UnixMD5CryptUtilTest.java

/*
 * JBoss, Home of Professional Open Source
 * Copyright 2014 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.security.password.impl;

import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

import org.junit.Test;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.interfaces.UnixMD5CryptPassword;
import org.wildfly.security.password.spec.EncryptablePasswordSpec;
import org.wildfly.security.password.spec.SaltedPasswordAlgorithmSpec;
import org.wildfly.security.password.util.ModularCrypt;

/**
 * Tests for UnixMD5CryptUtil.
 * The expected results for these test cases were generated using the
 * {@code unix_md5_crypt} function from the {@code Crypt::PasswdMD5}
 * Perl module.
 *
 * @author <a href="mailto:fjuma@redhat.com">Farah Juma</a>
 */
public class UnixMD5CryptUtilTest {

    @Test
    public void testParseCryptString() throws NoSuchAlgorithmException, InvalidKeySpecException {
        String cryptString = "$1$saltsalt$qjXMvbEw8oaL.CzflDtaK/";

        // Get the spec by parsing the crypt string
        UnixMD5CryptPassword password = (UnixMD5CryptPassword) ModularCrypt.decode(cryptString);

        // Use the spec to build a new crypt string and compare it to the original
        assertEquals(cryptString, ModularCrypt.encodeAsString(password));
    }

    @Test
    public void testSaltTruncated() throws NoSuchAlgorithmException, InvalidKeySpecException {
        final String passwordStr = "password";
        byte[] salt = "thissaltstringistoolong".getBytes(StandardCharsets.UTF_8);

        // Create a new password using EncryptablePasswordSpec
        final PasswordFactorySpiImpl spi = new PasswordFactorySpiImpl();
        final Password password = spi.engineGeneratePassword(UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5, new EncryptablePasswordSpec(passwordStr.toCharArray(), new SaltedPasswordAlgorithmSpec(salt)));

        // Check if the salt was truncated in the resulting crypt string
        final String cryptString = ModularCrypt.encodeAsString(password);
        assertTrue("Didn't truncate the salt", cryptString.startsWith("$1$thissalt$"));
        assertEquals("$1$thissalt$B4AUaoQwRs3ex2F95O4ut/", cryptString);
    }

    private void generateAndVerify(String cryptString, String correctPassword) throws NoSuchAlgorithmException,  InvalidKeyException, InvalidKeySpecException {
        UnixMD5CryptPassword password = (UnixMD5CryptPassword) ModularCrypt.decode(cryptString);

        // Use the spec to generate a UnixMD5CryptPasswordImpl and then verify the hash using the correct password
        final PasswordFactorySpiImpl spi = new PasswordFactorySpiImpl();
        final String algorithm = password.getAlgorithm();

        // password is in raw form, need to translate first before verifying
        password = (UnixMD5CryptPassword) spi.engineTranslatePassword(algorithm, password);

        assertTrue(spi.engineVerify(algorithm, password, correctPassword.toCharArray()));
        assertFalse(spi.engineVerify(algorithm, password, "wrongpassword".toCharArray()));

        // Create a new password using EncryptablePasswordSpec and check if the hash matches the hash from the spec
        UnixMD5CryptPasswordImpl password2 = (UnixMD5CryptPasswordImpl) spi.engineGeneratePassword(algorithm,
                new EncryptablePasswordSpec(correctPassword.toCharArray(), new SaltedPasswordAlgorithmSpec(password.getSalt())));
        assertArrayEquals(password.getHash(), password2.getHash());

        // Use the new password to obtain a spec and then check if this spec yields the same crypt string
        assertEquals(cryptString, ModularCrypt.encodeAsString(password2));
    }

    @Test
    public void testEmptyPassword() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        String password = "";
        String cryptString = "$1$1234$.hKN8.QH1vHyGVLB072C0.";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testShortPassword() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        String password = "Hello world!";
        String cryptString = "$1$saltstri$YMyguxXMBpd2TEZ.vS/3q1";
        generateAndVerify(cryptString, password);
    }
    @Test
    public void testLongPassword() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        String password = "This is a very very very long password. This is another sentence in the password. This is a test.";
        String cryptString = "$1$saltstri$IQDu.vaa8hwk2UnOjF2PP.";
        generateAndVerify(cryptString, password);
    }

    @Test
    public void testCaseFromOriginalCImplementation() throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        String password = "0.s0.l33t";
        String cryptString = "$1$deadbeef$0Huu6KHrKLVWfqa4WljDE0";
        generateAndVerify(cryptString, password);
    }
}