View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.commons.codec.digest;
18  
19  import static org.junit.jupiter.api.Assertions.assertArrayEquals;
20  import static org.junit.jupiter.api.Assertions.assertEquals;
21  import static org.junit.jupiter.api.Assertions.assertNotNull;
22  import static org.junit.jupiter.api.Assertions.assertThrows;
23  import static org.junit.jupiter.api.Assertions.assertTrue;
24  
25  import java.nio.charset.StandardCharsets;
26  import java.util.Arrays;
27  import java.util.concurrent.ThreadLocalRandom;
28  
29  import org.junit.jupiter.api.Test;
30  
31  public class Md5CryptTest {
32  
33      @Test
34      public void testCtor() {
35          assertNotNull(new Md5Crypt()); // for code-coverage
36      }
37  
38      @Test
39      public void testMd5CryptBytes() {
40          // An empty Bytearray equals an empty String
41          assertEquals("$1$foo$9mS5ExwgIECGE5YKlD5o91", Crypt.crypt(new byte[0], "$1$foo"));
42          // UTF-8 stores \u00e4 "a with dieresis" as two bytes 0xc3 0xa4.
43          assertEquals("$1$./$52agTEQZs877L9jyJnCNZ1", Crypt.crypt("t\u00e4st", "$1$./$"));
44          // ISO-8859-1 stores "a with dieresis" as single byte 0xe4.
45          assertEquals("$1$./$J2UbKzGe0Cpe63WZAt6p//", Crypt.crypt("t\u00e4st".getBytes(StandardCharsets.ISO_8859_1), "$1$./$"));
46      }
47  
48      @Test
49      public void testMd5CryptExplicitCall() {
50          assertTrue(Md5Crypt.md5Crypt("secret".getBytes()).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
51          assertTrue(Md5Crypt.md5Crypt("secret".getBytes(), (String) null).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
52      }
53  
54      @Test
55      public void testMd5CryptExplicitCallWithThreadLocalRandom() {
56          final ThreadLocalRandom threadLocalRandom = ThreadLocalRandom.current();
57          assertTrue(Md5Crypt.md5Crypt("secret".getBytes(), threadLocalRandom).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
58          assertTrue(Md5Crypt.md5Crypt("secret".getBytes(), (String) null).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
59      }
60  
61      @Test
62      public void testMd5CryptLongInput() {
63          assertEquals("$1$1234$MoxekaNNUgfPRVqoeYjCD/", Crypt.crypt("12345678901234567890", "$1$1234"));
64      }
65  
66      @Test
67      public void testMd5CryptNullData() {
68          assertThrows(NullPointerException.class, () -> Md5Crypt.md5Crypt((byte[]) null));
69      }
70  
71      @Test
72      public void testMd5CryptStrings() {
73          // empty data
74          assertEquals("$1$foo$9mS5ExwgIECGE5YKlD5o91", Crypt.crypt("", "$1$foo"));
75          // salt gets cut at dollar sign
76          assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234"));
77          assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234$567"));
78          assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234$567$890"));
79          // salt gets cut at maximum length
80          assertEquals("$1$12345678$hj0uLpdidjPhbMMZeno8X/", Crypt.crypt("secret", "$1$1234567890123456"));
81          assertEquals("$1$12345678$hj0uLpdidjPhbMMZeno8X/", Crypt.crypt("secret", "$1$123456789012345678"));
82      }
83  
84      @Test
85      public void testMd5CryptWithEmptySalt() {
86          assertThrows(IllegalArgumentException.class, () -> Md5Crypt.md5Crypt("secret".getBytes(), ""));
87      }
88  
89      @Test
90      public void testZeroOutInput() {
91          final byte[] buffer = new byte[200];
92          Arrays.fill(buffer, (byte) 'A');
93          Md5Crypt.md5Crypt(buffer);
94          // input password is 0-filled on return
95          assertArrayEquals(new byte[buffer.length], buffer);
96      }
97  
98  }