View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      https://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.commons.codec.digest;
18  
19  import static org.junit.jupiter.api.Assertions.assertArrayEquals;
20  import static org.junit.jupiter.api.Assertions.assertEquals;
21  import static org.junit.jupiter.api.Assertions.assertNotNull;
22  import static org.junit.jupiter.api.Assertions.assertThrows;
23  import static org.junit.jupiter.api.Assertions.assertTrue;
24  
25  import java.nio.charset.StandardCharsets;
26  import java.util.Arrays;
27  import java.util.concurrent.ThreadLocalRandom;
28  
29  import org.junit.jupiter.api.Test;
30  import org.junit.jupiter.api.Timeout;
31  
32  @Timeout(3) // Try to avoid occaisional hang when testing
33  public class Md5CryptTest {
34  
35      @Test
36      public void testCtor() {
37          assertNotNull(new Md5Crypt());
38      }
39  
40      @Test
41      public void testInvalidPrefix() {
42          assertThrows(IllegalArgumentException.class, () -> Md5Crypt.md5Crypt(new byte[] { 1, 2, 3, 4, 5 },
43                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!", "(.*a){10000}"));
44          assertThrows(IllegalArgumentException.class, () -> Md5Crypt.md5Crypt(new byte[] { 1, 2, 3, 4, 5 },
45                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!", "$(.*a){10000}$"));
46          assertThrows(IllegalArgumentException.class, () -> Md5Crypt.md5Crypt(new byte[] { 1, 2, 3, 4, 5 },
47                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "$(.*a){10000}$"));
48      }
49  
50      @Test
51      public void testMd5CryptBytes() {
52          // An empty Bytearray equals an empty String
53          assertEquals("$1$foo$9mS5ExwgIECGE5YKlD5o91", Crypt.crypt(new byte[0], "$1$foo"));
54          // UTF-8 stores \u00e4 "a with dieresis" as two bytes 0xc3 0xa4.
55          assertEquals("$1$./$52agTEQZs877L9jyJnCNZ1", Crypt.crypt("t\u00e4st", "$1$./$"));
56          // ISO-8859-1 stores "a with dieresis" as single byte 0xe4.
57          assertEquals("$1$./$J2UbKzGe0Cpe63WZAt6p//", Crypt.crypt("t\u00e4st".getBytes(StandardCharsets.ISO_8859_1), "$1$./$"));
58      }
59  
60      @Test
61      public void testMd5CryptExplicitCall() {
62          assertTrue(Md5Crypt.md5Crypt("secret".getBytes()).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
63          assertTrue(Md5Crypt.md5Crypt("secret".getBytes(), (String) null).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
64      }
65  
66      @Test
67      public void testMd5CryptExplicitCallWithThreadLocalRandom() {
68          final ThreadLocalRandom threadLocalRandom = ThreadLocalRandom.current();
69          assertTrue(Md5Crypt.md5Crypt("secret".getBytes(), threadLocalRandom).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
70          assertTrue(Md5Crypt.md5Crypt("secret".getBytes(), (String) null).matches("^\\$1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$"));
71      }
72  
73      @Test
74      public void testMd5CryptLongInput() {
75          assertEquals("$1$1234$MoxekaNNUgfPRVqoeYjCD/", Crypt.crypt("12345678901234567890", "$1$1234"));
76      }
77  
78      @Test
79      public void testMd5CryptNullData() {
80          assertThrows(NullPointerException.class, () -> Md5Crypt.md5Crypt((byte[]) null));
81      }
82  
83      @Test
84      public void testMd5CryptStrings() {
85          // empty data
86          assertEquals("$1$foo$9mS5ExwgIECGE5YKlD5o91", Crypt.crypt("", "$1$foo"));
87          // salt gets cut at dollar sign
88          assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234"));
89          assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234$567"));
90          assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234$567$890"));
91          // salt gets cut at maximum length
92          assertEquals("$1$12345678$hj0uLpdidjPhbMMZeno8X/", Crypt.crypt("secret", "$1$1234567890123456"));
93          assertEquals("$1$12345678$hj0uLpdidjPhbMMZeno8X/", Crypt.crypt("secret", "$1$123456789012345678"));
94      }
95  
96      @Test
97      public void testMd5CryptWithEmptySalt() {
98          assertThrows(IllegalArgumentException.class, () -> Md5Crypt.md5Crypt("secret".getBytes(), ""));
99      }
100 
101     @Test
102     public void testZeroOutInput() {
103         final byte[] buffer = new byte[200];
104         Arrays.fill(buffer, (byte) 'A');
105         Md5Crypt.md5Crypt(buffer);
106         // input password is 0-filled on return
107         assertArrayEquals(new byte[buffer.length], buffer);
108     }
109 
110 }