/* * The contents of this file are subject to the terms of the Common Development and * Distribution License (the License). You may not use this file except in compliance with the * License. * * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the * specific language governing permission and limitations under the License. * * When distributing Covered Software, include this CDDL Header Notice in each file and include * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions Copyright [year] [name of copyright owner]". * * Copyright 2008 Sun Microsystems, Inc. * Portions Copyright 2010-2016 ForgeRock AS. * Portions Copyright 2012 Dariusz Janny */ package org.opends.server.extensions; import org.forgerock.opendj.ldap.ByteString; import org.opends.server.TestCaseUtils; import org.forgerock.opendj.server.config.meta.CryptPasswordStorageSchemeCfgDefn; import org.opends.server.types.Entry; import org.testng.annotations.BeforeClass; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import static org.opends.server.extensions.PasswordStorageSchemeTestCase.*; /** * A set of test cases for the crypt password storage scheme. */ @SuppressWarnings("javadoc") public class CryptPasswordStorageSchemeTestCase extends ExtensionsTestCase { /** Names of all the crypt algorithms we want to test. */ private static final String[] names = { "unix", "md5", "sha256", "sha512" }; /** * Creates a new instance of this crypt password storage scheme test * case with the provided information. */ public CryptPasswordStorageSchemeTestCase() { super(); } /** * Ensures that the Directory Server is started before running any of these * tests. */ @BeforeClass public void startServer() throws Exception { TestCaseUtils.startServer(); } /** * Retrieves a set of passwords that may be used to test the password storage * scheme. * * @return A set of passwords that may be used to test the password storage * scheme. */ @DataProvider(name = "testPasswords") public Object[][] getTestPasswords() { return getTestPasswordsStatic(); } /** * Creates an instance of each password storage scheme, uses it to encode the * provided password, and ensures that the encoded value is correct. * * @param plaintext The plain-text version of the password to encode. * @throws Exception If an unexpected problem occurs. */ @Test(dataProvider = "testPasswords") public void testUnixStorageSchemes(ByteString plaintext) throws Exception { for (String name : names) { testStorageScheme(plaintext, getScheme(name)); } } @DataProvider public Object[][] passwordsForBinding() { return PasswordStorageSchemeTestCase.passwordsForBinding(); } /** * An end-to-end test that verifies that we can set a pre-encoded password * in a user entry, and then bind as that user using the cleartext password. */ @Test(dataProvider = "passwordsForBinding") public void testSettingUnixEncodedPassword(ByteString plainPassword) throws Exception { for (String name: names) { testSettingEncodedPassword(plainPassword, getScheme(name)); } } /** * Retrieves a set of passwords (plain and variously hashed) that may * be used to test the different Unix "crypt" algorithms used by the Crypt * Password Storage scheme. * * The encrypted versions have been generated by the openssl passwd -1 * command on MacOS X. * * @return A set of couple (cleartext, hashed) passwords that * may be used to test the different algorithms used by the Crypt * password storage scheme. */ @DataProvider(name = "testCryptPasswords") public Object[][] getTestCryptPasswords() throws Exception { return new Object[][] { { "secret12", "{CRYPT}$1$X40CcMaA$dd3ndknBLcpkED4/RciyD1" }, { "#1 Strong Password!", "{CRYPT}$1$7jHbWKyy$gAmpOSdaYVap55MwsQnK5/" }, { "foo", "{CRYPT}$1$ac/Z7Q3s$5kTVLqMSq9KMqUVyEBfiw0" }, { "secret12", "{CRYPT}$5$miWe9yahchas7aiy$b/6oTh5QF3bqbdIDWmjtdOxD8df75426zTHwF.MJuyB" }, { "foo", "{CRYPT}$5$aZoothaeDai0nooG$5LDMuhK6gWtH6/mrrqZbRc5aIRROfrKri4Tvl/D6Z.0"}, { "#1 Strong Password!", "{CRYPT}$5$aZoothaeDai0nooG$6o0Sbx/RtTA4K/A8uflMsSCid3i7TYktcwWxIp5NFy2"}, { "secret12", "{CRYPT}$6$miWe9yahchas7aiy$RQASn5qZMCu2FDsR69RHk1RoLVi3skFUhS0qGNCo.MymgkYoWAedMji09UzxMFzOj8fW2GnzsXT4RVn9gcNmf0" }, { "#1 Strong Password!", "{CRYPT}$6$p0NJY6r4$VV2JfNtRaTmy8hBtVpdgeIUYQIAUyfdLyhiH6VxzsDIw.28oCsVeMQ5ARiL/PoOambM9dAU3vk4ll8uEB/nnx0"}, { "foo", "{CRYPT}$6$aZoothaeDai0nooG$1K9ePro8ujsqRy/Ag77OVuev8Y8hyN1Jp10S2t9S.1RMtkKn/SbxQbl2MezoL0UJFYjrEzL0zVdO8PcfT3yXS."} }; } @Test(dataProvider = "testCryptPasswords") public void testAuthCryptPasswords( String plaintextPassword, String encodedPassword) throws Exception { testAuthPasswords("TestCrypt", plaintextPassword, encodedPassword); } /** * Retrieves an initialized instance of this password storage scheme. * * @return An initialized instance of this password storage scheme. * * @throws Exception If an unexpected problem occurs. */ private CryptPasswordStorageScheme getScheme(String algo) throws Exception { Entry e = TestCaseUtils.makeEntry( "dn: cn=CRYPT,cn=Password Storage Schemes,cn=config", "objectClass: top", "objectClass: ds-cfg-password-storage-scheme", "objectClass: ds-cfg-crypt-password-storage-scheme", "cn: CRYPT", "ds-cfg-java-class: org.opends.server.extensions.CryptPasswordStorageScheme", "ds-cfg-enabled: true", "ds-cfg-crypt-password-storage-encryption-algrithm: " + algo ); return InitializationUtils.initializePasswordStorageScheme( new CryptPasswordStorageScheme(), e, CryptPasswordStorageSchemeCfgDefn.getInstance()); } }