From 83cf9b595ce30e1379290356870dbba33144c8d8 Mon Sep 17 00:00:00 2001 From: Martin Ritchie Date: Tue, 16 Dec 2008 14:40:52 +0000 Subject: QPID-1536 : Convert Base64MD5PrincipalDatabase to accept plain text password input and do the hashing locally. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@727057 13f79535-47bb-0310-9956-ffa450edef68 --- .../security/auth/database/Base64HashedUser.java | 149 +++++++++++++++++++++ .../Base64MD5PasswordFilePrincipalDatabase.java | 16 +-- .../server/security/auth/database/HashedUser.java | 134 ------------------ .../auth/database/Base64HashedUserTest.java | 93 +++++++++++++ ...Base64MD5PasswordFilePrincipalDatabaseTest.java | 5 +- .../security/auth/database/HashedUserTest.java | 95 ------------- 6 files changed, 253 insertions(+), 239 deletions(-) create mode 100644 qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64HashedUser.java delete mode 100644 qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java create mode 100644 qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64HashedUserTest.java delete mode 100644 qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/HashedUserTest.java (limited to 'qpid/java') diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64HashedUser.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64HashedUser.java new file mode 100644 index 0000000000..2caccebb2a --- /dev/null +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64HashedUser.java @@ -0,0 +1,149 @@ +/* +* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.database; + +import org.apache.commons.codec.EncoderException; +import org.apache.commons.codec.binary.Base64; +import org.apache.log4j.Logger; + +import java.io.UnsupportedEncodingException; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.MessageDigest; + +public class Base64HashedUser implements Principal +{ + private static final Logger _logger = Logger.getLogger(Base64HashedUser.class); + + String _name; + char[] _password; + byte[] _encodedPassword = null; + private boolean _modified = false; + private boolean _deleted = false; + + Base64HashedUser(String[] data) throws UnsupportedEncodingException + { + if (data.length != 2) + { + throw new IllegalArgumentException("User Data should be length 2, username, password"); + } + + _name = data[0]; + + byte[] encoded_password = data[1].getBytes(Base64MD5PasswordFilePrincipalDatabase.DEFAULT_ENCODING); + + Base64 b64 = new Base64(); + byte[] decoded = b64.decode(encoded_password); + + _encodedPassword = encoded_password; + + _password = new char[decoded.length]; + + int index = 0; + for (byte c : decoded) + { + _password[index++] = (char) c; + } + } + + public byte[] getMD5(byte[] data) throws NoSuchAlgorithmException, UnsupportedEncodingException + { + MessageDigest md = MessageDigest.getInstance("MD5"); + + for (byte b : data) + { + md.update(b); + } + + return md.digest(); + } + + + public Base64HashedUser(String name, char[] password) + { + _name = name; + setPassword(password); + } + + public String getName() + { + return _name; + } + + public String toString() + { + return _name; + } + + char[] getPassword() + { + return _password; + } + + void setPassword(char[] password) + { + _password = password; + _modified = true; + _encodedPassword = null; + } + + byte[] getEncodedPassword() throws EncoderException, UnsupportedEncodingException, NoSuchAlgorithmException + { + if (_encodedPassword == null) + { + encodePassword(); + } + return _encodedPassword; + } + + private void encodePassword() throws EncoderException, UnsupportedEncodingException, NoSuchAlgorithmException + { + byte[] byteArray = new byte[_password.length]; + int index = 0; + for (char c : _password) + { + byteArray[index++] = (byte) c; + } + + _encodedPassword = (new Base64()).encode(getMD5(byteArray)); + } + + public boolean isModified() + { + return _modified; + } + + public boolean isDeleted() + { + return _deleted; + } + + public void delete() + { + _deleted = true; + } + + public void saved() + { + _modified = false; + } + +} diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java index cca9deb6da..0f0c0309db 100644 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java +++ b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java @@ -61,7 +61,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase AMQUserManagementMBean _mbean; public static final String DEFAULT_ENCODING = "utf-8"; - private Map _users = new HashMap(); + private Map _users = new HashMap(); private ReentrantLock _userUpdate = new ReentrantLock(); public Base64MD5PasswordFilePrincipalDatabase() @@ -180,7 +180,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase */ public boolean updatePassword(Principal principal, char[] password) throws AccountNotFoundException { - HashedUser user = _users.get(principal.getName()); + Base64HashedUser user = _users.get(principal.getName()); if (user == null) { @@ -230,7 +230,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase return false; } - HashedUser user = new HashedUser(principal.getName(), password); + Base64HashedUser user = new Base64HashedUser(principal.getName(), password); try { @@ -260,7 +260,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase public boolean deletePrincipal(Principal principal) throws AccountNotFoundException { - HashedUser user = _users.get(principal.getName()); + Base64HashedUser user = _users.get(principal.getName()); if (user == null) { @@ -324,7 +324,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase */ private char[] lookupPassword(String name) { - HashedUser user = _users.get(name); + Base64HashedUser user = _users.get(name); if (user == null) { return null; @@ -356,7 +356,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase continue; } - HashedUser user = new HashedUser(result); + Base64HashedUser user = new Base64HashedUser(result); _logger.info("Created user:" + user); _users.put(user.getName(), user); } @@ -408,7 +408,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase continue; } - HashedUser user = _users.get(result[0]); + Base64HashedUser user = _users.get(result[0]); if (user == null) { @@ -444,7 +444,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase } } - for (HashedUser user : _users.values()) + for (Base64HashedUser user : _users.values()) { if (user.isModified()) { diff --git a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java b/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java deleted file mode 100644 index 4d92e3fb4c..0000000000 --- a/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java +++ /dev/null @@ -1,134 +0,0 @@ -/* -* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.security.auth.database; - -import org.apache.commons.codec.EncoderException; -import org.apache.commons.codec.binary.Base64; -import org.apache.log4j.Logger; - -import java.io.UnsupportedEncodingException; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; - -public class HashedUser implements Principal -{ - private static final Logger _logger = Logger.getLogger(HashedUser.class); - - String _name; - char[] _password; - byte[] _encodedPassword = null; - private boolean _modified = false; - private boolean _deleted = false; - - HashedUser(String[] data) throws UnsupportedEncodingException - { - if (data.length != 2) - { - throw new IllegalArgumentException("User Data should be length 2, username, password"); - } - - _name = data[0]; - - byte[] encoded_password = data[1].getBytes(Base64MD5PasswordFilePrincipalDatabase.DEFAULT_ENCODING); - - Base64 b64 = new Base64(); - byte[] decoded = b64.decode(encoded_password); - - _encodedPassword = encoded_password; - - _password = new char[decoded.length]; - - int index = 0; - for (byte c : decoded) - { - _password[index++] = (char) c; - } - } - - public HashedUser(String name, char[] password) - { - _name = name; - setPassword(password); - } - - public String getName() - { - return _name; - } - - public String toString() - { - return _name; - } - - char[] getPassword() - { - return _password; - } - - void setPassword(char[] password) - { - _password = password; - _modified = true; - _encodedPassword = null; - } - - byte[] getEncodedPassword() throws EncoderException, UnsupportedEncodingException, NoSuchAlgorithmException - { - if (_encodedPassword == null) - { - encodePassword(); - } - return _encodedPassword; - } - - private void encodePassword() throws EncoderException, UnsupportedEncodingException, NoSuchAlgorithmException - { - byte[] byteArray = new byte[_password.length]; - int index = 0; - for (char c : _password) - { - byteArray[index++] = (byte) c; - } - _encodedPassword = (new Base64()).encode(byteArray); - } - - public boolean isModified() - { - return _modified; - } - - public boolean isDeleted() - { - return _deleted; - } - - public void delete() - { - _deleted = true; - } - - public void saved() - { - _modified = false; - } - -} diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64HashedUserTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64HashedUserTest.java new file mode 100644 index 0000000000..4c69edcac7 --- /dev/null +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64HashedUserTest.java @@ -0,0 +1,93 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.database; + +import junit.framework.TestCase; + +import java.io.UnsupportedEncodingException; + +/* + Note User is mainly tested by Base64MD5PFPDTest this is just to catch the extra methods + */ +public class Base64HashedUserTest extends TestCase +{ + + String USERNAME = "username"; + String PASSWORD = "password"; + String HASHED_PASSWORD = "cGFzc3dvcmQ="; + + public void testToLongArrayConstructor() + { + try + { + Base64HashedUser user = new Base64HashedUser(new String[]{USERNAME, PASSWORD, USERNAME}); + fail("Error expected"); + } + catch (IllegalArgumentException e) + { + assertEquals("User Data should be length 2, username, password", e.getMessage()); + } + catch (UnsupportedEncodingException e) + { + fail(e.getMessage()); + } + } + + public void testArrayConstructor() + { + try + { + Base64HashedUser user = new Base64HashedUser(new String[]{USERNAME, HASHED_PASSWORD}); + assertEquals("Username incorrect", USERNAME, user.getName()); + int index = 0; + + char[] hash = HASHED_PASSWORD.toCharArray(); + + try + { + for (byte c : user.getEncodedPassword()) + { + assertEquals("Password incorrect", hash[index], (char) c); + index++; + } + } + catch (Exception e) + { + fail(e.getMessage()); + } + + hash = PASSWORD.toCharArray(); + + index=0; + for (char c : user.getPassword()) + { + assertEquals("Password incorrect", hash[index], c); + index++; + } + + } + catch (UnsupportedEncodingException e) + { + fail(e.getMessage()); + } + } +} + diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java index b5034d9f5d..6af042dee6 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java @@ -228,8 +228,9 @@ public class Base64MD5PasswordFilePrincipalDatabaseTest extends TestCase assertNotNull(testUser); - String NEW_PASSWORD = "NewPassword"; - String NEW_PASSWORD_HASH = "TmV3UGFzc3dvcmQ="; + String NEW_PASSWORD = "guest"; + + String NEW_PASSWORD_HASH = "CE4DQ6BIb/BVMN9scFyLtA=="; try { _database.updatePassword(testUser, NEW_PASSWORD.toCharArray()); diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/HashedUserTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/HashedUserTest.java deleted file mode 100644 index a7d951cb5b..0000000000 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/database/HashedUserTest.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.server.security.auth.database; - -import junit.framework.TestCase; -import org.apache.log4j.Level; -import org.apache.log4j.Logger; - -import java.io.UnsupportedEncodingException; - -/* - Note User is mainly tested by Base64MD5PFPDTest this is just to catch the extra methods - */ -public class HashedUserTest extends TestCase -{ - - String USERNAME = "username"; - String PASSWORD = "password"; - String HASHED_PASSWORD = "cGFzc3dvcmQ="; - - public void testToLongArrayConstructor() - { - try - { - HashedUser user = new HashedUser(new String[]{USERNAME, PASSWORD, USERNAME}); - fail("Error expected"); - } - catch (IllegalArgumentException e) - { - assertEquals("User Data should be length 2, username, password", e.getMessage()); - } - catch (UnsupportedEncodingException e) - { - fail(e.getMessage()); - } - } - - public void testArrayConstructor() - { - try - { - HashedUser user = new HashedUser(new String[]{USERNAME, HASHED_PASSWORD}); - assertEquals("Username incorrect", USERNAME, user.getName()); - int index = 0; - - char[] hash = HASHED_PASSWORD.toCharArray(); - - try - { - for (byte c : user.getEncodedPassword()) - { - assertEquals("Password incorrect", hash[index], (char) c); - index++; - } - } - catch (Exception e) - { - fail(e.getMessage()); - } - - hash = PASSWORD.toCharArray(); - - index=0; - for (char c : user.getPassword()) - { - assertEquals("Password incorrect", hash[index], c); - index++; - } - - } - catch (UnsupportedEncodingException e) - { - fail(e.getMessage()); - } - } -} - -- cgit v1.2.1