use the spec to build a new crypt string and compare it to the original
        assertEquals(cryptString, ModularCrypt.encodeAsString(password));
    }

    @Test
    public void testParseCryptStringWithRounds() throws NoSuchAlgorithmException, InvalidKeySpecException {
        String cryptString = "$md5,rounds=1000$saltstring$$1wGsmnKgDGdu03LxKu0VI1";

        // Get the spec by parsing the crypt string
        SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString);
        assertEquals(1_000, password.getIterationCount());

        // Use the spec to build a new crypt string and compare it to the original
        assertEquals(cryptString, ModularCrypt.encodeAsString(password));
    }

    @Test
    public void testParseCryptStringWithBareSalt() throws NoSuchAlgorithmException, InvalidKeySpecException {
        String cryptString = "$md5,rounds=1500$saltstring$F9DNxgHVXWaeLS9zUaWXd.";

        // Get the spec by parsing the crypt string
        SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString);
        assertEquals(1_500, password.getIterationCount());

        // Use the spec to build a new crypt string and compare it to the original
        assertEquals(cryptString, ModularCrypt.encodeAsString(password));
    }

    private void generateAndVerify(String cryptString, String correctPassword) throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        final PasswordFactorySpiImpl spi = new PasswordFactorySpiImpl();
        SunUnixMD5CryptPassword password = (SunUnixMD5CryptPassword) ModularCrypt.decode(cryptString);
        final String algorithm = password.getAlgorithm();

        // password is in raw form, need to translate first before verifying
        password = (SunUnixMD5CryptPassword) spi.engineTranslatePassword(algorithm, password);

        // Use the spec to generate a SunUnixMD5CryptPasswordImpl and then verify the hash using the correct password
        assertTrue(spi.engineVerify(algorithm, password, correctPassword.toCharArray()));
        assertFalse(spi.engineVerify(algorithm, password, "wrongpassword".toCharArray()));

        // Create a new password using EncryptablePasswordSpec and check if the hash matches the hash from the spec
        SunUnixMD5CryptPasswordImpl password2 = (SunUnixMD5CryptPasswordImpl) spi.engineGeneratePassword(algorithm,
                new EncryptablePasswordSpec(correctPassword.toCharArray(), new IteratedSaltedPasswordAlgorithmSpec(password.getIterationCount(), password.getSalt())));
        assertArrayEquals(password.getHash(), password2.getHash());

        // Use the new password to obtain a spec and then check if this spec yields the same crypt string
        assertEquals(cryptString, ModularCrypt.encodeAsString(password2));
    }

    @Test
    public void testHashEmptyPassword() throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        String password = "";
        String cryptString = "$md5,rounds=10000$saltstring$$uwcsteApj7mCi4AIwYIT5.";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testHashEmptyPasswordWithBareSalt() throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        String password = "";
        String cryptString = "$md5,rounds=10000$saltstring$gWOS3RRZtQ5TiYRg.vBx40";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testHashShortPassword() throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        String password = "Hello world!";
        String cryptString = "$md5$saltstringsalt$$MsEJKkfiaflU4ioBHkqWe0";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testHashShortPasswordWithBareSalt() throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        String password = "Hello world!";
        String cryptString = "$md5$saltstringsalt$uOXM5LLS7ZtN3eYYS54sM/";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testHashLongPassword() throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        String password = "This is a very very very long password! This is the 2nd sentence in THE password. This is a test.@$%";
        String cryptString = "$md5,rounds=10000$saltstringsaltstring$$Occfaf7BttKIkRRUARiWU0";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testHashLongPasswordWithBareSalt() throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        String password = "This is a very very very long password! This is the 2nd sentence in THE password. This is a test.@$%";
        String cryptString = "$md5,rounds=10000$saltstringsaltstring$0xbVBdJfPIual8oRvkU/f.";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testKnownCryptStrings() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        // Crypt string with bare salt
        generateAndVerify("$md5$RPgLF6IJ$WTvAlUJ7MqH5xak2FMEwS/", "passwd");

        // Crypt strings with "$$" after the salt
        generateAndVerify("$md5$zrdhpMlZ$$wBvMOEqbSjU.hu5T2VEP01", "Gpcs3_adm");
        generateAndVerify("$md5$vyy8.OVF$$FY4TWzuauRl4.VQNobqMY.", "aa12345678");
        generateAndVerify("$md5$3UqYqndY$$6P.aaWOoucxxq.l00SS9k0", "this");
    }
}